updated acme state

states/_states/pki.py

@@ -8,6 +8,7 @@ def fetched(name=None,
             username=None,
             password=None,
             domains=None,
+            certfile=None,
             fullcertfile=None,
             keyfile=None):
 
@@ -22,25 +23,30 @@ def fetched(name=None,
     currentkey = None
     domain_concat = ",".join(domains)
 
-    currentcert = __salt__['pki.get_file_content'](checkfile=fullcertfile)
+    currentcert = __salt__['pki.get_file_content'](checkfile=certfile)
     currentkey = __salt__['pki.get_file_content'](checkfile=keyfile)
 
     newcert, newkey = __salt__['pki.get_pki_cert'](url=url,
                                                    username=username,
                                                    password=password,
                                                    domains=domain_concat)
+    newfullcert = f"{newcert}\n\n{newkey}"
 
     if all([newcert,newkey]):
         if currentcert != newcert or currentkey != newkey:
-            wcert = __salt__['pki.write_file_content'](newcert, fullcertfile)
+            wcert = __salt__['pki.write_file_content'](newcert, certfile)
             wkey = __salt__['pki.write_file_content'](newkey, keyfile)
+            wfullcert = __salt__['pki.write_file_content'](newfullcert, fullcertfile)
 
-            ret["changes"]["old"] = "\n".join([currentcert, currentkey])
+            if currentcert and currentkey:
+                ret["changes"]["old"] = "\n".join([currentcert, currentkey])
+            else:
+                ret["changes"]["old"] = ""
             ret["changes"]["new"] = "\n".join([newcert, newkey])
             ret["changes"]["diff"] = get_diff(ret["changes"]["old"],
                                               ret["changes"]["new"])
             ret["comment"] = "Updated certificates and keys"
-            ret["result"] = all([wcert, wkey])
+            ret["result"] = all([wcert, wkey, wfullcert])
         else:
             ret["comment"] = "Config is good and not changed"
             ret["result"] = True

states/acme/defaults.yaml

@@ -8,11 +8,7 @@ acme:
   dh:
     path: "/etc/acme/dh/dh.pem"
     keysize: 2048
-  keysize: 4096
+  certificates: {}
-  domains: []
-  dns: "dns_provider"
-  fullcertfile: "/etc/acme/certs/certificate.crt"
-  keyfile: "/etc/acme/keys/private.key"
   provider:
     api:
       application_key: "test"

states/acme/pkic.py.j2

@@ -10,9 +10,12 @@ FULLCERTFILE=os.environ.get("FULLCERTFILE")
 KEYFILE=os.environ.get("KEYFILE")
 USERNAME=os.environ.get("USERNAME")
 PASSWORD=os.environ.get("PASSWORD")
+MERGE=eval(os.environ.get("MERGE"))
 
 def main():
-  res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD))
+  res = requests.request(method="GET",
+                       url=f"{URL}/domain/{DOMAINS}",
+                       auth=(USERNAME, PASSWORD))
   resj = res.json()
 
   try:

states/acme/pkic.sls

@@ -1,12 +1,15 @@
 # vim:syntax=yaml
 {%- from "acme/map.jinja" import acme with context %}
 ---
-pki-fetched:
+{% for k, v in acme.certificates.items() %}
+pki-fetched-{{ k }}:
   pki.fetched:
-    - name: pki-fetched
+    - name: pki-fetched-nginx
     - url: {{ acme.provider.pki.url }}
     - username: {{ acme.provider.pki.username }}
     - password: {{ acme.provider.pki.password }}
-    - domains: {{ acme.domains }}
+    - domains: {{ v.domains }}
-    - fullcertfile: {{ acme.fullcertfile }}
+    - certfile: {{ v.certfile }}
-    - keyfile: {{ acme.keyfile }}
+    - fullcertfile: {{ v.fullcertfile }}
+    - keyfile: {{ v.keyfile }}
+{% endfor %}