Move SSL certificates to private repository

Having the keys and certificates live in the same place makes
it easier to mock them in the test environment.

diff --git a/cookbooks/ssl/files/default/openstreetmap.pem b/cookbooks/ssl/files/default/openstreetmap.pem
deleted file mode 100644 (file)
index 68b7f14..0000000
--- a/cookbooks/ssl/files/default/openstreetmap.pem
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFfDCCBGSgAwIBAgIQeWB+DWjnV3piZyYD35jm/DANBgkqhkiG9w0BAQsFADBC
-MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
-UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE2MDMwMjAwMDAwMFoXDTE3MDUwMTIzNTk1
-OVowHjEcMBoGA1UEAwwTKi5vcGVuc3RyZWV0bWFwLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALoJ/ZP1Dqdujj8feEV2v8GAyN8CPk+YP0ME7X5g
-dVxTj7bBQjWvMPLT+AhxkTV/oH6h7PCk/Ew97PKcaOIKMmRKkChxDj5FY8iaSc0x
-xc0yGXqVRYalwJ3nh13SRuHLeYJp9shecXmhbRlEt+aTc40y4gbJl9FpP6BbKw+Z
-D34xQusCEHWAnXcH6qefhYyyu3RCposY4MQ6E+dnFxc9GynOhBbpwE4Y9RTavTiU
-TuonIpos5IFx+TNww/WC+tO9L5CwkW/iwJSnSedU2xoBjMLAgltxgIfv2Ft9QmzR
-PfCo7Z5F7CWsEFWBO4Dkcwjmvf03BhejBkO1yT7BZhqVtucCAwEAAaOCApAwggKM
-MDEGA1UdEQQqMCiCEyoub3BlbnN0cmVldG1hcC5vcmeCEW9wZW5zdHJlZXRtYXAu
-b3JnMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2dwLnN5bWNi
-LmNvbS9ncC5jcmwwbwYDVR0gBGgwZjBkBgZngQwBAgEwWjAqBggrBgEFBQcCARYe
-aHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMCwGCCsGAQUFBwICMCAMHmh0
-dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAfBgNVHSMEGDAWgBSXwidQnsLJ
-7AyIMsh8reKmAU/abzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
-L2dwLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2dwLnN5bWNiLmNvbS9n
-cC5jcnQwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDd6x0reg1PpiCLga2BaHB+
-Lo6dAdVciI09EcTNtuy+zAAAAVM36WeoAAAEAwBHMEUCIQDyCov3EC2DzlXjh1N7
-XnNKT6tx9sicItOr1BjmyykHpQIgPkVXb8dwz/UqMmeFpFpbh2TcAhZNlPcU8PzH
-+BB3xzsAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVM36Wfw
-AAAEAwBGMEQCIFwLGSpQJNaYJUOjfLg/WpBVf3NUxbktQz578qan5BPYAiARznbT
-8TUPl/zizdyTkNZxJa06B3+b24ckIzYqV7fsPjANBgkqhkiG9w0BAQsFAAOCAQEA
-FF+9AL681SW7BZLm6peiKcDjN8hIVK8yhG4zOb4emuJXqqr9ms4HL+6BN7XcuatD
-h3AiCb2ZVKSYcMCJm/03RweDi/jXkLSXHnoyukWu1SZehMXReyoIJlNmDVRP/nU0
-MdGTvlCpIrpTEq7A4QB0ImHocjRxa6a/gYjNSQms18/wc0HLKCugs1JgsTlWQrS2
-voYgIqH0nLiPKvxQgqvI69XTb5DsR6b57AjjEfEf9f+z3t5u0bDKwOXDWOmu/tS7
-gVD+GwqjdrOIhKVjFgoPS3/hm2BTUH3jlPUOpjvNPVtFNt8qqlWdk6RmB7USHUZ7
-u2abSKWWlzhmXKob6hXMeQ==
------END CERTIFICATE-----

