Create a gist now

Instantly share code, notes, and snippets.

#!/usr/bin/env ruby
# Copyright 2014 Jeremy T. Bouse
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'fog'
require 'puppet'
require 'puppet/ssl/certificate_request'
clientcert = ARGV.pop
csr = Puppet::SSL::CertificateRequest.from_s(STDIN.read)
pp_instance_id = csr.request_extensions.find { |a| a['oid'] == 'pp_instance_id' }
pp_image_name = csr.request_extensions.find { |a| a['oid'] == 'pp_image_name' }
instance_id = pp_instance_id['value']
image_id = pp_image_name['value']
retcode = 0
ec2 = Fog::Compute.new(:provider => :aws)
server = ec2.servers.find { |s| s.id == instance_id }
if csr.name != clientcert
retcode = 1
elsif not server
retcode = 2
elsif server.state != 'running'
retcode = 3
elsif pp_image_id and server.image_id != image_id
retcode = 4
end
exit retcode
@mrzarquon

Hey, Adrien Thebo pointed this out to me a while ago, just wanted to give you a heads up I got a minimal version of it working and made a module to deploy this for PE: https://github.com/mrzarquon/mrzarquon-certsigner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment