def destroy(self, request, *args, **kwargs): # Revoke certificate (only works if state is not 'requested') try: utils.puppetca_query('PUT', 'certificate_status/%s' % kwargs['name'], data={'desired_state': 'revoked'}) except Exception as e: if isinstance(e, requests.exceptions.HTTPError ) and e.response.status_code == 404: raise exceptions.NotFound() if not isinstance(e, requests.exceptions.HTTPError ) or e.response.status_code != 409: raise exceptions.APIException( 'Can\'t revoke orphan certificate in PuppetCA: %s' % e) # Delete certificate try: utils.puppetca_query('DELETE', 'certificate_status/%s' % kwargs['name']) except Exception as e: if isinstance(e, requests.exceptions.HTTPError ) and e.response.status_code == 404: raise exceptions.NotFound() raise exceptions.APIException( 'Can\'t delete certificate in PuppetCA: %s' % e) # Return result return response.Response(status=status.HTTP_204_NO_CONTENT)
def delete(self, *args, **kwargs): # Deactivate in PuppetDB try: utils.puppetdb_deactivate_node(self.name) except Exception as e: raise Exception('Can\'t deactivate orphan in PuppetDB: %s' % e) # Revoke certificate (if known by PuppetCA, only works when certificate is not in 'requested' state) try: utils.puppetca_query('PUT', 'certificate_status/%s' % self.name, data={'desired_state': 'revoked'}) except Exception as e: if not isinstance(e, requests.exceptions.HTTPError ) or not e.response.status_code in [404, 409]: raise Exception( 'Can\'t revoke orphan certificate in PuppetCA: %s' % e) # Delete certificate (if known by PuppetCA) try: utils.puppetca_query('DELETE', 'certificate_status/%s' % self.name) except Exception as e: if not isinstance(e, requests.exceptions.HTTPError ) or e.response.status_code != 404: raise Exception('Can\'t delete orphan in PuppetCA: %s' % e) super(Node, self).delete(*args, **kwargs)
def destroy(self, request, *args, **kwargs): orphans = self.get_orphans() if not kwargs['name'] in orphans: raise exceptions.NotFound() # Delete the orphan in PuppetDB try: db = utils.puppetdb_deactivate_node(kwargs['name']) except Exception as e: raise exceptions.APIException( 'Can\'t deactivate orphan in PuppetDB: %s' % e) # Revoke the orphan certificate in PuppetCA (only works if state is not 'requested') try: utils.puppetca_query('PUT', 'certificate_status/%s' % kwargs['name'], data={'desired_state': 'revoked'}) except Exception as e: if not isinstance(e, requests.exceptions.HTTPError ) or not e.response.status_code in [404, 409]: raise exceptions.APIException( 'Can\'t revoke orphan certificate in PuppetCA: %s' % e) # Delete the orphan in PuppetCA try: utils.puppetca_query('DELETE', 'certificate_status/%s' % kwargs['name']) except Exception as e: if not isinstance(e, requests.exceptions.HTTPError ) or e.response.status_code != 404: raise exceptions.APIException( 'Can\'t delete orphan in PuppetCA: %s' % e) # Return result return response.Response(status=status.HTTP_204_NO_CONTENT)
def save(self, *args, **kwargs): if not self.pk: # Sign certificate (if known by PuppetCA) try: utils.puppetca_query('PUT', 'certificate_status/%s' % self.name, data={'desired_state': 'signed'}) except Exception: pass # Save/create node super(Node, self).save(*args, **kwargs)
def list(self, request, *args, **kwargs): try: ca = utils.puppetca_query('GET', 'certificate_statuses/*') certificates = ca.json() except Exception as e: raise exceptions.APIException( 'Can\'t get certificates from PuppetCA: %s' % e) # Return result serializer = self.get_serializer(certificates, many=True) return response.Response(serializer.data)
def update(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) # Revoke certificate try: utils.puppetca_query( 'PUT', 'certificate_status/%s' % kwargs['name'], data={'desired_state': '%s' % serializer.data['state']}) except Exception as e: if isinstance(e, requests.exceptions.HTTPError): if e.response.status_code == 404: raise exceptions.NotFound() if e.response.status_code == 409: raise exceptions.ValidationError({ 'state': 'Can\'t change certificate state to the specified value' }) raise exceptions.APIException( 'Can\'t update certificate in PuppetCA: %s' % e) # Return result return response.Response(status=status.HTTP_204_NO_CONTENT)
def get_orphans(self): orphans = {} # PuppetDB orphans try: db = utils.puppetdb_connect() for node in db.nodes(): if node.deactivated: continue try: models.Node.objects.get(name=node) except models.Node.DoesNotExist: orphans[node.name] = { 'name': node.name, 'source': 'PuppetDB' } except Exception as e: raise exceptions.APIException( 'Can\'t get orphan nodes from PuppetDB: %s' % e) # PuppetCA orphans try: ca = utils.puppetca_query('GET', 'certificate_statuses/*') for node in ca.json(): try: models.Node.objects.get(name=node['name']) except models.Node.DoesNotExist: if node['name'] in orphans: orphans[node['name']]['source'] += ' & PuppetCA' else: orphans[node['name']] = { 'name': node['name'], 'source': 'PuppetCA' } except Exception as e: raise exceptions.APIException( 'Can\'t get orphan nodes from PuppetCA: %s' % e) return orphans
def get_certificate(self, obj): try: result = utils.puppetca_query('GET', 'certificate_status/%s' % obj.name) return result.json() except Exception as e: return None