Add save location option to generate certs

Allows users to specify a save location for newly generated certificates
instead of always writing them to the site repository. The functionality
is identical to generate passphrase's save_location option.

Change-Id: I8625fba75160c441dbf3f345af99eb0733b2c37d
This commit is contained in:
Ian H Pittwood 2019-12-03 15:58:58 -06:00 committed by Ian Pittwood
parent 7306c3af9b
commit 2e0e9eab8c
2 changed files with 20 additions and 4 deletions

View File

@ -607,8 +607,18 @@ def generate():
default=False,
show_default=True,
help='Force Pegleg to regenerate all PKI items.')
@click.option(
'-s',
'--save-location',
'save_location',
required=False,
help='Directory to store the generated site certificates in. It will '
'be created automatically, if it does not already exist. The '
'generated, wrapped, and encrypted passphrases files will be saved '
'in: <save_location>/site/<site_name>/secrets/certificates/ '
'directory. Defaults to site repository path if no value given.')
@click.argument('site_name')
def generate_pki(site_name, author, days, regenerate_all):
def generate_pki(site_name, author, days, regenerate_all, save_location):
"""Generate certificates, certificate authorities and keypairs for a given
site.
@ -617,7 +627,11 @@ def generate_pki(site_name, author, days, regenerate_all):
engine.repository.process_repositories(site_name, overwrite_existing=True)
config.set_global_enc_keys(site_name)
pkigenerator = catalog.pki_generator.PKIGenerator(
site_name, author=author, duration=days, regenerate_all=regenerate_all)
site_name,
author=author,
duration=days,
regenerate_all=regenerate_all,
save_location=save_location)
output_paths = pkigenerator.generate()
click.echo("Generated PKI files written to:\n%s" % '\n'.join(output_paths))

View File

@ -48,7 +48,8 @@ class PKIGenerator(object):
block_strings=True,
author=None,
duration=365,
regenerate_all=False):
regenerate_all=False,
save_location=None):
"""Constructor for ``PKIGenerator``.
:param int duration: Duration in days that generated certificates
@ -66,6 +67,7 @@ class PKIGenerator(object):
self._sitename = sitename
self._documents = site.get_rendered_docs(sitename)
self._author = author
self._save_location = save_location or config.get_site_repo()
self.keys = pki_utility.PKIUtility(
block_strings=block_strings, duration=duration)
@ -96,7 +98,7 @@ class PKIGenerator(object):
document_name = keypair_def['name']
self.get_or_gen_keypair(document_name)
return self._write(config.get_site_repo())
return self._write(self._save_location)
def get_or_gen_ca(self, document_name):
kinds = [