Add explicit renewal flag for certiude request

2024-12-22 16:25:17 +00:00 · 2017-03-13 19:47:58 +02:00 · 2017-03-13 19:47:58 +02:00 · 79aa1e18c0
commit 79aa1e18c0
parent 7b1dae0901
2 changed files with 7 additions and 6 deletions
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -62,8 +62,9 @@ ExecStart=%s request
 """

@click.command("request", help="Run processes for requesting certificates and configuring services")
+@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
-def certidude_request(fork):
+def certidude_request(fork, renew):
    if not os.path.exists(const.CLIENT_CONFIG_PATH):
        click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
        return 1
@ -177,7 +178,8 @@ def certidude_request(fork):
                    endpoint_common_name,
                    insecure=endpoint_insecure,
                    autosign=True,
-                    wait=True)
+                    wait=True,
+                    renew=renew)
                break
            except requests.exceptions.Timeout:
                retries -= 1
--- a/certidude/helpers.py
+++ b/certidude/helpers.py
@ -17,7 +17,7 @@ from configparser import ConfigParser
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend

-def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, insecure=False):
+def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
    """
    Exchange CSR for certificate using Certidude HTTP API server
    """
@ -28,8 +28,6 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
    if wait:
        request_params.add("wait=forever")

-    renew = False # Attempt to renew if certificate has expired
-
    # Expand ca.example.com
    scheme = "http" if insecure else "https" # TODO: Expose in CLI
    authority_url = "%s://%s/api/certificate/" % (scheme, server)
@ -166,6 +164,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
            renew = True
        else:
            click.echo("Found valid certificate: %s" % certificate_path)
+            if not renew: # Don't do anything if renewal wasn't requested explicitly
                return

    # If machine is joined to domain attempt to present machine credentials for authentication