]> granicus.if.org Git - icinga2/commitdiff
Added ca restore command+docs to undo effects of ca remove
authorAndrew Jaffie <ajaffie@gmail.com>
Wed, 8 Aug 2018 16:09:41 +0000 (12:09 -0400)
committerMichael Friedrich <michael.friedrich@icinga.com>
Fri, 7 Jun 2019 08:33:55 +0000 (10:33 +0200)
doc/06-distributed-monitoring.md
doc/11-cli-commands.md
lib/cli/CMakeLists.txt
lib/cli/carestorecommand.cpp [new file with mode: 0644]
lib/cli/carestorecommand.hpp [new file with mode: 0644]

index 41e0468fdd04b63bddf52ab07322d6f128c9918e..fd1b1fd6023ec6586402c09f8f906d822c14ce12 100644 (file)
@@ -458,6 +458,8 @@ syntax as the `ca sign` command.
 [root@pym ~]# icinga2 ca remove 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e
 information/cli: Certificate 5c31ca0e2269c10363a97e40e3f2b2cd56493f9194d5b1852541b835970da46e removed.
 ```
+If you want to restore a certificate you have removed, you can use `ca restore`.
+
 
 ## Client/Satellite Setup <a id="distributed-monitoring-setup-satellite-client"></a>
 
index f9197f0ee6a527eef32363c573423b10666c2501..ca5e227c4a78a231bea97544e81fccb4bc435b7b 100644 (file)
@@ -21,6 +21,7 @@ Usage:
 Supported commands:
   * api setup (setup for API)
   * ca list (lists all certificate signing requests)
+  * ca restore (restores a removed certificate request)
   * ca remove (removes an outstanding certificate request)  
   * ca sign (signs an outstanding certificate request)
   * console (Icinga debug console)
@@ -186,6 +187,8 @@ Usage:
 Supported commands:
   * ca list (lists all certificate signing requests)
   * ca sign (signs an outstanding certificate request)
+  * ca restore (restores a removed certificate request)
+  * ca remove (removes an outstanding certificate request)
 
 Global options:
   -h [ --help ]             show this help message
index 980429171ceb0625d64f50c6af516c2f7a08b9d3..a87ee0e391b33d59a81a19ce37bfed5d22e6a02b 100644 (file)
@@ -5,6 +5,7 @@ set(cli_SOURCES
   apisetupcommand.cpp apisetupcommand.hpp
   apisetuputility.cpp apisetuputility.hpp
   calistcommand.cpp calistcommand.hpp
+  carestorecommand.cpp carestorecommand.hpp
   caremovecommand.cpp caremovecommand.hpp
   casigncommand.cpp casigncommand.hpp
   clicommand.cpp clicommand.hpp
diff --git a/lib/cli/carestorecommand.cpp b/lib/cli/carestorecommand.cpp
new file mode 100644 (file)
index 0000000..0a232a8
--- /dev/null
@@ -0,0 +1,73 @@
+/******************************************************************************
+ * Icinga 2                                                                   *
+ * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
+ *                                                                            *
+ * This program is free software; you can redistribute it and/or              *
+ * modify it under the terms of the GNU General Public License                *
+ * as published by the Free Software Foundation; either version 2             *
+ * of the License, or (at your option) any later version.                     *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program; if not, write to the Free Software Foundation     *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
+ ******************************************************************************/
+
+#include "cli/carestorecommand.hpp"
+#include "remote/apilistener.hpp"
+#include "base/logger.hpp"
+#include "base/application.hpp"
+#include "base/tlsutility.hpp"
+
+using namespace icinga;
+
+REGISTER_CLICOMMAND("ca/restore", CARestoreCommand);
+
+String CARestoreCommand::GetDescription() const
+{
+       return "Restores a previously removed certificate request.";
+}
+
+String CARestoreCommand::GetShortDescription() const
+{
+       return "restores a removed certificate request";
+}
+
+int CARestoreCommand::GetMinArguments() const
+{
+       return 1;
+}
+
+ImpersonationLevel CARestoreCommand::GetImpersonationLevel() const
+{
+       return ImpersonateIcinga;
+}
+
+/**
+ * The entry point for the "ca restore" CLI command.
+ *
+ * @returns An exit status.
+ */
+int CARestoreCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
+{
+       String requestFile = ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed";
+
+       if (!Utility::PathExists(requestFile)) {
+               Log(LogCritical, "cli")
+                       << "No removed request exists for fingerprint '" << ap[0] << "'.";
+               return 1;
+       }
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".json", 700, Utility::LoadJsonFile(requestFile));
+       if(remove(requestFile.CStr()) != 0)
+               return 1;
+
+       Log(LogInformation, "cli")
+               << "Certificate " << ap[0] << " restored, you can now sign it using:\n"
+               << "\"icinga2 ca sign " << ap[0] << "\"";
+
+       return 0;
+}
diff --git a/lib/cli/carestorecommand.hpp b/lib/cli/carestorecommand.hpp
new file mode 100644 (file)
index 0000000..9f23785
--- /dev/null
@@ -0,0 +1,47 @@
+/******************************************************************************
+ * Icinga 2                                                                   *
+ * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/)  *
+ *                                                                            *
+ * This program is free software; you can redistribute it and/or              *
+ * modify it under the terms of the GNU General Public License                *
+ * as published by the Free Software Foundation; either version 2             *
+ * of the License, or (at your option) any later version.                     *
+ *                                                                            *
+ * This program is distributed in the hope that it will be useful,            *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
+ * GNU General Public License for more details.                               *
+ *                                                                            *
+ * You should have received a copy of the GNU General Public License          *
+ * along with this program; if not, write to the Free Software Foundation     *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.             *
+ ******************************************************************************/
+
+#ifndef CARESTORECOMMAND_H
+#define CARESTORECOMMAND_H
+
+#include "cli/clicommand.hpp"
+
+namespace icinga
+{
+
+/**
+ * The "ca restore" command.
+ *
+ * @ingroup cli
+ */
+class CARestoreCommand final : public CLICommand
+{
+public:
+       DECLARE_PTR_TYPEDEFS(CARestoreCommand);
+
+       String GetDescription() const override;
+       String GetShortDescription() const override;
+       int GetMinArguments() const override;
+       ImpersonationLevel GetImpersonationLevel() const override;
+       int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const override;
+};
+
+}
+
+#endif /* CASIGNCOMMAND_H */