diff options
Diffstat (limited to 'sitemodules/profiles/manifests/x509cert_common.pp')
| -rw-r--r-- | sitemodules/profiles/manifests/x509cert_common.pp | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/sitemodules/profiles/manifests/x509cert_common.pp b/sitemodules/profiles/manifests/x509cert_common.pp index bdc1a33..d784b49 100644 --- a/sitemodules/profiles/manifests/x509cert_common.pp +++ b/sitemodules/profiles/manifests/x509cert_common.pp @@ -10,10 +10,12 @@ # @param certificates Hash data structure with certificate names as key and # certificate information as value the individual # entries are expected to have certificate, private_key -# and cachain entries with PEM encoded data. Private -# keys have to be encrypted using eyaml. The cachain -# entry should contain an array of CA certificate -# identifiers. +# and cachain and client_ca_certificates entries with +# PEM encoded data. Private keys have to be encrypted +# using eyaml. The cachain entry should contain an array +# of CA certificate identifiers. The +# client_ca_certificates entry should contain an array +# of CA certificate identifiers. # # Examples # -------- @@ -31,7 +33,7 @@ # Copyright # --------- # -# Copyright 2020 Jan Dittberner +# Copyright 2020-2021 Jan Dittberner class profiles::x509cert_common ( Hash[String, Data] $certificates, ) { @@ -84,5 +86,23 @@ class profiles::x509cert_common ( source => "puppet:///modules/profiles/base/cacert_${ca_cert}.crt", } } + + if 'client_ca_certificates' in $cert_info { + $client_ca_certificates = "/etc/ssl/public/${name}_client_cas.pem" + concat { $client_ca_certificates: + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + } + $cert_info['client_ca_certificates'].each |$index, $ca_cert| { + $order = 10 + $index + concat::fragment { "${name}-client-${ca_cert}": + order => $order, + target => $client_ca_certificates, + source => "puppet:///modules/profiles/base/cacert_${ca_cert}.crt", + } + } + } } } |