Add save location option to generate certs

Allows users to specify a save location for newly generated certificates instead of always writing them to the site repository. The functionality is identical to generate passphrase's save_location option. Change-Id: I8625fba75160c441dbf3f345af99eb0733b2c37d
2019-12-03 15:58:58 -06:00 · 2019-12-03 15:58:58 -06:00 · 2e0e9eab8c
commit 2e0e9eab8c
parent 7306c3af9b
2 changed files with 20 additions and 4 deletions
--- a/pegleg/cli.py
+++ b/pegleg/cli.py
@ -607,8 +607,18 @@ def generate():
    default=False,
    show_default=True,
    help='Force Pegleg to regenerate all PKI items.')
+@click.option(
+    '-s',
+    '--save-location',
+    'save_location',
+    required=False,
+    help='Directory to store the generated site certificates in. It will '
+    'be created automatically, if it does not already exist. The '
+    'generated, wrapped, and encrypted passphrases files will be saved '
+    'in: <save_location>/site/<site_name>/secrets/certificates/ '
+    'directory. Defaults to site repository path if no value given.')
@click.argument('site_name')
-def generate_pki(site_name, author, days, regenerate_all):
+def generate_pki(site_name, author, days, regenerate_all, save_location):
    """Generate certificates, certificate authorities and keypairs for a given
    site.

@ -617,7 +627,11 @@ def generate_pki(site_name, author, days, regenerate_all):
    engine.repository.process_repositories(site_name, overwrite_existing=True)
    config.set_global_enc_keys(site_name)
    pkigenerator = catalog.pki_generator.PKIGenerator(
-        site_name, author=author, duration=days, regenerate_all=regenerate_all)
+        site_name,
+        author=author,
+        duration=days,
+        regenerate_all=regenerate_all,
+        save_location=save_location)
    output_paths = pkigenerator.generate()

    click.echo("Generated PKI files written to:\n%s" % '\n'.join(output_paths))
--- a/pegleg/engine/catalog/pki_generator.py
+++ b/pegleg/engine/catalog/pki_generator.py
@ -48,7 +48,8 @@ class PKIGenerator(object):
            block_strings=True,
            author=None,
            duration=365,
-            regenerate_all=False):
+            regenerate_all=False,
+            save_location=None):
        """Constructor for ``PKIGenerator``.

        :param int duration: Duration in days that generated certificates
@ -66,6 +67,7 @@ class PKIGenerator(object):
        self._sitename = sitename
        self._documents = site.get_rendered_docs(sitename)
        self._author = author
+        self._save_location = save_location or config.get_site_repo()

        self.keys = pki_utility.PKIUtility(
            block_strings=block_strings, duration=duration)
@ -96,7 +98,7 @@ class PKIGenerator(object):
                document_name = keypair_def['name']
                self.get_or_gen_keypair(document_name)

-        return self._write(config.get_site_repo())
+        return self._write(self._save_location)

    def get_or_gen_ca(self, document_name):
        kinds = [