tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added ca restore command+docs to undo effects of ca remove

This commit is contained in:
Andrew Jaffie 2018-08-08 12:09:41 -04:00 committed by Michael Friedrich
parent 429f1ed317
commit 6aa2e0c36b
5 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/06-distributed-monitoring.md
View File

@ -458,6 +458,8 @@ syntax as the `ca sign` command.
[root@pym ~]# icinga2 ca remove 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e
information/cli: Certificate 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e removed.
```
If you want to restore a certificate you have removed, you can use `ca restore`.
## Client/Satellite Setup <a id="distributed-monitoring-setup-satellite-client"></a>

3
doc/11-cli-commands.md
View File

@ -21,6 +21,7 @@ Usage:
Supported commands:
* api setup (setup for API)
* ca list (lists all certificate signing requests)
* ca restore (restores a removed certificate request)
* ca remove (removes an outstanding certificate request)
* ca sign (signs an outstanding certificate request)
* console (Icinga debug console)
@ -186,6 +187,8 @@ Usage:
Supported commands:
* ca list (lists all certificate signing requests)
* ca sign (signs an outstanding certificate request)
* ca restore (restores a removed certificate request)
* ca remove (removes an outstanding certificate request)
Global options:
-h [ --help ] show this help message

1
lib/cli/CMakeLists.txt
View File

@ -5,6 +5,7 @@ set(cli_SOURCES
apisetupcommand.cpp apisetupcommand.hpp
apisetuputility.cpp apisetuputility.hpp
calistcommand.cpp calistcommand.hpp
carestorecommand.cpp carestorecommand.hpp
caremovecommand.cpp caremovecommand.hpp
casigncommand.cpp casigncommand.hpp
clicommand.cpp clicommand.hpp

73
lib/cli/carestorecommand.cpp Normal file
View File

@ -0,0 +1,73 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/
#include "cli/carestorecommand.hpp"
#include "remote/apilistener.hpp"
#include "base/logger.hpp"
#include "base/application.hpp"
#include "base/tlsutility.hpp"
using namespace icinga;
REGISTER_CLICOMMAND("ca/restore", CARestoreCommand);
String CARestoreCommand::GetDescription() const
{
return "Restores a previously removed certificate request.";
}
String CARestoreCommand::GetShortDescription() const
{
return "restores a removed certificate request";
}
int CARestoreCommand::GetMinArguments() const
{
return 1;
}
ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
{
return ImpersonateIcinga;
}
/**
* The entry point for the "ca restore" CLI command.
*
* @returns An exit status.
*/
int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed";
if (!Utility::PathExists(requestFile)) {
Log(LogCritical, "cli")
<< "No removed request exists for fingerprint '" << ap[0] << "'.";
return 1;
}
Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 700, Utility::LoadJsonFile(requestFile));
if(remove(requestFile.CStr()) != 0)
return 1;
Log(LogInformation, "cli")
<< "Certificate " << ap[0] << " restored, you can now sign it using:\n"
<< "\"icinga2 ca sign " << ap[0] << "\"";
return 0;
}

47
lib/cli/carestorecommand.hpp Normal file
View File

@ -0,0 +1,47 @@
/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/
#ifndef CARESTORECOMMAND_H
#define CARESTORECOMMAND_H
#include "cli/clicommand.hpp"
namespace icinga
{
/**
* The "ca restore" command.
*
* @ingroup cli
*/
class CARestoreCommand final : public CLICommand
{
public:
DECLARE_PTR_TYPEDEFS(CARestoreCommand);
String GetDescription() const override;
String GetShortDescription() const override;
int GetMinArguments() const override;
ImpersonationLevel GetImpersonationLevel() const override;
int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
};
}
#endif /* CASIGNCOMMAND_H */