HomePhabricator

acme-chief-api: Add support for puppet HTTP API search operation

Authored by Vgutierrez on Mar 7 2019, 3:27 PM.

Description

acme-chief-api: Add support for puppet HTTP API search operation

This commit adds support for puppet HTTP API search operation:
GET /puppet/v3/file_metadatas/foo.txt?environment=env&recurse=true
https://puppet.com/docs/puppet/4.8/http_api/http_file_metadata.html#search

This will be used to deploy all the files related to one cert, including
yet-to-be-live certificates via a file resource like the following one:
file {"/etc/acmecerts/${certname}":

ensure  => directory,
recurse => true,
source  => "puppet://${::acmechief_host}/acmedata/${certname}",

}

This will generate the following tree:
/etc/acmecerts/
`-- certname

|-- ac8dd49b0a23fe5e5d0ac20ad639a9eb
|   |-- ec-prime256v1.chain.crt
|   |-- ec-prime256v1.chained.crt
|   |-- ec-prime256v1.crt
|   |-- ec-prime256v1.key
|   |-- rsa-2048.chain.crt
|   |-- rsa-2048.chained.crt
|   |-- rsa-2048.crt
|   `-- rsa-2048.key
|-- live -> /etc/acmecerts/certname/ac8dd49b0a23fe5e5d0ac20ad639a9eb
`-- new -> /etc/acmecerts/certname/ac8dd49b0a23fe5e5d0ac20ad639a9eb

This example assumes that the live certificate is the newest one
available.

Bug: T207295
Change-Id: Ib8a40a049486bc0e4a861041e56d1451c8ecef71