Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add x509_cert and x509_csr types and providers #9

Merged
merged 65 commits into from
Apr 23, 2013
Merged

Add x509_cert and x509_csr types and providers #9

merged 65 commits into from
Apr 23, 2013

Conversation

raphink
Copy link
Member

@raphink raphink commented Apr 16, 2013

This PR provides three new types and associated openssl providers:

  • ssl_pkey generates a private key;
  • x509_cert generates a certificate from a private key and a given template;
  • x509_request generates a certificate signing request based on a given a key (private_key) and a template.

Examples:

ssl_pkey { '/etc/ssl/my.key':
  ensure     => 'present',
  password   => 'crackmenot', # optional
}

x509_cert { '/etc/ssl/my.crt':
  ensure        => 'present',
  private_key   => '/etc/ssl/my.key', # optional, uses .key if not specified
  password      => 'crackmenot', # to decrypt the key
  days          => 3650,
  template      => '/path/to/my_template.cnf',
  force         => true, # Re-generate certificate if key has changed
}

x509_request { '/etc/ssl/my.csr':
  ensure        => 'present',
  private_key   => '/etc/ssl/my.key', # optional, uses .key if not specified
  password      => 'crackmenot', # to decrypt the key
  template      => '/path/to/my_template.cnf',
  force         => true, # Re-generate certificate if key has changed
}

These three providers make it possible to replace files/generate-x509-cert.sh and openssl::genx509, and to rewrite openssl::certificate::x509 as a wrapper doing:

  • generate and deploy the certificate template (file resource, unchanged);
  • generate the private key using the ssl_pkey type;
  • generate the certificate using the x509_cert type;
  • generate the certificate signing request using the x509_request type.

@raphink
Add basic x509_cert type
2ef58ce
@raphink
Check absolute path
5a28b35
@raphink
Add base openssl provider for x509_cert
ba50eb1
@raphink
Add default value for days
f0be5d6
@raphink
Add create for openssl provider
d256ec1
@raphink
Add destroy
9739ab5
@raphink
Get rid of all params, add template instead
c676a39
@raphink
Use a default for template in the provider
74efd9c
@raphink
Create certificate if either certificate or key don't exist
c6b17e2
@raphink
Calculate default for template in type, not provider
26628e1
@raphink
Autorequire template file in x509_cert type
2b0057e
@raphink
Fix wrong usage of Pathname in x509_cert provider
000a4bb
@raphink
Add x509_csr type
2ada0aa
@raphink
Simplify code
cf64637
@raphink
Add template parameter for x509_csr
8d8d0b2
@raphink
Add providers for x509_csr
e699d36
@raphink
Fix Pathname#basename call
0d1d3cf
@raphink
Get rid of openssl::genx509 and files/generate-x509-cert.sh
5f65ac7 
  rebase openssl::certificate::x509 on x509_cert and x509_csr
@raphink
Add validations in openssl::certificate::x509
dcb30c4
@raphink
Fix autorequire for x509_csr
410dc92
@raphink
Remove node part in example in openssl::certificate::x509
853054e
@raphink
Fix default values in openssl::certificate::x509
5dcde2c
@raphink
Add basic spec for openssl::certificate::x509
d2ff1c7
@raphink
Fix title for x509_cert in openssl::certificate::x509
47dbacf
@raphink
Add a tests directory
e7db983
@raphink
Add site.pp in spec fixtures
1542dab
@raphink
Add x509_key type and associated tests
0ffaa0d
@raphink
Add x509_key provider and associated test
96a15a5
@raphink
Fix x509_cert type and provider to manage only the certificate, not t…
e3ad39c 
…he key
@raphink
Accept password in x509_key, use OpenSSL::PKey ruby calls
87a44c8
@raphink
Implement force parameter in x509_cert provider
1342765
@raphink
Adapt openssl::certificate::x509 to new ssl_pkey type
59f8550
@raphink
Fix ssl_pkey creation with password
1d62ae3
@raphink
Add password parameter to x509_csr
9d3f5e3
@raphink
Support password in x509_cert provider
7af248d
@raphink
Support password in x509_csr provider
3b0d31a
@raphink
Support password in openssl::certificate::x509
d42527f
@raphink
Improve test file
665ab01
@raphink
Cleanup dirname
1c105ab
@raphink
Add force and authentication params for x509_csr
dfe53b0
@raphink
More logic organisation for x509_cert type specs
f168551
@raphink
Implement force in x509_csr provider
e79c238
@raphink
Add force for x509_csr
0767a04
@raphink
Add force to openssl::certificate::x509
8dbb986
@raphink
No need for openssl command in ssl_pkey (API used)
9f45628
@raphink
Rename x509_csr as x509_certificate
12f53e7
@raphink
Improve cert.cnf.erb template
f0a3ad6
@raphink
Set owner of files in openssl::certificate::x509
26ce4b5
@raphink
Add specs for openssl::certificate::x509
0587e1c
@raphink
Improve specs for openssl::certificate::x509
aa55201
@raphink
Rename organisation as organization in openssl::certificate::x509
8686300
@raphink
Improve README
a2d5891
@raphink
Improve doc
85426e4
@raphink
Rework init as per R.I.'s recommendations
5aa385c
@raphink
Doc in openssl::export::pkcs12
1918df8
@raphink
Typo
6730fc0
@raphink
Add openssl::export::pkcs12 to README
f20d64f
@raphink
Set private key mode to 0600
538c603
raphink added a commit that referenced this pull request Apr 23, 2013
@raphink
Merge pull request #9 from raphink/dev/x509_cert
61f8bbc 
Add x509_cert and x509_csr types and providers
@raphink raphink merged commit 61f8bbc into voxpupuli:master Apr 23, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@raphink