Add x509_sign provider to openssl module.

It adds the x509_sign provider in order to be able to sign a CSR. It adds two parameters that are: infile and template that is the config file. Private key used by the CA to sign the certificate is passed using the configuration file. You can use it as follow: x509_sign { "/tmp/signed_req.pem": ensure => present, template => "/tmp/ca_openssl.cnf", infile => "/tmp/user_req_cert.pem" } Change-Id: I9be9df731be3bf64333eff366aaf9eb27a27b72d Implements: blueprint ssl-endpoints
2014-09-16 13:10:43 +02:00 · 2014-09-16 13:10:43 +02:00 · 33a4fca8cf
commit 33a4fca8cf
parent 45ad9b4266
2 changed files with 73 additions and 0 deletions
--- a/deployment/puppet/openssl/lib/puppet/provider/x509_sign/openssl.rb
+++ b/deployment/puppet/openssl/lib/puppet/provider/x509_sign/openssl.rb
@ -0,0 +1,25 @@
+require 'pathname'
+
+Puppet::Type.type(:x509_sign).provide(:openssl) do
+  desc 'Signs certificate request with OpenSSL'
+
+  commands :openssl => 'openssl'
+
+  def exists?
+    return Pathname.new(resource[:path]).exist?
+  end
+
+  def create
+    openssl(
+      'ca',
+      '-out', resource[:path],
+      '-config', resource[:template],
+      '-batch',
+      '-in', resource[:infile]
+    )
+  end
+
+  def destroy
+    Pathname.new(resource[:path]).delete
+  end
+end
--- a/deployment/puppet/openssl/lib/puppet/type/x509_sign.rb
+++ b/deployment/puppet/openssl/lib/puppet/type/x509_sign.rb
@ -0,0 +1,48 @@
+require 'pathname'
+Puppet::Type.newtype(:x509_sign) do
+  desc 'Sign certificate'
+
+  ensurable
+
+  newparam(:path, :namevar => true) do
+    desc 'The path to the newly signed certificate'
+    validate do |value|
+      path = Pathname.new(value)
+      unless path.absolute?
+        raise ArgumentError, "Path must be absolute: #{path}"
+      end
+    end
+  end
+
+  newparam(:template) do
+    desc 'The template to use'
+
+    defaultto do
+      path = Pathname.new(@resource[:path])
+      "#{path.dirname}/#{path.basename(path.extname)}.cnf"
+    end
+
+    validate do |value|
+      path = Pathname.new(value)
+      unless path.absolute?
+        raise ArgumentError, "Path must be absolute: #{path}"
+      end
+    end
+  end
+
+  newparam(:infile) do
+    desc 'The name of the file containing certificate request.'
+
+    validate do |value|
+      path = Pathname.new(value)
+      unless path.absolute?
+        raise ArgumentError, "Path must be absolute: #{path}"
+      end
+    end
+
+  end
+
+  autorequire(:file) do
+    self[:template]
+  end
+end