Puppet Function: profile::pki::get_cert

Defined in:
modules/profile/functions/pki/get_cert.pp
Function type:
Puppet Language

Summary

Ensure certificate is created and return a hash of the relevant paths

Overview

profile::pki::get_cert(String $label = 'discovery', String $common_name = $facts['networking']['fqdn'], Hash $additional_params = {})Hash

SPDX-License-Identifier: Apache-2.0

Parameters:

  • label (String) (defaults to: 'discovery')

    the CA label to use

  • label (defaults to: 'discovery')

    The cfssl CA label to use, this take precedent to over additional_params

  • A

    common name to use for the certificate, this take precedent to over additional_params

  • additional_params (Hash) (defaults to: {})

    a hash of additional parameters to pass to cfssl::cert.

  • common_name (String) (defaults to: $facts['networking']['fqdn'])

Returns:

  • (Hash) 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'modules/profile/functions/pki/get_cert.pp', line 7

function profile::pki::get_cert(
  String $label             = 'discovery',
  String $common_name       = $facts['networking']['fqdn'],
  Hash   $additional_params = {},
) >> Hash {
  # need this to access:
  # $profile::pki::client::ensure
  # and profile::pli::client -> cfssl::client -> cfssl
  # $cfssl::ssl_dir
  include profile::pki::client
  unless $profile::pki::client::ensure == 'present' {
    fail("profile::pki::client::ensure must be present to use this function.  called by ${caller_module_name}")
  }
  $safe_title = 'profile' in $additional_params ? {
      true    => "${label}__${common_name}_${additional_params['profile']}".regsubst('[^\w\-]', '_', 'G'),
      default => "${label}__${common_name}".regsubst('[^\w\-]', '_', 'G'),
  }
  $safe_label = $label.regsubst('\W', '_', 'G')

  ensure_resource('cfssl::cert', $safe_title, $additional_params + {
    'common_name'   => $common_name,
    'label'         => $safe_label,
    'provide_chain' => true,
  })
  $outdir = $additional_params['outdir'] ? {
    undef   => "${cfssl::ssl_dir}/${safe_title}",
    default => $additional_params['outdir'],
  }
  $path = {
    'cert'    => "${outdir}/${safe_title}.pem",
    'key'     => "${outdir}/${safe_title}-key.pem",
    'chain'   => "${outdir}/${safe_title}.chain.pem",
    'chained' => "${outdir}/${safe_title}.chained.pem",
  }
  $path
}