From: Frank Brehm Date: Wed, 15 Feb 2017 12:11:19 +0000 (+0100) Subject: Adding properties and checks for SSL certificates X-Git-Tag: 0.8.4~27 X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=c45fb10dc7b628c1a01b627a57ecfaa921398135;p=pixelpark%2Fpuppetmaster-webhooks.git Adding properties and checks for SSL certificates --- diff --git a/lib/webhooks/__init__.py b/lib/webhooks/__init__.py index 349f40b..19fc98f 100644 --- a/lib/webhooks/__init__.py +++ b/lib/webhooks/__init__.py @@ -1,6 +1,6 @@ #!/bin/env python3 # -*- coding: utf-8 -*- -__version__ = '0.4.3' +__version__ = '0.4.4' # vim: ts=4 et list diff --git a/lib/webhooks/r10k.py b/lib/webhooks/r10k.py index b113fa7..c522fcc 100644 --- a/lib/webhooks/r10k.py +++ b/lib/webhooks/r10k.py @@ -15,6 +15,9 @@ import re import textwrap import datetime import locale +import ssl + +from http.client import HTTPSConnection # Third party modules import yaml @@ -48,11 +51,19 @@ class R10kHookApp(BaseHookApp): ''').strip() self.locale = 'de_DE.utf8' + self.simulate = False + + self.puppetmaster_host = 'puppetmaster01.pixelpark.com' + self.puppetmaster_api_port = 8140 + self.puppetmaster_api_path = '/puppet-admin-api/v1' + self.puppetmaster_ssl_dir = os.sep + os.path.join( + 'var', 'lib', 'puppet', 'ssl') super(R10kHookApp, self).__init__( appname=appname, verbose=verbose, version=version) self.search_r10k_bin() + self.check_cert_files() # ------------------------------------------------------------------------- def as_dict(self): @@ -124,11 +135,41 @@ class R10kHookApp(BaseHookApp): LOG.error("Command {!r} not found.".format(cmd)) sys.exit(9) + # ------------------------------------------------------------------------- + def check_cert_files(self): + + if not os.path.isabs(self.puppetmaster_ssl_dir): + LOG.error("Puppetmaster SSL directory {!r} is not an absolute path name.".format( + self.puppetmaster_ssl_dir)) + sys.exit(10) + if not os.path.isdir(self.puppetmaster_ssl_dir): + LOG.error("Puppetmaster SSL directory {!r} does not exists.".format( + self.puppetmaster_ssl_dir)) + sys.exit(10) + + rel_paths = [] + rel_paths.append(os.path.join('certs', self.puppetmaster_host + '.pem')) + rel_paths.append(os.path.join('private_keys', self.puppetmaster_host + '.pem')) + + for path in rel_paths: + abs_path = os.path.join(self.puppetmaster_ssl_dir, path) + if self.verbose > 2: + LOG.debug("Checking file {!r} ...".format(abs_path)) + if not os.path.exists(abs_path): + LOG.error("File {!r} does not exists.".format(abs_path)) + sys.exit(10) + if not os.access(abs_path, os.R_OK): + LOG.error("File {!r} is not readable.".format(abs_path)) + sys.exit(10) + # ------------------------------------------------------------------------- def evaluate_config(self, config, yaml_file): super(R10kHookApp, self).evaluate_config(config, yaml_file) + if 'simulate' in config: + self.simulate = to_bool(config['simulate']) + if 'ignore_projects' in config: if config['ignore_projects'] is None: self.ignore_projects = [] @@ -147,6 +188,22 @@ class R10kHookApp(BaseHookApp): if 'locale' in config and config['locale']: self.locale = config['locale'] + if 'puppetmaster' in config: + ppm_cfg = config['puppetmaster'] + if 'host' in ppm_cfg and ppm_cfg['host']: + self.puppetmaster_host = ppm_cfg['host'] + if 'api_port' in ppm_cfg: + try: + self.puppetmaster_api_port = int(ppm_cfg['api_port']) + except Exception as e: + msg = "Invalid port {p!r} for puppetmaster API in {f!r} found.".format( + p=ppm_cfg['api_port'], f=yaml_file) + self.error_data.append(msg) + if 'api_path' in ppm_cfg and ppm_cfg['api_path']: + self.puppetmaster_api_path = ppm_cfg['api_path'] + if 'ssl_dir' in ppm_cfg and ppm_cfg['ssl_dir']: + self.puppetmaster_ssl_dir = ppm_cfg['ssl_dir'] + # ------------------------------------------------------------------------- def pre_run(self): @@ -173,6 +230,9 @@ class R10kHookApp(BaseHookApp): LOG.info("Starting {} ...".format(self.appname)) + ssl_context = ssl.SSLContext() + ssl_context.verify_mode = ssl.CERT_NONE + # =============================================================================