autosigner.rb

#!/usr/bin/env ruby

# Copyright 2014 Jeremy T. Bouse
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

require 'fog'
require 'puppet'
require 'puppet/ssl/certificate_request'

clientcert = ARGV.pop

csr = Puppet::SSL::CertificateRequest.from_s(STDIN.read)
pp_instance_id = csr.request_extensions.find { |a| a['oid'] == 'pp_instance_id' }
pp_image_name = csr.request_extensions.find { |a| a['oid'] == 'pp_image_name' }
instance_id = pp_instance_id['value']
image_id = pp_image_name['value']

retcode = 0

ec2 = Fog::Compute.new(:provider => :aws)
server = ec2.servers.find { |s| s.id == instance_id }

if csr.name != clientcert
  retcode = 1
elsif not server
  retcode = 2
elsif server.state != 'running'
  retcode = 3
elsif pp_image_id and server.image_id != image_id
  retcode = 4
end

exit retcode

Hey, Adrien Thebo pointed this out to me a while ago, just wanted to give you a heads up I got a minimal version of it working and made a module to deploy this for PE: https://github.com/mrzarquon/mrzarquon-certsigner