#
-# Cookbook Name:: ssl
+# Cookbook:: ssl
# Resource:: ssl_certificate
#
-# Copyright 2017, OpenStreetMap Foundation
+# Copyright:: 2017, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
default_action :create
property :certificate, String, :name_property => true
-property :domains, [String, Array], :required => true
+property :domains, [String, Array], :required => [:create]
action :create do
node.default[:letsencrypt][:certificates][new_resource.certificate] = {
- :domains => Array(new_resource.domains)
+ :domains => domains
}
if letsencrypt
file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
owner "root"
group "root"
- mode 0o444
+ mode "444"
content certificate
backup false
manage_symlink_source false
file "/etc/ssl/private/#{new_resource.certificate}.key" do
owner "root"
group "ssl-cert"
- mode 0o440
+ mode "440"
content key
backup false
manage_symlink_source false
force_unlink true
end
else
- alt_names = new_resource.domains.collect { |domain| "DNS:#{domain}" }
+ alt_names = domains.collect { |domain| "DNS:#{domain}" }
openssl_x509_certificate "/etc/ssl/certs/#{new_resource.certificate}.pem" do
key_file "/etc/ssl/private/#{new_resource.certificate}.key"
owner "root"
group "ssl-cert"
- mode 0o640
+ mode "640"
org "OpenStreetMap"
email "operations@osmfoundation.org"
- common_name new_resource.domains.first
+ common_name domains.first
subject_alt_name alt_names
extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
"extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
def letsencrypt
@letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
end
+
+ def domains
+ Array(new_resource.domains)
+ end
end
projects / chef.git / blobdiff