diff --git a/cookbooks/ssl/files/default/osmfoundation.pem b/cookbooks/ssl/files/default/osmfoundation.pem
deleted file mode 100644 (file)
index fae3688..0000000
--- a/cookbooks/ssl/files/default/osmfoundation.pem
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIIzDCCB7SgAwIBAgIHBsLao8VPUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
-BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
-aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
-YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDIyMTAz
-MDg1OFoXDTE3MDIyMTAwNDk1OFowgacxCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpC
-aXJtaW5naGFtMRkwFwYDVQQHExBTdXR0b24gQ29sZGZpZWxkMSEwHwYDVQQKExhP
-cGVuU3RyZWV0TWFwIEZvdW5kYXRpb24xHDAaBgNVBAMUEyoub3NtZm91bmRhdGlv
-bi5vcmcxJzAlBgkqhkiG9w0BCQEWGGFkbWluc0BvcGVuc3RyZWV0bWFwLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJuxe5wR46CZT0V6j6mTiRf2
-14sK3tPuYsd88RplllgPpBFBBgbXaQHye/65b+TBKTwi1gaOFl9dwwa//Zo0iser
-rz+vO2/NKVnJVfZoP6X3TOGMGAssHxWsaPVaD/Kju91B6oC+8XlN3US2Pyzizt6M
-C7SqS31xd8xyKjgStqflvP3Wc8Xz0cjvAi/K32O2FbgNgslQHCFM5AY+B5BG5+7S
-fgRetFbpPukmCX153DlaZEV9cYHAk6Qho+4RyOxuIrSoWl/vIl3oOT2MSjqogJRm
-tiM+zAUYoZpuuG8fieyIFAmaFsuK7wb/ZBPgoVlG2K9v79aM9w97K70Ri4t+5SMC
-AwEAAaOCBRQwggUQMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQG
-CCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUYRF/TPT7QpZHP10ciyUfzpmZ
-5nUwHwYDVR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwggJOBgNVHREEggJF
-MIICQYITKi5vc21mb3VuZGF0aW9uLm9yZ4IRb3NtZm91bmRhdGlvbi5vcmeCEW9w
-ZW5zdHJlZXRtYXAub3JnghZibG9nLm9wZW5zdHJlZXRtYXAub3Jnggdvc20ub3Jn
-ggxibG9nLm9zbS5vcmeCFmJsb2cub3NtZm91bmRhdGlvbi5vcmeCDnN3aXRjaDJv
-c20ub3JnghFzdGF0ZW9mdGhlbWFwLmNvbYIPb3Blbmdlb2RhdGEub3JnghFzdGF0
-ZW9mdGhlbWFwLm9yZ4IZdGhpbmt1cC5vcGVuc3RyZWV0bWFwLm9yZ4IPdGhpbmt1
-cC5vc20ub3JnghZvdHJzLm9wZW5zdHJlZXRtYXAub3JnggxvdHJzLm9zbS5vcmeC
-HGZvdW5kYXRpb24ub3BlbnN0cmVldG1hcC5vcmeCEmZvdW5kYXRpb24ub3NtLm9y
-Z4ITKi5zdGF0ZW9mdGhlbWFwLmNvbYITKi5zdGF0ZW9mdGhlbWFwLm9yZ4IQKi5z
-d2l0Y2gyb3NtLm9yZ4IOc3dpdGNoMm9zbS5jb22CECouc3dpdGNoMm9zbS5jb22C
-Em9wZW5zdHJlZXRtYXBzLm9yZ4IXYmxvZy5vcGVuc3RyZWV0bWFwcy5vcmeCEW9w
-ZW5zdHJlZXRtYXAuY29tghZibG9nLm9wZW5zdHJlZXRtYXAuY29tghEqLm9wZW5n
-ZW9kYXRhLm9yZ4IRb3BlbnN0cmVldG1hcC5uZXSCFmJsb2cub3BlbnN0cmVldG1h
-cC5uZXQwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEEAYG1NwEC
-AzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGlj
-eS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
-b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9m
-IHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBp
-bnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy
-dHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuc3Rh
-cnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEF
-BQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvc2VydmVy
-L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9z
-dWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z
-dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAfe1P5cQXxgiaT2kNBIkCF
-LVIu8UCZnpkipshwuL8+TXQ0HGUC10Mw/sg6bSAMkBhtE7ffypBlgmI49FHmekae
-eAwygd1uubzInmtrXWhpNmQ3M4W53RJlOeU98TMkJiUcqx2kqBFyYbvT2G6u2nxQ
-6U9ytr2VZF59iQ9tE9hDM+aqVPjMQdk45TKdraDu1MW0Q/zRPBp+FLn7+nl83Zdd
-HEk0+GC4+fU4L5luprtmlkSESA2+beQ613OzKcwYMfClPCRTTooJbgK1OShRCgYm
-gqEPJj20V0So8A1pTcLB2VQ68Fwrj5ckqJrjXN1djneWcnIFzEG9UvJlCKxd2pPc
------END CERTIFICATE-----

