This repository has been archived by the owner on Dec 3, 2020. It is now read-only.
/
x509.sls
50 lines (42 loc) · 1.41 KB
/
x509.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!jinja|yaml
{% from "crypto/defaults.yaml" import rawmap with context %}
{% set datamap = salt['grains.filter_by'](rawmap, merge=salt['pillar.get']('crypto:lookup')) %}
{% set keys = salt['pillar.get']('crypto:x509:keys', {}) %}
{% for k, v in keys|dictsort %}
{% if 'mode' in v %}
{% set mode = v.mode %}
{% elif v.type|default('public') == 'private' %}
{% set mode = '600' %}
{% else %}
{% set mode = '644' %}
{% endif %}
{% if 'path' in v %}
{% set path = v.path %}
{% else %}
{% if v.type|default('public') == 'public' %}
{% set path = datamap.x509.cert_pub_dir ~ '/' ~ k ~ '.' ~ v.key_suffix|default('crt') ~ '.pem' %}
{% else %}
{% set path = datamap.x509.cert_priv_dir ~ '/' ~ k ~ '.' ~ v.key_suffix|default('key') ~ '.pem' %}
{% endif %}
{% endif %}
{% if 'content' in v %}
{% set contents_pillar = 'crypto:x509:keys:' ~ k ~ ':content' %}
{% else %}
{% set contents_pillar = v.contents_pillar %}
{% endif %}
crypto-x509-key-{{ k }}:
file:
- {{ v.ensure|default('managed') }}
- name: {{ path }}
- user: {{ v.user|default('root') }}
- group: {{ v.group|default('root') }}
- mode: {{ mode }}
{% if 'contents_pillar_list' in v %}
- contents: |
{%- for c in v.contents_pillar_list %}
{{ salt['pillar.get'](c, '')|indent(8, True) }}
{% endfor %}
{% else %}
- contents_pillar: {{ contents_pillar }}
{% endif %}
{% endfor %}