Skip to content

Instantly share code, notes, and snippets.

@mbklein

mbklein/decommissioner.rb

Created February 7, 2019 19:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mbklein/82fff74021626a1c562dce6c426f6fb1 to your computer and use it in GitHub Desktop.
Save mbklein/82fff74021626a1c562dce6c426f6fb1 to your computer and use it in GitHub Desktop.
Download ZIP
Puppet Decommissioner
Raw
decommissioner.rb
require 'net/https'
require 'uri'
class Decommissioner
attr_reader :auth_cert, :auth_key, :pe_server
def initialize(pe_server, auth_cert, auth_key)
@pe_server = pe_server
@auth_cert = OpenSSL::X509::Certificate.new(auth_cert)
@auth_key = OpenSSL::PKey::RSA.new(auth_key)
end
def decommission(hostname)
request(hostname, :Put, { 'Content-Type' => 'text/pson'}, '{"desired_state":"revoked"}')
request(hostname, :Delete, { 'Accept: pson' })
end
private
def http
@https ||= Net::HTTP.new(uri.host, uri.port).tap do |result|
result.use_ssl = true
result.verify_mode = OpenSSL::SSL::VERIFY_NONE
result.cert = auth_cert
result.key = auth_key
end
end
def request(hostname, method, headers = {}, body = nil)
req = Net::HTTP.const_get(method).new(uri_for(hostname).path)
req.headers.merge!(headers)
req.body = body
http.request(req)
end
def uri_for(hostname)
URI.join(uri, '/puppet-ca/v1/certificate_status/', hostname)
end
def uri
@uri ||= URI(pe_server)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment