diff --git a/tasks/get_peadm_config.rb b/tasks/get_peadm_config.rb index 30d8ad21e..88eab7ba9 100755 --- a/tasks/get_peadm_config.rb +++ b/tasks/get_peadm_config.rb @@ -101,11 +101,12 @@ def server(role, letter, certname_array) end def https(port) - https = Net::HTTP.new('localhost', port) + https = Net::HTTP.new(Puppet.settings[:certname], port) https.use_ssl = true https.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) https.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) - https.verify_mode = OpenSSL::SSL::VERIFY_NONE + https.verify_mode = OpenSSL::SSL::VERIFY_PEER + https.ca_file = Puppet.settings[:localcacert] https end diff --git a/tasks/rbac_token.rb b/tasks/rbac_token.rb index 9ad76f1f8..d7339233e 100755 --- a/tasks/rbac_token.rb +++ b/tasks/rbac_token.rb @@ -4,16 +4,17 @@ # # rubocop:disable Style/GlobalVars require 'net/https' -require 'uri' require 'json' require 'fileutils' +require 'puppet' # Parameters expected: # Hash # String password $params = JSON.parse(STDIN.read) -uri = URI.parse('https://localhost:4433/rbac-api/v1/auth/token') +Puppet.initialize_settings + body = { 'login' => 'admin', 'password' => $params['password'], @@ -21,14 +22,17 @@ 'label' => 'provision-time token', }.to_json -http = Net::HTTP.new(uri.host, uri.port) -http.use_ssl = true -http.verify_mode = OpenSSL::SSL::VERIFY_NONE -request = Net::HTTP::Post.new(uri.request_uri) +https = Net::HTTP.new(Puppet.settings[:certname], 4433) +https.use_ssl = true +https.cert = OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) +https.key = OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) +https.verify_mode = OpenSSL::SSL::VERIFY_PEER +https.ca_file = Puppet.settings[:localcacert] +request = Net::HTTP::Post.new('/rbac-api/v1/auth/token') request['Content-Type'] = 'application/json' request.body = body -response = http.request(request) +response = https.request(request) raise "Error requesting token, #{response.body}" unless response.is_a? Net::HTTPSuccess token = JSON.parse(response.body)['token']