-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathcsr.pp
102 lines (97 loc) · 3.07 KB
/
csr.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Manage certificate keys and create CSRs for the
# configured domains / altnames.
#
# @summary Creates a key file with CSR
#
# @example
# dehydrated::csr { '_wildcard_.example.com':
# $subject_alternative_names => [],
# $dn => '*.example.com'
# }
#
# @api private
#
define dehydrated::certificate::csr (
Dehydrated::DN $dn,
Array[Dehydrated::DN] $subject_alternative_names,
String $base_filename = $name,
String $csr_filename = "${name}.csr",
String $key_filename = "${name}.key",
Dehydrated::Algorithm $algorithm = 'rsa',
Optional[String] $country = undef,
Optional[String] $state = undef,
Optional[String] $locality = undef,
Optional[String] $organization = undef,
Optional[String] $organizational_unit = undef,
Optional[String] $email_address = undef,
Optional[String] $key_password = undef,
Enum['present', 'absent'] $ensure = 'present',
Boolean $force = true,
Optional[Integer[768]] $size = undef,
Pattern[/^(MD[245]|SHA(|-?(1|224|256|384|512)))$/] $digest = 'SHA512',
) {
if ! defined(Class['dehydrated']) {
fail('You must include the dehydrated base class first.')
}
require dehydrated::setup
$base_dir = $dehydrated::base_dir
$csr_dir = $dehydrated::csr_dir
$key_dir = $dehydrated::key_dir
$crt_dir = $dehydrated::crt_dir
$crt = "${crt_dir}/${base_filename}.crt"
$key = "${key_dir}/${base_filename}.key"
$csr = "${csr_dir}/${base_filename}.csr"
$dh = "${crt_dir}/${base_filename}.dh"
$fingerprint = "${key}.fingerprint"
if ($ensure == 'present') {
dehydrated_key { $key :
ensure => $ensure,
algorithm => $algorithm,
password => $key_password,
size => $size,
require => File[$key_dir],
before => File[$key],
}
dehydrated_fingerprint { $fingerprint :
ensure => $ensure,
private_key => $key,
password => $key_password,
require => Dehydrated_key[$key],
}
dehydrated_csr { $csr :
ensure => $ensure,
private_key => $key,
password => $key_password,
algorithm => $algorithm,
common_name => $dn,
subject_alternative_names => $subject_alternative_names,
country => $country,
state => $state,
locality => $locality,
organization => $organization,
organizational_unit => $organizational_unit,
email_address => $email_address,
force => $force,
digest => $digest,
require => [
File[$key],
File[$csr_dir],
Dehydrated_key[$key],
],
before => File[$csr],
}
}
file { $key :
ensure => $ensure,
owner => $dehydrated::user,
group => $dehydrated::group,
mode => '0640',
}
file { $csr :
ensure => $ensure,
owner => $dehydrated::user,
group => $dehydrated::group,
mode => '0644',
require => Dehydrated_csr[$csr],
}
}