X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/aeaa46f3071de018b5c5e0f5678cb5b4082e3ddc..9c48ae6b9154acb9aeb57cb94fb2fae5a88b9c8d:/cookbooks/ssl/resources/certificate.rb?ds=inline diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb index fd1bff0e4..f2fb4784c 100644 --- a/cookbooks/ssl/resources/certificate.rb +++ b/cookbooks/ssl/resources/certificate.rb @@ -17,14 +17,16 @@ # limitations under the License. # +unified_mode true + default_action :create property :certificate, String, :name_property => true -property :domains, [String, Array], :required => true +property :domains, [String, Array], :required => [:create] action :create do node.default[:letsencrypt][:certificates][new_resource.certificate] = { - :domains => Array(new_resource.domains) + :domains => domains } if letsencrypt @@ -53,7 +55,7 @@ action :create do force_unlink true end else - alt_names = new_resource.domains.collect { |domain| "DNS:#{domain}" } + alt_names = domains.collect { |domain| "DNS:#{domain}" } openssl_x509_certificate "/etc/ssl/certs/#{new_resource.certificate}.pem" do key_file "/etc/ssl/private/#{new_resource.certificate}.key" @@ -62,7 +64,7 @@ action :create do mode "640" org "OpenStreetMap" email "operations@osmfoundation.org" - common_name new_resource.domains.first + common_name domains.first subject_alt_name alt_names extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true }, "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true } @@ -84,4 +86,8 @@ action_class do def letsencrypt @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first end + + def domains + Array(new_resource.domains) + end end