def destroy(self, request, *args, **kwargs):
# Revoke certificate (only works if state is not 'requested')
try:
utils.puppetca_query('PUT',
'certificate_status/%s' % kwargs['name'],
data={'desired_state': 'revoked'})
except Exception as e:
if isinstance(e, requests.exceptions.HTTPError
) and e.response.status_code == 404:
raise exceptions.NotFound()
if not isinstance(e, requests.exceptions.HTTPError
) or e.response.status_code != 409:
raise exceptions.APIException(
'Can\'t revoke orphan certificate in PuppetCA: %s' % e)
# Delete certificate
try:
utils.puppetca_query('DELETE',
'certificate_status/%s' % kwargs['name'])
except Exception as e:
if isinstance(e, requests.exceptions.HTTPError
) and e.response.status_code == 404:
raise exceptions.NotFound()
raise exceptions.APIException(
'Can\'t delete certificate in PuppetCA: %s' % e)
# Return result
return response.Response(status=status.HTTP_204_NO_CONTENT)
def delete(self, *args, **kwargs):
# Deactivate in PuppetDB
try:
utils.puppetdb_deactivate_node(self.name)
except Exception as e:
raise Exception('Can\'t deactivate orphan in PuppetDB: %s' % e)
# Revoke certificate (if known by PuppetCA, only works when certificate is not in 'requested' state)
try:
utils.puppetca_query('PUT',
'certificate_status/%s' % self.name,
data={'desired_state': 'revoked'})
except Exception as e:
if not isinstance(e, requests.exceptions.HTTPError
) or not e.response.status_code in [404, 409]:
raise Exception(
'Can\'t revoke orphan certificate in PuppetCA: %s' % e)
# Delete certificate (if known by PuppetCA)
try:
utils.puppetca_query('DELETE', 'certificate_status/%s' % self.name)
except Exception as e:
if not isinstance(e, requests.exceptions.HTTPError
) or e.response.status_code != 404:
raise Exception('Can\'t delete orphan in PuppetCA: %s' % e)
super(Node, self).delete(*args, **kwargs)
def destroy(self, request, *args, **kwargs):
orphans = self.get_orphans()
if not kwargs['name'] in orphans:
raise exceptions.NotFound()
# Delete the orphan in PuppetDB
try:
db = utils.puppetdb_deactivate_node(kwargs['name'])
except Exception as e:
raise exceptions.APIException(
'Can\'t deactivate orphan in PuppetDB: %s' % e)
# Revoke the orphan certificate in PuppetCA (only works if state is not 'requested')
try:
utils.puppetca_query('PUT',
'certificate_status/%s' % kwargs['name'],
data={'desired_state': 'revoked'})
except Exception as e:
if not isinstance(e, requests.exceptions.HTTPError
) or not e.response.status_code in [404, 409]:
raise exceptions.APIException(
'Can\'t revoke orphan certificate in PuppetCA: %s' % e)
# Delete the orphan in PuppetCA
try:
utils.puppetca_query('DELETE',
'certificate_status/%s' % kwargs['name'])
except Exception as e:
if not isinstance(e, requests.exceptions.HTTPError
) or e.response.status_code != 404:
raise exceptions.APIException(
'Can\'t delete orphan in PuppetCA: %s' % e)
# Return result
return response.Response(status=status.HTTP_204_NO_CONTENT)
def save(self, *args, **kwargs):
if not self.pk:
# Sign certificate (if known by PuppetCA)
try:
utils.puppetca_query('PUT',
'certificate_status/%s' % self.name,
data={'desired_state': 'signed'})
except Exception:
pass
# Save/create node
super(Node, self).save(*args, **kwargs)
def list(self, request, *args, **kwargs):
try:
ca = utils.puppetca_query('GET', 'certificate_statuses/*')
certificates = ca.json()
except Exception as e:
raise exceptions.APIException(
'Can\'t get certificates from PuppetCA: %s' % e)
# Return result
serializer = self.get_serializer(certificates, many=True)
return response.Response(serializer.data)
def update(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# Revoke certificate
try:
utils.puppetca_query(
'PUT',
'certificate_status/%s' % kwargs['name'],
data={'desired_state': '%s' % serializer.data['state']})
except Exception as e:
if isinstance(e, requests.exceptions.HTTPError):
if e.response.status_code == 404:
raise exceptions.NotFound()
if e.response.status_code == 409:
raise exceptions.ValidationError({
'state':
'Can\'t change certificate state to the specified value'
})
raise exceptions.APIException(
'Can\'t update certificate in PuppetCA: %s' % e)
# Return result
return response.Response(status=status.HTTP_204_NO_CONTENT)
def get_orphans(self):
orphans = {}
# PuppetDB orphans
try:
db = utils.puppetdb_connect()
for node in db.nodes():
if node.deactivated: continue
try:
models.Node.objects.get(name=node)
except models.Node.DoesNotExist:
orphans[node.name] = {
'name': node.name,
'source': 'PuppetDB'
}
except Exception as e:
raise exceptions.APIException(
'Can\'t get orphan nodes from PuppetDB: %s' % e)
# PuppetCA orphans
try:
ca = utils.puppetca_query('GET', 'certificate_statuses/*')
for node in ca.json():
try:
models.Node.objects.get(name=node['name'])
except models.Node.DoesNotExist:
if node['name'] in orphans:
orphans[node['name']]['source'] += ' & PuppetCA'
else:
orphans[node['name']] = {
'name': node['name'],
'source': 'PuppetCA'
}
except Exception as e:
raise exceptions.APIException(
'Can\'t get orphan nodes from PuppetCA: %s' % e)
return orphans
def get_certificate(self, obj):
try:
result = utils.puppetca_query('GET', 'certificate_status/%s' % obj.name)
return result.json()
except Exception as e:
return None