Defined Type: dehydrated::certificate::csr

Defined in:
manifests/certificate/csr.pp

Summary

Creates a key file with CSR

Overview

Manage certificate keys and create CSRs for the configured domains / altnames.

Examples:

dehydrated::csr { '_wildcard_.example.com':
  $subject_alternative_names => [],
  $dn                        => '*.example.com'
}

Parameters:

  • dn (Dehydrated::DN)
  • subject_alternative_names (Array[Dehydrated::DN])
  • base_filename (String) (defaults to: $name)
  • csr_filename (String) (defaults to: "${name}.csr")
  • key_filename (String) (defaults to: "${name}.key")
  • algorithm (Dehydrated::Algorithm) (defaults to: 'rsa')
  • country (Optional[String]) (defaults to: undef)
  • state (Optional[String]) (defaults to: undef)
  • locality (Optional[String]) (defaults to: undef)
  • organization (Optional[String]) (defaults to: undef)
  • organizational_unit (Optional[String]) (defaults to: undef)
  • email_address (Optional[String]) (defaults to: undef)
  • key_password (Optional[String]) (defaults to: undef)
  • ensure (Enum['present', 'absent']) (defaults to: 'present')
  • force (Boolean) (defaults to: true)
  • size (Optional[Integer[768]]) (defaults to: undef)
  • digest (Pattern[/^(MD[245]|SHA(|-?(1|224|256|384|512)))$/]) (defaults to: 'SHA512') 


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'manifests/certificate/csr.pp', line 14

define dehydrated::certificate::csr(
  Dehydrated::DN $dn,
  Array[Dehydrated::DN] $subject_alternative_names,
  String $base_filename = $name,
  String $csr_filename = "${name}.csr",
  String $key_filename = "${name}.key",
  Dehydrated::Algorithm $algorithm = 'rsa',
  Optional[String] $country = undef,
  Optional[String] $state = undef,
  Optional[String] $locality = undef,
  Optional[String] $organization = undef,
  Optional[String] $organizational_unit = undef,
  Optional[String] $email_address = undef,
  Optional[String] $key_password = undef,
  Enum['present', 'absent'] $ensure = 'present',
  Boolean $force = true,
  Optional[Integer[768]] $size = undef,
  Pattern[/^(MD[245]|SHA(|-?(1|224|256|384|512)))$/] $digest = 'SHA512',
) {

  if ! defined(Class['dehydrated']) {
    fail('You must include the dehydrated base class first.')
  }

  require ::dehydrated::setup

  $base_dir = $::dehydrated::base_dir
  $csr_dir  = $::dehydrated::csr_dir
  $key_dir  = $::dehydrated::key_dir
  $crt_dir  = $::dehydrated::crt_dir

  $crt = "${crt_dir}/${base_filename}.crt"
  $key = "${key_dir}/${base_filename}.key"
  $csr = "${csr_dir}/${base_filename}.csr"
  $dh  = "${crt_dir}/${base_filename}.dh"


  if ($ensure == 'present') {
    dehydrated_key { $key :
      ensure    => $ensure,
      algorithm => $algorithm,
      password  => $key_password,
      size      => $size,
      require   => File[$key_dir],
      before    => File[$key],
    }
    dehydrated_csr { $csr :
      ensure                    => $ensure,
      private_key               => $key,
      password                  => $key_password,
      algorithm                 => $algorithm,
      common_name               => $dn,
      subject_alternative_names => $subject_alternative_names,
      country                   => $country,
      state                     => $state,
      locality                  => $locality,
      organization              => $organization,
      organizational_unit       => $organizational_unit,
      email_address             => $email_address,
      force                     => $force,
      digest                    => $digest,
      require                   => [
        File[$key],
        File[$csr_dir],
        Dehydrated_key[$key],
      ],
      before                    => File[$csr],
    }
  }

  file { $key :
    ensure => $ensure,
    owner  => $::dehydrated::user,
    group  => $::dehydrated::group,
    mode   => '0640',
  }
  file { $csr :
    ensure  => $ensure,
    owner   => $::dehydrated::user,
    group   => $::dehydrated::group,
    mode    => '0644',
    require => Dehydrated_csr[$csr],
  }


}