Upload new CRL task

upload_new_crl.json

{
  "description": "Upload a new crl file to the Puppet Primary server. The crl file must be provided in PEM format.",
  "input_method": "environment",
  "parameters": {
    "crl_file": {
      "description": "File with new certificate revolcation lists to upload.",
      "type": "String[1]"
    }
  }
}

upload_new_crl.sh

#!/bin/bash

BINDIR=/opt/puppetlabs/bin

if [ -x /bin/hostname ] ; then
  hostcmd='/bin/hostname'
else
  hostcmd='/usr/bin/hostame'
fi

if ${BINDIR}/puppet config print server | grep -v -q `${hostcmd}`; then
  echo "This task can only be run on the PE master!"; 
  exit 1
fi

crl_file=$PT_crl_file

if [ -f "$crl_file" ] ; then

    type_header='Content-Type: text/plain'
    cert="$(puppet config print hostcert)"
    cacert="$(puppet config print localcacert)"
    key="$(puppet config print hostprivkey)"
    uri="https://$(puppet config print server):8140/puppet-ca/v1/certificate_revocation_list"
    curl --insecure --cert "$cert" --cacert "$cacert" --key "$key" \
            --header "Content-Type: text/plain" \
            --header "Accept: text/plain" \
            --request PUT --data-binary "@$crl_file"  -v "$uri"

    echo

else
    echo "The file ${crl_file} is not available or not readable."
    exit 2
fi

exit 0