Configurable version of the trusted oid mapping file

* Introduce parameter `trusted_oid_map_file` in the _master_ section. * Uses hooks to delay file parsing * Properly handle errors
ccin2p3 · Aug 5, 2014 · f082ea1 · riton · Aug 5, 2014 · f082ea1
1 parent e6c7e5f
commit f082ea1
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 10 deletions.
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
@@ -1,5 +1,9 @@
 module Puppet
 
+  # counter used to bypass first hook execution for
+  # the *trusted_oid_mapping_file* option
+  @@trusted_oid_mapping_file_setting_counter = 0
+
   def self.default_diffargs
     if (Facter.value(:kernel) == "AIX" && Facter.value(:kernelmajversion) == "5300")
       ""
@@ -1183,6 +1187,24 @@ def self.default_diffargs
       :desc       => "Whether to only search for the complete
             hostname as it is in the certificate when searching for node information
             in the catalogs.",
+    },
+    :trusted_oid_map_file => {
+      :default    => "$confdir/trusted_oid_map.yaml",
+      :type       => :file,
+      :desc       => "File that enable custom OIDs to be resolved into user-friendly names",
+      :hook       => proc do |value|
+        if @@trusted_oid_mapping_file_setting_counter == 0
+          # Skip the first execution of this hook
+          # cause the default is used even if the
+          # user has supplied a custom value. On second call
+          # user value is interpreted and everything will work as
+          # expected.
+          @@trusted_oid_mapping_file_setting_counter = 1
+          break
+        end
+        Puppet::SSL::Oids.load_custom_oid_file(value)
+      end,
+      :call_hook  => :on_initialize_and_write
     }
   )
 

diff --git a/lib/puppet/ssl/oids.rb b/lib/puppet/ssl/oids.rb
@@ -25,8 +25,6 @@
 # @api private
 module Puppet::SSL::Oids
 
-  EXTERNAL_OID_DEFINITION_FILE = '/etc/puppet/ssl_trusted_oid_mapping.yaml'
-
   PUPPET_OIDS = [
     ["1.3.6.1.4.1.34380", 'puppetlabs', 'Puppet Labs'],
     ["1.3.6.1.4.1.34380.1", 'ppCertExt', 'Puppet Certificate Extension'],
@@ -45,15 +43,36 @@ module Puppet::SSL::Oids
     OpenSSL::ASN1::ObjectId.register(*oid_defn)
   end
 
-  # Process external oid definition file if present
-  if File.exists?(EXTERNAL_OID_DEFINITION_FILE)
-    begin
-      mapping = YAML.load_file(EXTERNAL_OID_DEFINITION_FILE)['oid_mapping']
-      mapping.each do |oid_defn|
-        OpenSSL::ASN1::ObjectId.register(*oid_defn)
+  # Parse and load custom OID mapping file that enables custom OIDs to be resolved
+  # into user-friendly names.
+  #
+  # @param f_map [String] File to obtain custom OIDs mapping from
+  #
+  # @example Custom OID mapping file
+  #   ---
+  #   oid_mapping:
+  #      - ['1.3.6.1.4.1.34380.1.2.1.1', 'myshortname', 'Long name'] 
+  #      - ['1.3.6.1.4.1.34380.1.2.1.2', 'myothershortname', 'Other Long name'] 
+  def self.load_custom_oid_file(f_map)
+    if File.exists?(f_map)
+      mapping = nil
+      begin
+        mapping = YAML.load_file(f_map)
+      rescue StandardError => err
+        raise ParseError, "Error loading custom OIDs mapping file from '#{f_map}': #{err}", err.backtrace
+      end
+
+      unless (not mapping.nil?) and (mapping.has_key? 'oid_mapping')
+        raise ParseError, "Error loading custom OIDs mapping file from '#{f_map}': Invalid format"
+      end
+
+      begin
+        mapping['oid_mapping'].each do |oid_defn|
+          OpenSSL::ASN1::ObjectId.register(*oid_defn)
+        end
+      rescue StandardError => err
+        raise ArgumentError, "Error registering custom OIDs mapping from file '#{f_map}': #{err}", err.backtrace
       end
-    rescue
-      # Do nothing
     end
   end