tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve auto-completion for the PKI commands 

refs #7247
This commit is contained in:
Gunnar Beutner 2014-10-16 14:33:58 +02:00
parent d414149f74
commit 3e70ede877
4 changed files with 48 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/4-monitoring-remote-systems.md
View File

@ -198,7 +198,7 @@ object name.
Example: Example:
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
# icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
# vim cluster.conf # vim cluster.conf
@ -242,7 +242,7 @@ Now create a certificate and key file for each node running the following comman
(replace `icinga2a` with the required hostname): (replace `icinga2a` with the required hostname):
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
# icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
Repeat the step for all nodes in your cluster scenario. Repeat the step for all nodes in your cluster scenario.

10
lib/cli/pkinewcertcommand.cpp
View File

@ -43,9 +43,13 @@ void PKINewCertCommand::InitParameters(boost::program_options::options_descripti
{ {
visibleDesc.add_options() visibleDesc.add_options()
("cn", po::value<std::string>(), "Common Name") ("cn", po::value<std::string>(), "Common Name")
("keyfile", po::value<std::string>(), "Key file path") ("keyfile", po::value<std::string>(), "Key file path (output")
("csrfile", po::value<std::string>(), "CSR file path (optional)") ("csrfile", po::value<std::string>(), "CSR file path (optional, output)")
("certfile", po::value<std::string>(), "Certificate file path (optional)"); ("certfile", po::value<std::string>(), "Certificate file path (optional, output)");
argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
argCompletionDesc["certfile"] = BashArgumentCompletion("file");
} }
/** /**

6
lib/cli/pkirequestcommand.cpp
View File

@ -54,6 +54,12 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
("host", po::value<std::string>(), "Icinga 2 host") ("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port") ("port", po::value<std::string>(), "Icinga 2 port")
("ticket", po::value<std::string>(), "Icinga 2 PKI ticket"); ("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
argCompletionDesc["certfile"] = BashArgumentCompletion("file");
argCompletionDesc["cafile"] = BashArgumentCompletion("file");
argCompletionDesc["host"] = BashArgumentCompletion("hostname");
argCompletionDesc["port"] = BashArgumentCompletion("service");
} }
/** /**

37
lib/cli/pkisigncsrcommand.cpp
View File

@ -22,6 +22,7 @@
#include "base/clicommand.hpp" #include "base/clicommand.hpp"
#include "base/tlsutility.hpp" #include "base/tlsutility.hpp"
#include "base/application.hpp" #include "base/application.hpp"
#include <fstream>
using namespace icinga; using namespace icinga;
namespace po = boost::program_options; namespace po = boost::program_options;
@ -42,7 +43,12 @@ void PKISignCSRCommand::InitParameters(boost::program_options::options_descripti
boost::program_options::options_description& hiddenDesc, boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const ArgumentCompletionDescription& argCompletionDesc) const
{ {
/* Command doesn't support any parameters. */ visibleDesc.add_options()
("csrfile", po::value<std::string>(), "CSR file path (input)")
("certfile", po::value<std::string>(), "Certificate file path (output)");
argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
argCompletionDesc["certfile"] = BashArgumentCompletion("file");
} }
/** /**
@ -52,16 +58,28 @@ void PKISignCSRCommand::InitParameters(boost::program_options::options_descripti
*/ */
int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{ {
if (!vm.count("csrfile")) {
Log(LogCritical, "cli", "Certificate signing request file path (--csrfile) must be specified.");
return 1;
}
if (!vm.count("certfile")) {
Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
return 1;
}
std::stringstream msgbuf; std::stringstream msgbuf;
char errbuf[120]; char errbuf[120];
InitializeOpenSSL(); InitializeOpenSSL();
BIO *csrbio = BIO_new_fp(stdin, BIO_NOCLOSE); String csrfile = vm["csrfile"].as<std::string>();
BIO *csrbio = BIO_new_file(csrfile.CStr(), "r");
X509_REQ *req = PEM_read_bio_X509_REQ(csrbio, NULL, NULL, NULL); X509_REQ *req = PEM_read_bio_X509_REQ(csrbio, NULL, NULL, NULL);
if (!req) { if (!req) {
msgbuf << "Could not parse X509 certificate request: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\""; msgbuf << "Could not read X509 certificate request from '" + csrfile + "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
Log(LogCritical, "SSL", msgbuf.str()); Log(LogCritical, "SSL", msgbuf.str());
return 1; return 1;
} }
@ -72,7 +90,18 @@ int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, cons
X509_REQ_free(req); X509_REQ_free(req);
std::cout << CertificateToString(cert); String certfile = vm["certfile"].as<std::string>();
std::ofstream fpcert;
fpcert.open(certfile.CStr());
if (!fpcert) {
Log(LogCritical, "cli", "Failed to open certificate file '" + certfile + "' for output");
return 1;
}
fpcert << CertificateToString(cert);
fpcert.close();
return 0; return 0;
} }