Skip to content

Instantly share code, notes, and snippets.

@jbouse jbouse/autosigner.rb
Last active Aug 29, 2015

Embed
What would you like to do?
#!/usr/bin/env ruby
# Copyright 2014 Jeremy T. Bouse
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'fog'
require 'puppet'
require 'puppet/ssl/certificate_request'
clientcert = ARGV.pop
csr = Puppet::SSL::CertificateRequest.from_s(STDIN.read)
pp_instance_id = csr.request_extensions.find { |a| a['oid'] == 'pp_instance_id' }
pp_image_name = csr.request_extensions.find { |a| a['oid'] == 'pp_image_name' }
instance_id = pp_instance_id['value']
image_id = pp_image_name['value']
retcode = 0
ec2 = Fog::Compute.new(:provider => :aws)
server = ec2.servers.find { |s| s.id == instance_id }
if csr.name != clientcert
retcode = 1
elsif not server
retcode = 2
elsif server.state != 'running'
retcode = 3
elsif pp_image_id and server.image_id != image_id
retcode = 4
end
exit retcode
@mrzarquon

This comment has been minimized.

Copy link

mrzarquon commented May 2, 2014

Hey, Adrien Thebo pointed this out to me a while ago, just wanted to give you a heads up I got a minimal version of it working and made a module to deploy this for PE: https://github.com/mrzarquon/mrzarquon-certsigner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.