Defined Type: cfssl::config

Defined in:
modules/cfssl/manifests/config.pp

Overview

Parameters:

  • auth_keys (Hash[String, Cfssl::Auth_key]) (defaults to: {})
  • ensure (Wmflib::Ensure) (defaults to: 'present')
  • default_auth_key (String) (defaults to: 'default_auth')
  • default_usages (Array[Cfssl::Usage]) (defaults to: [])
  • default_auth_remote (Hash[String, String]) (defaults to: {})
  • profiles (Hash[String, Cfssl::Profile]) (defaults to: {})
  • remotes (Hash[String, Stdlib::HTTPUrl]) (defaults to: {})
  • default_expiry (Optional[Cfssl::Expiry]) (defaults to: undef)
  • default_crl_url (Optional[Stdlib::HTTPUrl]) (defaults to: undef)
  • default_ocsp_url (Optional[Stdlib::HTTPUrl]) (defaults to: undef)
  • path (Optional[Stdlib::Unixpath]) (defaults to: undef)


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'modules/cfssl/manifests/config.pp', line 3

define cfssl::config (
    Wmflib::Ensure                $ensure              = 'present',
    String                        $default_auth_key    = 'default_auth',
    Array[Cfssl::Usage]           $default_usages      = [],
    Hash[String, String]          $default_auth_remote = {},
    Hash[String, Cfssl::Auth_key] $auth_keys           = {},
    Hash[String, Cfssl::Profile]  $profiles            = {},
    Hash[String, Stdlib::HTTPUrl] $remotes             = {},
    Optional[Cfssl::Expiry]       $default_expiry      = undef,
    Optional[Stdlib::HTTPUrl]     $default_crl_url     = undef,
    Optional[Stdlib::HTTPUrl]     $default_ocsp_url    = undef,
    Optional[Stdlib::Unixpath]    $path                = undef,
) {
    unless $auth_keys.has_key($default_auth_key) {
        fail("auth_keys must have an entry for '${default_auth_key}'")
    }
    include cfssl
    $safe_title = $title.regsubst('\W', '_', 'G')
    $_path = $path ? {
        undef   => "${cfssl::conf_dir}/${safe_title}.conf",
        default => $path,
    }
    $default = {
        'auth_key'    => $default_auth_key,
        'usages'      => $default_usages,
        'expiry'      => $default_expiry,
        'crl_url'     => $default_crl_url,
        'ocsp_url'    => $default_ocsp_url,
        'auth_remote' => $default_auth_remote,
    }.filter |$key, $value| { $value =~ Boolean or !$value.empty() }
    # make sure all profiles use the default auth key
    # first map to an array of [key, values] then convert to a hash
    $_profiles = Hash($profiles.map |$key, $value| {
        [$key, {'auth_key' => $default_auth_key} + $value]
    })
    $signing = {
        'default'  => $default,
        'profiles' => $_profiles,
    }.filter |$key, $value| { $value =~ Boolean or !$value.empty() }
    $config = {
        'auth_keys' => $auth_keys,
        'signing'   => $signing,
        'remotes'   => $remotes,
    }.filter |$key, $value| { $value =~ Boolean or !$value.empty() }
    file{$_path:
        ensure  => $ensure,
        owner   => root,
        group   => root,
        mode    => '0440',
        content => $config.to_json(),
    }
}