Defined Type: dehydrated::certificate::csr
- Defined in:
- manifests/certificate/csr.pp
Summary
Creates a key file with CSROverview
Manage certificate keys and create CSRs for the configured domains / altnames.
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'manifests/certificate/csr.pp', line 14
define dehydrated::certificate::csr(
Dehydrated::DN $dn,
Array[Dehydrated::DN] $subject_alternative_names,
String $base_filename = $name,
String $csr_filename = "${name}.csr",
String $key_filename = "${name}.key",
Dehydrated::Algorithm $algorithm = 'rsa',
Optional[String] $country = undef,
Optional[String] $state = undef,
Optional[String] $locality = undef,
Optional[String] $organization = undef,
Optional[String] $organizational_unit = undef,
Optional[String] $email_address = undef,
Optional[String] $key_password = undef,
Enum['present', 'absent'] $ensure = 'present',
Boolean $force = true,
Optional[Integer[768]] $size = undef,
Pattern[/^(MD[245]|SHA(|-?(1|224|256|384|512)))$/] $digest = 'SHA512',
) {
if ! defined(Class['dehydrated']) {
fail('You must include the dehydrated base class first.')
}
require ::dehydrated::setup
$base_dir = $::dehydrated::base_dir
$csr_dir = $::dehydrated::csr_dir
$key_dir = $::dehydrated::key_dir
$crt_dir = $::dehydrated::crt_dir
$crt = "${crt_dir}/${base_filename}.crt"
$key = "${key_dir}/${base_filename}.key"
$csr = "${csr_dir}/${base_filename}.csr"
$dh = "${crt_dir}/${base_filename}.dh"
if ($ensure == 'present') {
dehydrated_key { $key :
ensure => $ensure,
algorithm => $algorithm,
password => $key_password,
size => $size,
require => File[$key_dir],
before => File[$key],
}
dehydrated_csr { $csr :
ensure => $ensure,
private_key => $key,
password => $key_password,
algorithm => $algorithm,
common_name => $dn,
subject_alternative_names => $subject_alternative_names,
country => $country,
state => $state,
locality => $locality,
organization => $organization,
organizational_unit => $organizational_unit,
email_address => $email_address,
force => $force,
digest => $digest,
require => [
File[$key],
File[$csr_dir],
Dehydrated_key[$key],
],
before => File[$csr],
}
}
file { $key :
ensure => $ensure,
owner => $::dehydrated::user,
group => $::dehydrated::group,
mode => '0640',
}
file { $csr :
ensure => $ensure,
owner => $::dehydrated::user,
group => $::dehydrated::group,
mode => '0644',
require => Dehydrated_csr[$csr],
}
}
|