diff --git a/cookbooks/ssl/files/default/tile.openstreetmap.pem b/cookbooks/ssl/files/default/tile.openstreetmap.pem
deleted file mode 100644 (file)
index 8b12394..0000000
--- a/cookbooks/ssl/files/default/tile.openstreetmap.pem
+++ /dev/null
@@ -1,53 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEszCCA5ugAwIBAgIDBG0mMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
-NTYgQ0EgLSBHMzAeFw0xNTA1MTYwNzI4MDZaFw0xNzEwMjAxODE4MDFaMIGcMRMw
-EQYDVQQLEwpHVDEwOTU2Njk3MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
-bS9yZXNvdXJjZXMvY3BzIChjKTEzMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
-YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEhMB8GA1UEAwwYKi50aWxlLm9wZW5zdHJl
-ZXRtYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW5uaqU3
-viA8NeRI3mFetA7LAruts+aXZhdtV2EBbdzlGEXN8qtolaI598EijEW/NP2dE0ra
-F5oNpRCwfj8dDDVoDZg3rD+aHARyYFH2ayOKoRs1zHeOKq7AsKbXfhWZCorrBQWU
-oGbhbuoHS0sId/XD7oIcWGxwJ7dRWteGLZ8bxLjD3jADmHecivhKWo9P/Yxl0ClM
-7QzWIIfwYI2HQh6OzR4rIiNjj3AbKuJUu8pHkv+QzxQXeywfG00BvTzzmAh5xE2c
-ENsvQZfhz0skkTPji6c2SBu74Pa624kNr4DcTh6AqZ7Xkb0zl4oPZT18bptU2B3g
-QdHLNOoaIqqWAQIDAQABo4IBUDCCAUwwHwYDVR0jBBgwFoAUw5zz/NNGCDS7zkZ/
-oHxb8+IIy1kwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ3Yu
-c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNy
-dDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MCMGA1UdEQQcMBqCGCoudGlsZS5vcGVuc3RyZWV0bWFwLm9yZzArBgNVHR8EJDAi
-MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA
-MEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3
-LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEAdOLnsmq6XjOU
-+ML8ZmbmI3oYuhU01y6fihGW/oQb6UkcRqkyIDIPKpDgeVldG+4ueTktOQPZc/0P
-Drd2tDfc2UbAHjZpT/RmHr3it7Dj50yhYoxviYOhA5QHIovduItuJOggxWFhz5Cw
-mkAPEqe/zTChLV/+c27tPH5ryM6JEGtf7rJV1nw7GJO/lp6f3oYQp9SmetWO/X9e
-mZxxR3bQ4XkP+Oiepqt2h/H+iDpgXAf9IzafKQI7+Pxg3dRQyYH1xRGVKuKrS57E
-97a0n82hjYnv8MBBMaKoFEprRGsaYwsdjuZ8vKwazL3LDZuRnQ+maLmfxGKk3xKN
-WosZFIqm8g==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
-U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
-VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
-SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
-1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
-DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
-QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
-YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
-qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
-VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
-JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
-BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
-MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
-dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
-rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
-fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
-kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
-uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
-ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
-gP8L8mJMcCaY
------END CERTIFICATE-----

diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index 33c9bcb14a657e196a496f27023b2ea8aaf82d13..976db154b3fc5522ae77a8fbd970aa3507bcd9d0 100644 (file)
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -18,6 +18,7 @@
 #
 
 keys = data_bag_item("ssl", "keys")
+certs = data_bag_item("ssl", "certs")
 
 package "openssl"
 package "ssl-cert"
@@ -33,10 +34,11 @@ end
 
 ["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate|
   if node[:ssl][:certificates].include?(certificate)
-    cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
+    file "/etc/ssl/certs/#{certificate}.pem" do
       owner "root"
       group "root"
       mode 0o444
+      content certs[certificate].join("\n")
       backup false
     end