From: Jude Nagurney <jude@pwan.org>
Date: Fri, 6 Mar 2015 13:44:21 +0000 (-0500)
Subject: Looks like certmaster-request and certmaster-ca are working with the new --ca flag.
X-Git-Tag: v0.29~12
X-Git-Url: https://pwan.org/git/?p=certmaster.git;a=commitdiff_plain;h=8513efd091ed3e2beca32436b94132cf1451b119

Looks like certmaster-request and certmaster-ca are working with the new --ca flag.
---

diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index 3fcb78f..71db996 100644
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -165,7 +165,7 @@ class CertMaster(object):
         if os.path.exists(certfile):
             slavecert = certs.retrieve_cert_from_file(certfile)
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
-            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
             if with_triggers:
                 self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
             return True, cert_buf, cacert_buf
@@ -175,10 +175,10 @@ class CertMaster(object):
         # else write out the csr
 
         if self.cfg.ca[ca]['autosign']:
-            cert_fn = self.sign_this_csr(csrreq)
+            cert_fn = self.sign_this_csr(csrreq,ca=ca)
             cert = certs.retrieve_cert_from_file(cert_fn)
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
-            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
             self.logger.info("cert for %s for ca %s was autosigned" % (requesting_host,ca))
             if with_triggers:
                 self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
@@ -227,7 +227,7 @@ class CertMaster(object):
         if with_triggers:
             self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
 
-    def sign_this_csr(self, csr, with_triggers=True,ca=''):
+    def sign_this_csr(self, csr, with_triggers=True, ca=''):
         """returns the path to the signed cert file"""
         csr_unlink_file = None
 
@@ -263,7 +263,7 @@ class CertMaster(object):
 
         certfile = '%s/%s.cert' % (self.cfg.ca[ca]['certroot'], requesting_host)
         self.logger.info("Signing for csr %s requested" % certfile)
-        thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.ca[ca]['cadir'])
+        thiscert = certs.create_slave_certificate(csrreq, self.cakey[ca], self.cacert[ca], self.cfg.ca[ca]['cadir'])
 
         destfo = open(certfile, 'w')
         destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, thiscert))
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
index 0e43253..7f8f967 100755
--- a/scripts/certmaster-ca
+++ b/scripts/certmaster-ca
@@ -64,7 +64,7 @@ def main(args):
 
         
     if opts.list:
-        hns = cm.get_csrs_waiting(opts.ca)
+        hns = cm.get_csrs_waiting(ca=opts.ca)
         if hns:
             for hn in sorted(hns):
                 print hn
@@ -86,7 +86,7 @@ def main(args):
                 return 1
             
             for fn in csrs:
-                certfile = cm.sign_this_csr(opts.ca,fn)
+                certfile = cm.sign_this_csr(fn, ca=opts.ca)
                 print '%s signed - cert located at %s' % (fn, certfile)
         return 0
     
@@ -96,7 +96,7 @@ def main(args):
             return 1
         
         for hn in args:
-            cm.remove_this_cert(opts.ca,hn)
+            cm.remove_this_cert(hn, ca=opts.ca)
         
         return 0
 
@@ -105,7 +105,7 @@ def main(args):
         if args:
             hostglobs = args
 
-        signed_certs = cm.get_signed_certs(opts.ca, args)
+        signed_certs = cm.get_signed_certs(args, ca=opts.ca)
 
         for i in sorted(signed_certs):
             print i
@@ -117,7 +117,7 @@ def main(args):
         if args:
             hostglobs = args
             
-        cert_hashes = cm.get_cert_hashes(opts.ca, hostglobs)
+        cert_hashes = cm.get_cert_hashes(hostglobs, ca=opts.ca)
 
         for i in sorted(cert_hashes):
             print i
diff --git a/scripts/certmaster-sync b/scripts/certmaster-sync
index 4d9559f..ca7710e 100644
--- a/scripts/certmaster-sync
+++ b/scripts/certmaster-sync
@@ -24,9 +24,14 @@ import xmlrpclib
 from glob import glob
 from time import sleep
 from certmaster import certmaster as certmaster
-from func.overlord.client import Client
-from func.CommonErrors import Func_Client_Exception
-import func.jobthing as jobthing
+
+func_import_failure = None
+try:
+    from func.overlord.client import Client
+    from func.CommonErrors import Func_Client_Exception
+    import func.jobthing as jobthing
+except ImportError, e:
+    func_import_failure = str(e)
 
 def syncable(cert_list):
     """
@@ -137,6 +142,11 @@ def main():
     if not cm.cfg.sync_certs and not forced:
         sys.exit(0)
 
+    # Don't complain about func not being available until you actually want it
+    if func_import_failure != None:
+        print >> sys.stderr,  "errors importing func: %s" % func_import_failure
+        sys.exit(1)
+
     certs = glob(os.path.join(cm.cfg.certroot,
                               '*.%s' % cm.cfg.cert_extension))
     hosts = syncable(certs)