# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
default_action :create
-property :name, String
-property :domains, Array, :required => true
-property :fallback_certificate, String
+property :certificate, String, :name_property => true
+property :domains, [String, Array], :required => true
action :create do
- node.default[:letsencrypt][:certificates][name] = {
- :domains => domains
+ node.default[:letsencrypt][:certificates][new_resource.certificate] = {
+ :domains => Array(new_resource.domains)
}
if letsencrypt
end
if certificate
- file "/etc/ssl/certs/#{name}.pem" do
+ file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
owner "root"
group "root"
mode 0o444
content certificate
backup false
+ manage_symlink_source false
+ force_unlink true
end
- file "/etc/ssl/private/#{name}.key" do
+ file "/etc/ssl/private/#{new_resource.certificate}.key" do
owner "root"
group "ssl-cert"
mode 0o440
content key
backup false
- end
- elsif fallback_certificate
- link "/etc/ssl/certs/#{name}.pem" do
- to "#{fallback_certificate}.pem"
- end
-
- link "/etc/ssl/private/#{name}.key" do
- to "#{fallback_certificate}.key"
+ manage_symlink_source false
+ force_unlink true
end
else
- template "/tmp/#{name}.ssl.cnf" do
+ template "/tmp/#{new_resource.certificate}.ssl.cnf" do
cookbook "ssl"
source "ssl.cnf.erb"
owner "root"
group "root"
mode 0o644
- variables :domains => new_resource.domains
+ variables :domains => Array(new_resource.domains)
not_if do
- ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
+ ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
end
end
- execute "/etc/ssl/certs/#{name}.pem" do
- command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.name}.key -out /etc/ssl/certs/#{new_resource.name}.pem -days 365 -nodes -config /tmp/#{new_resource.name}.ssl.cnf"
+ execute "/etc/ssl/certs/#{new_resource.certificate}.pem" do
+ command "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{new_resource.certificate}.key -out /etc/ssl/certs/#{new_resource.certificate}.pem -days 365 -nodes -config /tmp/#{new_resource.certificate}.ssl.cnf"
user "root"
group "ssl-cert"
not_if do
- ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
+ ::File.exist?("/etc/ssl/certs/#{new_resource.certificate}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.certificate}.key")
end
end
end
end
action :delete do
- file "/etc/ssl/certs/#{name}.pem" do
+ file "/etc/ssl/certs/#{new_resource.certificate}.pem" do
action :delete
end
- file "/etc/ssl/private/#{name}.key" do
+ file "/etc/ssl/private/#{new_resource.certificate}.key" do
action :delete
end
end
-def letsencrypt
- @letsencrypt ||= search(:letsencrypt, "id:#{name}").first
+action_class do
+ def letsencrypt
+ @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
+ end
end