[Puppet-dev] [PATCH 1/1] Fixed #1586 - CSR files are now cleaned when puppetca --clean is run

Sat, 20 Sep 2008 20:46:44 -0700 


Signed-off-by: James Turnbull <[EMAIL PROTECTED]>
---
 CHANGELOG                        |    2 ++
 bin/puppetca                     |    2 ++
 lib/puppet/sslcertificates/ca.rb |   11 +++++++++++
 test/network/handler/ca.rb       |    7 +++++++
 4 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index cbbc257..3ef0d6b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,6 @@
 0.24.x
+    Fixed #1586 - CSR files are now cleaned when puppetca --clean is run
+
     Fixed #1584 - Added support for appended variables
 
     Fixed #1554 - Added support for multiple template directories
diff --git a/bin/puppetca b/bin/puppetca
index 9d88a56..70f54e7 100755
--- a/bin/puppetca
+++ b/bin/puppetca
@@ -231,6 +231,7 @@ when :clean
             end
             certs.each do |c|
                 ca.clean(c)
+                ca.cleancsr(c)
             end
         cleaned = true
     else
@@ -241,6 +242,7 @@ when :clean
                     next
                 end
             ca.clean(host)
+            ca.cleancsr(host)
             cleaned = true
         end
     end
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index 2a16a32..6f5dd29 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -191,6 +191,17 @@ class Puppet::SSLCertificates::CA
         File.unlink(csrfile)
     end
 
+    def cleancsr(host)
+        csrfile = host2csrfile(host)
+        begin
+            if File.exists?(csrfile)
+                File.unlink(csrfile)
+            end 
+        rescue => detail
+            raise Puppet.warning "Could not delete CSR file %s" % detail
+        end
+    end 
+
     # Revoke the certificate with serial number SERIAL issued by this
     # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
     def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
diff --git a/test/network/handler/ca.rb b/test/network/handler/ca.rb
index 16782bb..da41fcd 100755
--- a/test/network/handler/ca.rb
+++ b/test/network/handler/ca.rb
@@ -148,6 +148,13 @@ class TestCA < Test::Unit::TestCase
         }
 
         assert(!File.exists?(cert.certfile), "Cert still exists after clean")
+
+        # Now verify we can clean the CSR
+        assert_nothing_raised {
+            ca.cleancsr("anothertest.domain.com")
+        }
+
+        assert(!File.exists?(cert.csr), "CSR file still exists after clean")
     end
 
     # and now test the autosign file
-- 
1.5.5.1


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to