Customizable cnf/crt/csr/key paths, refactored for configurability.

Signed-off-by: Robin H. Johnson <[email protected]>
voxpupuli · Sep 22, 2015 · 57dbe6b · 57dbe6b
1 parent 164fd56
commit 57dbe6b
Showing 1 changed file with 65 additions and 16 deletions.
diff --git a/manifests/certificate/x509.pp b/manifests/certificate/x509.pp
@@ -26,6 +26,22 @@
 #  [*force*]          whether to override certificate and request
 #                     if private key changes
 #  [*cnf_tpl*]        Specify an other template to generate ".cnf" file.
+#  [*cnf_dir*]        where cnf should be placed.
+#                     Directory must exist, defaults to $base_dir.
+#  [*crt_dir*]        where crt should be placed.
+#                     Directory must exist, defaults to $base_dir.
+#  [*csr_dir*]        where csr should be placed.
+#                     Directory must exist, defaults to $base_dir.
+#  [*key_dir*]        where key should be placed.
+#                     Directory must exist, defaults to $base_dir.
+#  [*cnf*]            override cnf path entirely.
+#                     Directory must exist, defaults to $cnf_dir/$title.cnf
+#  [*crt*]            override crt path entirely.
+#                     Directory must exist, defaults to $crt_dir/$title.crt
+#  [*csr*]            override csr path entirely.
+#                     Directory must exist, defaults to $csr_dir/$title.csr
+#  [*key*]            override key path entirely.
+#                     Directory must exist, defaults to $key_dir/$title.key
 #
 # === Example
 #
@@ -64,6 +80,14 @@
   $email = undef,
   $days = 365,
   $base_dir = '/etc/ssl/certs',
+  $cnf_dir = undef,
+  $crt_dir = undef,
+  $csr_dir = undef,
+  $key_dir = undef,
+  $cnf = undef,
+  $crt = undef,
+  $csr = undef,
+  $key = undef,
   $owner = 'root',
   $group = 'root',
   $key_owner = undef,
@@ -76,6 +100,15 @@
 
   $_key_owner = pick($key_owner, $owner)
   $_key_group = pick($key_group, $group)
+  $_cnf_dir = pick($cnf_dir, $base_dir)
+  $_csr_dir = pick($csr_dir, $base_dir)
+  $_crt_dir = pick($crt_dir, $base_dir)
+  $_key_dir = pick($key_dir, $base_dir)
+  $_cnf = pick($cnf, "${_cnf_dir}/${name}.cnf")
+  $_crt = pick($crt, "${_crt_dir}/${name}.crt")
+  $_csr = pick($csr, "${_csr_dir}/${name}.csr")
+  $_key = pick($key, "${_key_dir}/${name}.key")
+
   validate_string($name)
   validate_string($country)
   validate_string($organization)
@@ -92,6 +125,22 @@
   # lint:endignore
   validate_string($base_dir)
   validate_absolute_path($base_dir)
+  validate_string($_cnf_dir)
+  validate_absolute_path($_cnf_dir)
+  validate_string($_csr_dir)
+  validate_absolute_path($_csr_dir)
+  validate_string($_crt_dir)
+  validate_absolute_path($_crt_dir)
+  validate_string($_key_dir)
+  validate_absolute_path($_key_dir)
+  validate_string($_cnf)
+  validate_absolute_path($_cnf)
+  validate_string($_csr)
+  validate_absolute_path($_csr)
+  validate_string($_crt)
+  validate_absolute_path($_crt)
+  validate_string($_key)
+  validate_absolute_path($_key)
   validate_string($owner)
   validate_string($group)
   validate_string($_key_owner)
@@ -109,57 +158,57 @@
     $req_ext = false
   }
 
-  file {"${base_dir}/${name}.cnf":
+  file { $_cnf:
     ensure  => $ensure,
     owner   => $owner,
     group   => $group,
     content => template($cnf_tpl),
   }
 
-  ssl_pkey { "${base_dir}/${name}.key":
+  ssl_pkey { $_key:
     ensure   => $ensure,
     password => $password,
   }
 
-  x509_cert { "${base_dir}/${name}.crt":
+  x509_cert { $_crt:
     ensure      => $ensure,
-    template    => "${base_dir}/${name}.cnf",
-    private_key => "${base_dir}/${name}.key",
+    template    => $_cnf,
+    private_key => $_key,
     days        => $days,
     password    => $password,
     req_ext     => $req_ext,
     force       => $force,
-    require     => File["${base_dir}/${name}.cnf"],
+    require     => File[$_cnf],
   }
 
-  x509_request { "${base_dir}/${name}.csr":
+  x509_request { $_csr:
     ensure      => $ensure,
-    template    => "${base_dir}/${name}.cnf",
-    private_key => "${base_dir}/${name}.key",
+    template    => $_cnf,
+    private_key => $_key,
     password    => $password,
     force       => $force,
-    require     => File["${base_dir}/${name}.cnf"],
+    require     => File[$_cnf],
   }
 
   # Set owner of all files
   file {
-    "${base_dir}/${name}.key":
+    $_key:
       ensure  => $ensure,
       owner   => $_key_owner,
       group   => $_key_group,
       mode    => $key_mode,
-      require => Ssl_pkey["${base_dir}/${name}.key"];
+      require => Ssl_pkey[$_key];
 
-    "${base_dir}/${name}.crt":
+    $_crt:
       ensure  => $ensure,
       owner   => $owner,
       group   => $group,
-      require => X509_cert["${base_dir}/${name}.crt"];
+      require => X509_cert[$_crt];
 
-    "${base_dir}/${name}.csr":
+    $_csr:
       ensure  => $ensure,
       owner   => $owner,
       group   => $group,
-      require => X509_request["${base_dir}/${name}.csr"];
+      require => X509_request[$_csr];
   }
 }