updated acme state

2022-10-01 20:10:31 +02:00 · 2022-10-01 20:10:31 +02:00 · 9c5eb47a4f
commit 9c5eb47a4f
parent afff59da88
4 changed files with 23 additions and 15 deletions
--- a/states/_states/pki.py
+++ b/states/_states/pki.py
@ -8,6 +8,7 @@ def fetched(name=None,
            username=None,
            password=None,
            domains=None,
+            certfile=None,
            fullcertfile=None,
            keyfile=None):

@ -22,25 +23,30 @@ def fetched(name=None,
    currentkey = None
    domain_concat = ",".join(domains)

-    currentcert = __salt__['pki.get_file_content'](checkfile=fullcertfile)
+    currentcert = __salt__['pki.get_file_content'](checkfile=certfile)
    currentkey = __salt__['pki.get_file_content'](checkfile=keyfile)

    newcert, newkey = __salt__['pki.get_pki_cert'](url=url,
                                                   username=username,
                                                   password=password,
                                                   domains=domain_concat)
+    newfullcert = f"{newcert}\n\n{newkey}"

    if all([newcert,newkey]):
        if currentcert != newcert or currentkey != newkey:
-            wcert = __salt__['pki.write_file_content'](newcert, fullcertfile)
+            wcert = __salt__['pki.write_file_content'](newcert, certfile)
            wkey = __salt__['pki.write_file_content'](newkey, keyfile)
+            wfullcert = __salt__['pki.write_file_content'](newfullcert, fullcertfile)

-            ret["changes"]["old"] = "\n".join([currentcert, currentkey])
+            if currentcert and currentkey:
+                ret["changes"]["old"] = "\n".join([currentcert, currentkey])
+            else:
+                ret["changes"]["old"] = ""
            ret["changes"]["new"] = "\n".join([newcert, newkey])
            ret["changes"]["diff"] = get_diff(ret["changes"]["old"],
                                              ret["changes"]["new"])
            ret["comment"] = "Updated certificates and keys"
-            ret["result"] = all([wcert, wkey])
+            ret["result"] = all([wcert, wkey, wfullcert])
        else:
            ret["comment"] = "Config is good and not changed"
            ret["result"] = True
--- a/states/acme/defaults.yaml
+++ b/states/acme/defaults.yaml
@ -8,11 +8,7 @@ acme:
  dh:
    path: "/etc/acme/dh/dh.pem"
    keysize: 2048
-  keysize: 4096
-  domains: []
-  dns: "dns_provider"
-  fullcertfile: "/etc/acme/certs/certificate.crt"
-  keyfile: "/etc/acme/keys/private.key"
+  certificates: {}
  provider:
    api:
      application_key: "test"
--- a/states/acme/pkic.py.j2
+++ b/states/acme/pkic.py.j2
@ -10,9 +10,12 @@ FULLCERTFILE=os.environ.get("FULLCERTFILE")
 KEYFILE=os.environ.get("KEYFILE")
 USERNAME=os.environ.get("USERNAME")
 PASSWORD=os.environ.get("PASSWORD")
+MERGE=eval(os.environ.get("MERGE"))

 def main():
-  res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD))
+  res = requests.request(method="GET",
+                       url=f"{URL}/domain/{DOMAINS}",
+                       auth=(USERNAME, PASSWORD))
  resj = res.json()

  try:
--- a/states/acme/pkic.sls
+++ b/states/acme/pkic.sls
@ -1,12 +1,15 @@
 # vim:syntax=yaml
 {%- from "acme/map.jinja" import acme with context %}
 ---
-pki-fetched:
+{% for k, v in acme.certificates.items() %}
+pki-fetched-{{ k }}:
  pki.fetched:
-    - name: pki-fetched
+    - name: pki-fetched-nginx
    - url: {{ acme.provider.pki.url }}
    - username: {{ acme.provider.pki.username }}
    - password: {{ acme.provider.pki.password }}
-    - domains: {{ acme.domains }}
-    - fullcertfile: {{ acme.fullcertfile }}
-    - keyfile: {{ acme.keyfile }}
+    - domains: {{ v.domains }}
+    - certfile: {{ v.certfile }}
+    - fullcertfile: {{ v.fullcertfile }}
+    - keyfile: {{ v.keyfile }}
+{% endfor %}