Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rb See the API details in PE-35563, for example, it should POST the request. The method should accept:
- name: this is the name of the client whose cert is being renewed, typically Puppet[:certname]
- ssl_context: the current ssl context to use when making the request
If the request is successful, the method should return the renewed client certificate. If the request is not successful, then raise Puppet::HTTP::ResponseError Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197 Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception. |