#!/usr/bin/python3 from salt.utils.stringutils import get_diff def fetched(name=None, url="http://pki", username=None, password=None, domains=None, certfile=None, fullcertfile=None, keyfile=None): ret = { 'name': name, 'changes': {}, 'result': False, 'comment': 'Config is not up to date' } currentcert = None currentkey = None currentcert = __salt__['pki.get_file_content'](checkfile=certfile) currentkey = __salt__['pki.get_file_content'](checkfile=keyfile) currentfullcert = __salt__['pki.get_file_content'](checkfile=fullcertfile) newcert, newkey = __salt__['pki.get_pki_cert'](url=url, username=username, password=password, domains=domains) newfullcert = f"{newcert}\n\n{newkey}" if all([newcert,newkey,newfullcert]): if currentcert != newcert or currentkey != newkey or currentfullcert != newfullcert: wcert = __salt__['pki.write_file_content'](newcert, certfile) wkey = __salt__['pki.write_file_content'](newkey, keyfile) wfullcert = __salt__['pki.write_file_content'](newfullcert, fullcertfile) if currentcert and currentkey: ret["changes"]["old"] = "\n".join([currentcert, currentkey]) else: ret["changes"]["old"] = "" ret["changes"]["new"] = "\n".join([newcert, newkey]) ret["changes"]["diff"] = get_diff(ret["changes"]["old"], ret["changes"]["new"]) ret["comment"] = "Updated certificates and keys" ret["result"] = all([wcert, wkey, wfullcert]) else: ret["comment"] = "Config is good and not changed" ret["result"] = True else: ret["comment"] = "Error fetching in certificate / key length" return ret return ret