Add save location option to generate certs
Allows users to specify a save location for newly generated certificates instead of always writing them to the site repository. The functionality is identical to generate passphrase's save_location option. Change-Id: I8625fba75160c441dbf3f345af99eb0733b2c37d
This commit is contained in:
parent
7306c3af9b
commit
2e0e9eab8c
|
@ -607,8 +607,18 @@ def generate():
|
||||||
default=False,
|
default=False,
|
||||||
show_default=True,
|
show_default=True,
|
||||||
help='Force Pegleg to regenerate all PKI items.')
|
help='Force Pegleg to regenerate all PKI items.')
|
||||||
|
@click.option(
|
||||||
|
'-s',
|
||||||
|
'--save-location',
|
||||||
|
'save_location',
|
||||||
|
required=False,
|
||||||
|
help='Directory to store the generated site certificates in. It will '
|
||||||
|
'be created automatically, if it does not already exist. The '
|
||||||
|
'generated, wrapped, and encrypted passphrases files will be saved '
|
||||||
|
'in: <save_location>/site/<site_name>/secrets/certificates/ '
|
||||||
|
'directory. Defaults to site repository path if no value given.')
|
||||||
@click.argument('site_name')
|
@click.argument('site_name')
|
||||||
def generate_pki(site_name, author, days, regenerate_all):
|
def generate_pki(site_name, author, days, regenerate_all, save_location):
|
||||||
"""Generate certificates, certificate authorities and keypairs for a given
|
"""Generate certificates, certificate authorities and keypairs for a given
|
||||||
site.
|
site.
|
||||||
|
|
||||||
|
@ -617,7 +627,11 @@ def generate_pki(site_name, author, days, regenerate_all):
|
||||||
engine.repository.process_repositories(site_name, overwrite_existing=True)
|
engine.repository.process_repositories(site_name, overwrite_existing=True)
|
||||||
config.set_global_enc_keys(site_name)
|
config.set_global_enc_keys(site_name)
|
||||||
pkigenerator = catalog.pki_generator.PKIGenerator(
|
pkigenerator = catalog.pki_generator.PKIGenerator(
|
||||||
site_name, author=author, duration=days, regenerate_all=regenerate_all)
|
site_name,
|
||||||
|
author=author,
|
||||||
|
duration=days,
|
||||||
|
regenerate_all=regenerate_all,
|
||||||
|
save_location=save_location)
|
||||||
output_paths = pkigenerator.generate()
|
output_paths = pkigenerator.generate()
|
||||||
|
|
||||||
click.echo("Generated PKI files written to:\n%s" % '\n'.join(output_paths))
|
click.echo("Generated PKI files written to:\n%s" % '\n'.join(output_paths))
|
||||||
|
|
|
@ -48,7 +48,8 @@ class PKIGenerator(object):
|
||||||
block_strings=True,
|
block_strings=True,
|
||||||
author=None,
|
author=None,
|
||||||
duration=365,
|
duration=365,
|
||||||
regenerate_all=False):
|
regenerate_all=False,
|
||||||
|
save_location=None):
|
||||||
"""Constructor for ``PKIGenerator``.
|
"""Constructor for ``PKIGenerator``.
|
||||||
|
|
||||||
:param int duration: Duration in days that generated certificates
|
:param int duration: Duration in days that generated certificates
|
||||||
|
@ -66,6 +67,7 @@ class PKIGenerator(object):
|
||||||
self._sitename = sitename
|
self._sitename = sitename
|
||||||
self._documents = site.get_rendered_docs(sitename)
|
self._documents = site.get_rendered_docs(sitename)
|
||||||
self._author = author
|
self._author = author
|
||||||
|
self._save_location = save_location or config.get_site_repo()
|
||||||
|
|
||||||
self.keys = pki_utility.PKIUtility(
|
self.keys = pki_utility.PKIUtility(
|
||||||
block_strings=block_strings, duration=duration)
|
block_strings=block_strings, duration=duration)
|
||||||
|
@ -96,7 +98,7 @@ class PKIGenerator(object):
|
||||||
document_name = keypair_def['name']
|
document_name = keypair_def['name']
|
||||||
self.get_or_gen_keypair(document_name)
|
self.get_or_gen_keypair(document_name)
|
||||||
|
|
||||||
return self._write(config.get_site_repo())
|
return self._write(self._save_location)
|
||||||
|
|
||||||
def get_or_gen_ca(self, document_name):
|
def get_or_gen_ca(self, document_name):
|
||||||
kinds = [
|
kinds = [
|
||||||
|
|
Loading…
Reference in New Issue