diff --git a/states/_states/pki.py b/states/_states/pki.py index a8fb910..42544c5 100644 --- a/states/_states/pki.py +++ b/states/_states/pki.py @@ -8,6 +8,7 @@ def fetched(name=None, username=None, password=None, domains=None, + certfile=None, fullcertfile=None, keyfile=None): @@ -22,25 +23,30 @@ def fetched(name=None, currentkey = None domain_concat = ",".join(domains) - currentcert = __salt__['pki.get_file_content'](checkfile=fullcertfile) + currentcert = __salt__['pki.get_file_content'](checkfile=certfile) currentkey = __salt__['pki.get_file_content'](checkfile=keyfile) newcert, newkey = __salt__['pki.get_pki_cert'](url=url, username=username, password=password, domains=domain_concat) + newfullcert = f"{newcert}\n\n{newkey}" if all([newcert,newkey]): if currentcert != newcert or currentkey != newkey: - wcert = __salt__['pki.write_file_content'](newcert, fullcertfile) + wcert = __salt__['pki.write_file_content'](newcert, certfile) wkey = __salt__['pki.write_file_content'](newkey, keyfile) + wfullcert = __salt__['pki.write_file_content'](newfullcert, fullcertfile) - ret["changes"]["old"] = "\n".join([currentcert, currentkey]) + if currentcert and currentkey: + ret["changes"]["old"] = "\n".join([currentcert, currentkey]) + else: + ret["changes"]["old"] = "" ret["changes"]["new"] = "\n".join([newcert, newkey]) ret["changes"]["diff"] = get_diff(ret["changes"]["old"], ret["changes"]["new"]) ret["comment"] = "Updated certificates and keys" - ret["result"] = all([wcert, wkey]) + ret["result"] = all([wcert, wkey, wfullcert]) else: ret["comment"] = "Config is good and not changed" ret["result"] = True diff --git a/states/acme/defaults.yaml b/states/acme/defaults.yaml index 023cbba..226ad48 100644 --- a/states/acme/defaults.yaml +++ b/states/acme/defaults.yaml @@ -8,11 +8,7 @@ acme: dh: path: "/etc/acme/dh/dh.pem" keysize: 2048 - keysize: 4096 - domains: [] - dns: "dns_provider" - fullcertfile: "/etc/acme/certs/certificate.crt" - keyfile: "/etc/acme/keys/private.key" + certificates: {} provider: api: application_key: "test" diff --git a/states/acme/pkic.py.j2 b/states/acme/pkic.py.j2 index be89b35..0f39ad8 100644 --- a/states/acme/pkic.py.j2 +++ b/states/acme/pkic.py.j2 @@ -10,9 +10,12 @@ FULLCERTFILE=os.environ.get("FULLCERTFILE") KEYFILE=os.environ.get("KEYFILE") USERNAME=os.environ.get("USERNAME") PASSWORD=os.environ.get("PASSWORD") +MERGE=eval(os.environ.get("MERGE")) def main(): - res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD)) + res = requests.request(method="GET", + url=f"{URL}/domain/{DOMAINS}", + auth=(USERNAME, PASSWORD)) resj = res.json() try: diff --git a/states/acme/pkic.sls b/states/acme/pkic.sls index 1e29015..6d6e564 100644 --- a/states/acme/pkic.sls +++ b/states/acme/pkic.sls @@ -1,12 +1,15 @@ # vim:syntax=yaml {%- from "acme/map.jinja" import acme with context %} --- -pki-fetched: +{% for k, v in acme.certificates.items() %} +pki-fetched-{{ k }}: pki.fetched: - - name: pki-fetched + - name: pki-fetched-nginx - url: {{ acme.provider.pki.url }} - username: {{ acme.provider.pki.username }} - password: {{ acme.provider.pki.password }} - - domains: {{ acme.domains }} - - fullcertfile: {{ acme.fullcertfile }} - - keyfile: {{ acme.keyfile }} \ No newline at end of file + - domains: {{ v.domains }} + - certfile: {{ v.certfile }} + - fullcertfile: {{ v.fullcertfile }} + - keyfile: {{ v.keyfile }} +{% endfor %} \ No newline at end of file