Skip to content

Commit

Permalink
(PE-37345) Create new bulk signing endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
artlawson committed Dec 18, 2023
1 parent 83f6be3 commit 6c8e54b
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 2 deletions.
24 changes: 22 additions & 2 deletions src/clj/puppetlabs/services/ca/certificate_authority_core.clj
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,22 @@
request-cert)
(log/warn (i18n/trs "Request is missing a certificate for an endpoint that requires a certificate."))))))


(schema/defn handle-bulk-cert-signing
[_request
{:keys _certnames :- [schema/str] :as _ca-settings} :- ca/CaSettings]
(-> (rr/response (cheshire/generate-string {}))
(rr/status 200)
(rr/content-type "application/json")))

(schema/defn handle-bulk-cert-signing-all
[_request
_ca-settings :- ca/CaSettings]
(-> (rr/response (cheshire/generate-string {}))
(rr/status 200)
(rr/content-type "application/json")))


(schema/defn ^:always-validate
handle-cert-renewal
"Given a request and the CA settings, if there is a cert present in the request
Expand Down Expand Up @@ -517,7 +533,7 @@
(comidi/routes
(comidi/context ["/v1"]
(ANY ["/certificate_status/" :subject] [subject]
(certificate-status subject ca-settings report-activity))
(certificate-status subject ca-settings report-activity))
(comidi/context ["/certificate_statuses/"]
(ANY [[#"[^/]+" :ignored-but-required]] request
(certificate-statuses request ca-settings))
Expand All @@ -540,7 +556,11 @@
(PUT ["/clean"] request
(handle-cert-clean request ca-settings report-activity))
(POST ["/certificate_renewal"] request
(handle-cert-renewal request ca-settings report-activity)))
(handle-cert-renewal request ca-settings report-activity))
(POST ["/sign"] request
(handle-bulk-cert-signing request ca-settings))
(POST ["/sign/all"] request
(handle-bulk-cert-signing-all request ca-settings)))
(comidi/not-found "Not Found")))

(schema/defn ^:always-validate
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1152,6 +1152,53 @@
:body "Bad data"})]
(is (= 400 (:status response)))))))

(deftest ca-bulk-signing-endpoint-test
(testing "returns a 200 when provided certname array "
(bootstrap/with-puppetserver-running-with-mock-jrubies
"JRuby mocking is safe here because all of the requests are to the CA
endpoints, which are implemented in Clojure."
app
{:jruby-puppet
{:gem-path [(ks/absolute-path jruby-testutils/gem-path)]}
:webserver
{:ssl-cert (str bootstrap/server-conf-dir "/ssl/certs/localhost.pem")
:ssl-key (str bootstrap/server-conf-dir "/ssl/private_keys/localhost.pem")
:ssl-ca-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:ssl-crl-path (str bootstrap/server-conf-dir "/ssl/crl.pem")}
:certificate-authority
{:certnames ["cert3" "cert1" "cert8"]}}
(let [response (http-client/post
"https://localhost:8140/puppet-ca/v1/sign"
{:ssl-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:ssl-key (str bootstrap/server-conf-dir "/ca/ca_key.pem")
:ssl-ca-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:as :text
:headers {"Accept" "application/json"}})]
(is (= 200 (:status response)))))))

(deftest ca-bulk-signing-all-endpoint-test
(testing "returns a 200 when provided certname array "
(bootstrap/with-puppetserver-running-with-mock-jrubies
"JRuby mocking is safe here because all of the requests are to the CA
endpoints, which are implemented in Clojure."
app
{:jruby-puppet
{:gem-path [(ks/absolute-path jruby-testutils/gem-path)]}
:webserver
{:ssl-cert (str bootstrap/server-conf-dir "/ssl/certs/localhost.pem")
:ssl-key (str bootstrap/server-conf-dir "/ssl/private_keys/localhost.pem")
:ssl-ca-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:ssl-crl-path (str bootstrap/server-conf-dir "/ssl/crl.pem")}
:certificate-authority}
(let [response (http-client/post
"https://localhost:8140/puppet-ca/v1/all"
{:ssl-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:ssl-key (str bootstrap/server-conf-dir "/ca/ca_key.pem")
:ssl-ca-cert (str bootstrap/server-conf-dir "/ca/ca_crt.pem")
:as :text
:headers {"Accept" "application/json"}})]
(is (= 200 (:status response)))))))

(deftest ca-certificate-renew-endpoint-test
(testing "with the feature enabled"
(testing "with allow-header-cert-info = false (default)"
Expand Down

0 comments on commit 6c8e54b

Please sign in to comment.