Defined Type: dehydrated::certificate::csr
- Defined in:
- manifests/certificate/csr.pp
Summary
Creates a key file with CSROverview
Manage certificate keys and create CSRs for the configured domains / altnames.
Certificate DN
Array of SANs
base filename, used for csr/key filename by default
filename for the csr file
filename for the key file
algorithm to use, defaults to rsa
country to write into the csr, not used by letsencrypt
state to write into the csr, not used by letsencrypt
locality to write into the csr, not used by letsencrypt
organization to write into the csr, not used by letsencrypt
organizational_unit to write into the csr, not used by letsencrypt
email address to write into the csr, not used by letsencrypt
Set / use key password to access/write the key
Ensure absent/present
Overwrite csr if it exists and doesn’t match
Optional size param
Digest to use, defaults to SHA512
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'manifests/certificate/csr.pp', line 65
define dehydrated::certificate::csr (
Dehydrated::DN $dn,
Array[Dehydrated::DN] $subject_alternative_names,
String $base_filename = $name,
String $csr_filename = "${name}.csr",
String $key_filename = "${name}.key",
Dehydrated::Algorithm $algorithm = 'rsa',
Optional[String] $country = undef,
Optional[String] $state = undef,
Optional[String] $locality = undef,
Optional[String] $organization = undef,
Optional[String] $organizational_unit = undef,
Optional[String] $email_address = undef,
Optional[String] $key_password = undef,
Enum['present', 'absent'] $ensure = 'present',
Boolean $force = true,
Optional[Integer[768]] $size = undef,
Pattern[/^(MD[245]|SHA(|-?(1|224|256|384|512)))$/] $digest = 'SHA512',
) {
if ! defined(Class['dehydrated']) {
fail('You must include the dehydrated base class first.')
}
require dehydrated::setup
$base_dir = $dehydrated::base_dir
$csr_dir = $dehydrated::csr_dir
$key_dir = $dehydrated::key_dir
$crt_dir = $dehydrated::crt_dir
$crt = "${crt_dir}/${base_filename}.crt"
$key = "${key_dir}/${base_filename}.key"
$csr = "${csr_dir}/${base_filename}.csr"
$dh = "${crt_dir}/${base_filename}.dh"
$fingerprint = "${key}.fingerprint"
if ($ensure == 'present') {
dehydrated_key { $key :
ensure => $ensure,
algorithm => $algorithm,
password => $key_password,
size => $size,
require => File[$key_dir],
before => File[$key],
}
dehydrated_fingerprint { $fingerprint :
ensure => $ensure,
private_key => $key,
password => $key_password,
require => Dehydrated_key[$key],
}
dehydrated_csr { $csr :
ensure => $ensure,
private_key => $key,
password => $key_password,
algorithm => $algorithm,
common_name => $dn,
subject_alternative_names => $subject_alternative_names,
country => $country,
state => $state,
locality => $locality,
organization => $organization,
organizational_unit => $organizational_unit,
email_address => $email_address,
force => $force,
digest => $digest,
require => [
File[$key],
File[$csr_dir],
Dehydrated_key[$key],
],
before => File[$csr],
}
}
file { $key :
ensure => $ensure,
owner => $dehydrated::user,
group => $dehydrated::group,
mode => '0640',
}
file { $csr :
ensure => $ensure,
owner => $dehydrated::user,
group => $dehydrated::group,
mode => '0644',
require => Dehydrated_csr[$csr],
}
}
|