Sometimes users want to revoke and delete SSL files for many nodes at once. Currently, this requires two API requests for each node, and it requires the CRL to be read and rewritten for each revocation.
We want to implement an API endpoint that combines both of these actions and supports batching. Thinking of calling this puppet-ca/v1/clean, to correspond to the clean action in the CLI tool, which both revokes and deletes.
Because of the batching, the request might take a long time to respond. For now, for expediency, I plan to implement this as a synchronous endpoint, but ultimately it makes more sense for it to be command-style. I will include a flag in the request body to indicate whether it should be executed synchronously or asynchronously, to give us the option to implement the command style later without requiring a new API.