diff --git a/src/actions.yaml b/src/actions.yaml index a71ba7f..8920092 100644 --- a/src/actions.yaml +++ b/src/actions.yaml @@ -107,6 +107,11 @@ upload-signed-csr: default: '8760h' description: >- Specifies the maximum Time To Live + crl-dist-point: + type: string + default: '' + description: >- + Specifies Certificate Revocation List Distribution Point root-ca: type: string description: >- diff --git a/src/actions/actions.py b/src/actions/actions.py index b5a9083..461d822 100755 --- a/src/actions/actions.py +++ b/src/actions/actions.py @@ -131,7 +131,8 @@ def upload_signed_csr(*args): allow_subdomains=action_config.get('allow-subdomains'), enforce_hostnames=action_config.get('enforce-hostnames'), allow_any_name=action_config.get('allow-any-name'), - max_ttl=action_config.get('max-ttl')) + max_ttl=action_config.get('max-ttl'), + crl_dist_point=action_config.get('crl-dist-point')) set_flag('charm.vault.ca.ready') set_flag('pki.backend.tuned') # reissue any certificates we might previously have provided diff --git a/src/lib/charm/vault_pki.py b/src/lib/charm/vault_pki.py index 49f7fb2..6bb9545 100644 --- a/src/lib/charm/vault_pki.py +++ b/src/lib/charm/vault_pki.py @@ -203,7 +203,7 @@ def get_csr(ttl=None, common_name=None, locality=None, def upload_signed_csr(pem, allowed_domains, allow_subdomains=True, enforce_hostnames=False, allow_any_name=True, - max_ttl=None): + max_ttl=None,crl_dist_point=None): """Upload signed csr to intermediate pki :param pem: signed csr in pem format @@ -234,7 +234,7 @@ def upload_signed_csr(pem, allowed_domains, allow_subdomains=True, { "issuing_certificates": "{}/v1/{}/ca".format(addr, CHARM_PKI_MP), "crl_distribution_points": - "{}/v1/{}/crl".format(addr, CHARM_PKI_MP), + "{}/v1/{}/crl".format(addr, CHARM_PKI_MP) if not crl_dist_point else crl_dist_point, }, mount_point=CHARM_PKI_MP )