mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 16:25:17 +00:00
Add explicit renewal flag for certiude request
This commit is contained in:
parent
7b1dae0901
commit
79aa1e18c0
@ -62,8 +62,9 @@ ExecStart=%s request
|
||||
"""
|
||||
|
||||
@click.command("request", help="Run processes for requesting certificates and configuring services")
|
||||
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
|
||||
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
||||
def certidude_request(fork):
|
||||
def certidude_request(fork, renew):
|
||||
if not os.path.exists(const.CLIENT_CONFIG_PATH):
|
||||
click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
|
||||
return 1
|
||||
@ -177,7 +178,8 @@ def certidude_request(fork):
|
||||
endpoint_common_name,
|
||||
insecure=endpoint_insecure,
|
||||
autosign=True,
|
||||
wait=True)
|
||||
wait=True,
|
||||
renew=renew)
|
||||
break
|
||||
except requests.exceptions.Timeout:
|
||||
retries -= 1
|
||||
|
@ -17,7 +17,7 @@ from configparser import ConfigParser
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
|
||||
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, insecure=False):
|
||||
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
|
||||
"""
|
||||
Exchange CSR for certificate using Certidude HTTP API server
|
||||
"""
|
||||
@ -28,8 +28,6 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
||||
if wait:
|
||||
request_params.add("wait=forever")
|
||||
|
||||
renew = False # Attempt to renew if certificate has expired
|
||||
|
||||
# Expand ca.example.com
|
||||
scheme = "http" if insecure else "https" # TODO: Expose in CLI
|
||||
authority_url = "%s://%s/api/certificate/" % (scheme, server)
|
||||
@ -166,7 +164,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
||||
renew = True
|
||||
else:
|
||||
click.echo("Found valid certificate: %s" % certificate_path)
|
||||
return
|
||||
if not renew: # Don't do anything if renewal wasn't requested explicitly
|
||||
return
|
||||
|
||||
# If machine is joined to domain attempt to present machine credentials for authentication
|
||||
if os.path.exists("/etc/krb5.keytab"):
|
||||
|
Loading…
Reference in New Issue
Block a user