X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/70c9fb3921e6f0c95828d52f3538cde194cc3414..34666b81c1ff78ac49e2afb85f6cabf8742dfb4c:/cookbooks/ssl/resources/certificate.rb

diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb
index 01eedd80c..b28b98f25 100644
--- a/cookbooks/ssl/resources/certificate.rb
+++ b/cookbooks/ssl/resources/certificate.rb
@@ -19,12 +19,11 @@
 
 default_action :create
 
-property :name, String
+property :certificate, String, :name_property => true
 property :domains, [String, Array], :required => true
-property :fallback_certificate, String
 
 action :create do
-  node.default[:letsencrypt][:certificates][name] = {
+  node.default[:letsencrypt][:certificates][new_resource.certificate] = {
     :domains => Array(domains)
   }
 
@@ -34,31 +33,27 @@ action :create do
   end
 
   if certificate
-    file "/etc/ssl/certs/#{name}.pem" do
+    file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
       owner "root"
       group "root"
       mode 0o444
       content certificate
       backup false
+      manage_symlink_source false
+      force_unlink true
     end
 
-    file "/etc/ssl/private/#{name}.key" do
+    file "/etc/ssl/private/#{new_resource.certificate}.key" do
       owner "root"
       group "ssl-cert"
       mode 0o440
       content key
       backup false
-    end
-  elsif fallback_certificate
-    link "/etc/ssl/certs/#{name}.pem" do
-      to "#{fallback_certificate}.pem"
-    end
-
-    link "/etc/ssl/private/#{name}.key" do
-      to "#{fallback_certificate}.key"
+      manage_symlink_source false
+      force_unlink true
     end
   else
-    template "/tmp/#{name}.ssl.cnf" do
+    template "/tmp/#{new_resource.certificate}.ssl.cnf" do
       cookbook "ssl"
       source "ssl.cnf.erb"
       owner "root"
@@ -66,31 +61,33 @@ action :create do
       mode 0o644
       variables :domains => Array(new_resource.domains)
       not_if do
-        ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
+        ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
       end
     end
 
-    execute "/etc/ssl/certs/#{name}.pem" do
-      command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.name}.key -out /etc/ssl/certs/#{new_resource.name}.pem -days 365 -nodes -config /tmp/#{new_resource.name}.ssl.cnf"
+    execute "/etc/ssl/certs/#{new_resource.certificate}.pem" do
+      command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.certificate}.key -out /etc/ssl/certs/#{new_resource.certificate}.pem -days 365 -nodes -config /tmp/#{new_resource.certificate}.ssl.cnf"
       user "root"
       group "ssl-cert"
       not_if do
-        ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
+        ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
       end
     end
   end
 end
 
 action :delete do
-  file "/etc/ssl/certs/#{name}.pem" do
+  file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
     action :delete
   end
 
-  file "/etc/ssl/private/#{name}.key" do
+  file "/etc/ssl/private/#{new_resource.certificate}.key" do
     action :delete
   end
 end
 
-def letsencrypt
-  @letsencrypt ||= search(:letsencrypt, "id:#{name}").first
+action_class do
+  def letsencrypt
+    @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
+  end
 end