CLI: 'ca list' now lists pending CSRs by default, add '--all' parameter

author Michael Friedrich <michael.friedrich@icinga.com>

Tue, 9 Oct 2018 15:40:04 +0000 (17:40 +0200)

committer Michael Friedrich <michael.friedrich@icinga.com>

Fri, 10 May 2019 13:41:00 +0000 (15:41 +0200)
author Michael Friedrich <michael.friedrich@icinga.com>
Tue, 9 Oct 2018 15:40:04 +0000 (17:40 +0200)
committer Michael Friedrich <michael.friedrich@icinga.com>
Fri, 10 May 2019 13:41:00 +0000 (15:41 +0200)
diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md

index 58730420b0bbd32dfc410e695488eab66640d2b6..f1697ae379c3991e15eb59ef4f52b80ad039e152 100644 (file)
--- a/doc/06-distributed-monitoring.md
+++ b/doc/06-distributed-monitoring.md
@@ -417,13 +417,21 @@ Disadvantages:
  * Needs client verification on the master.
  
  
-You can list certificate requests by using the `ca list` CLI command. This also shows
-which requests already have been signed.
+You can list pending certificate signing requests with the `ca list` CLI command.
  
  ```
  [root@icinga2-master1.localdomain /]# icinga2 ca list
  Fingerprint                                                      | Timestamp           | Signed | Subject
  -----------------------------------------------------------------|---------------------|--------|--------
+71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850 | 2017/09/06 17:20:02 |        | CN = icinga2-client2.localdomain
+```
+
+In order to show all requests, use the `--all` parameter.
+
+```
+[root@icinga2-master1.localdomain /]# icinga2 ca list --all
+Fingerprint                                                      | Timestamp           | Signed | Subject
+-----------------------------------------------------------------|---------------------|--------|--------
  403da5b228df384f07f980f45ba50202529cded7c8182abf96740660caa09727 | 2017/09/06 17:02:40 | *      | CN = icinga2-client1.localdomain
  71700c28445109416dd7102038962ac3fd421fbb349a6e7303b6033ec1772850 | 2017/09/06 17:20:02 |        | CN = icinga2-client2.localdomain
  ```
diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md

index 883dd39950aaf810b38dea64044ac5011fc6fd5a..4cbfb86598cb0f0ebde1387ec825a3e6d5c832e0 100644 (file)
--- a/doc/11-cli-commands.md
+++ b/doc/11-cli-commands.md
@@ -205,6 +205,42 @@ Report bugs at <https://github.com/Icinga/icinga2>
  Icinga home page: <https://icinga.com/>
  ```
  
+
+### CLI command: Ca List <a id="cli-command-ca-list"></a>
+
+```
+icinga2 ca list --help
+icinga2 - The Icinga 2 network monitoring daemon (version: v2.11.0)
+
+Usage:
+  icinga2 ca list [<arguments>]
+
+Lists pending certificate signing requests.
+
+Global options:
+  -h [ --help ]             show this help message
+  -V [ --version ]          show version information
+  --color                   use VT100 color codes even when stdout is not a
+                            terminal
+  -D [ --define ] arg       define a constant
+  -I [ --include ] arg      add include search directory
+  -x [ --log-level ] arg    specify the log level for the console log.
+                            The valid value is either debug, notice,
+                            information (default), warning, or critical
+  -X [ --script-debugger ]  whether to enable the script debugger
+
+Command options:
+  --all                     List all certificate signing requests, including
+                            signed. Note: Old requests are automatically
+                            cleaned by Icinga after 1 week.
+  --json                    encode output as JSON
+
+Report bugs at <https://github.com/Icinga/icinga2>
+Get support: <https://icinga.com/support/>
+Documentation: <https://icinga.com/docs/>
+Icinga home page: <https://icinga.com/>
+```
+
  ## CLI command: Console <a id="cli-command-console"></a>
  
  The CLI command `console` can be used to debug and evaluate Icinga 2 config expressions,
diff --git a/doc/16-upgrading-icinga-2.md b/doc/16-upgrading-icinga-2.md

index 5b2ba51a9b360a98a3e8726c4690771657249bf8..d8d9ac221d445cc3b95d6dfcd5400e3a3276dc72 100644 (file)
--- a/doc/16-upgrading-icinga-2.md
+++ b/doc/16-upgrading-icinga-2.md
@@ -89,6 +89,8 @@ This value also is available in the [ido](10-icinga-template-library.md#itl-icin
  
  ### CLI Commands <a id="upgrading-to-2-11-cli-commands"></a>
  
+#### Permissions <a id="upgrading-to-2-11-cli-commands-permissions"></a>
+
  CLI commands such as `api setup`, `node wizard/setup`, `feature enable/disable/list`
  required root permissions previously. Since the file permissions allow
  the Icinga user to change things already, and users kept asking to
@@ -103,6 +105,13 @@ user has the capabilities to change to a different user.
  If you still encounter problems, run the aforementioned CLI commands as root,
  or with sudo.
  
+#### CA List Behaviour Change <a id="upgrading-to-2-11-cli-commands-ca-list"></a>
+
+`ca list` only shows the pending certificate signing requests by default.
+
+You can use the new `--all` parameter to show all signing requests.
+Note that Icinga automatically purges signed requests older than 1 week.
+
  ### Configuration <a id="upgrading-to-2-11-configuration"></a>
  
  The deprecated `concurrent_checks` attribute in the [checker feature](09-object-types.md#objecttype-checkercomponent)
diff --git a/lib/cli/calistcommand.cpp b/lib/cli/calistcommand.cpp

index 509d0a91df04189d01190aa9c0342ff033e0201c..829086b98235c40f83d67c7baf47d00187ffe070 100644 (file)
--- a/lib/cli/calistcommand.cpp
+++ b/lib/cli/calistcommand.cpp
@@ -16,20 +16,20 @@ REGISTER_CLICOMMAND("ca/list", CAListCommand);
  
  String CAListCommand::GetDescription() const
  {
-       return "Lists all certificate signing requests.";
+       return "Lists pending certificate signing requests.";
  }
  
  String CAListCommand::GetShortDescription() const
  {
-       return "lists all certificate signing requests";
+       return "lists pending certificate signing requests";
  }
  
  void CAListCommand::InitParameters(boost::program_options::options_description& visibleDesc,
         boost::program_options::options_description& hiddenDesc) const
  {
         visibleDesc.add_options()
-               ("json", "encode output as JSON")
-       ;
+               ("all", "List all certificate signing requests, including signed. Note: Old requests are automatically cleaned by Icinga after 1 week.")
+               ("json", "encode output as JSON");
  }
  
  /**
@@ -52,6 +52,10 @@ int CAListCommand::Run(const boost::program_options::variables_map& vm, const st
                 for (auto& kv : requests) {
                         Dictionary::Ptr request = kv.second;
  
+                       /* Skip signed requests by default. */
+                       if (!vm.count("all") && request->Contains("cert_response"))
+                               continue;
+
                         std::cout << kv.first
                                 << " | "
  /*                         << Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", request->Get("timestamp")) */
author	Michael Friedrich <michael.friedrich@icinga.com>
	Tue, 9 Oct 2018 15:40:04 +0000 (17:40 +0200)
committer	Michael Friedrich <michael.friedrich@icinga.com>
	Fri, 10 May 2019 13:41:00 +0000 (15:41 +0200)
doc/06-distributed-monitoring.md		patch \| blob \| history
doc/11-cli-commands.md		patch \| blob \| history
doc/16-upgrading-icinga-2.md		patch \| blob \| history
lib/cli/calistcommand.cpp		patch \| blob \| history