Commit d4cc5c79 authored by Łukasz Nowak's avatar Łukasz Nowak

stack/caucase: Support CSR as a file

Allow to pass template_csr as a file, as it is useful for some cases.
parent c70b053f
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[caucase-jinja2-library] [caucase-jinja2-library]
filename = caucase.jinja2.library filename = caucase.jinja2.library
md5sum = 75924c5d350c6941f09a21319725e276 md5sum = a59974ee732ca2c73a74f4141bb65dc2
...@@ -49,6 +49,7 @@ command-line = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc }} ...@@ -49,6 +49,7 @@ command-line = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc }}
on_renew=None, on_renew=None,
max_sleep=None, max_sleep=None,
mode='service', mode='service',
template_csr=None,
template_csr_pem=None, template_csr_pem=None,
openssl=None openssl=None
) -%} ) -%}
...@@ -56,17 +57,24 @@ command-line = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc }} ...@@ -56,17 +57,24 @@ command-line = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc }}
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
data-dir = {{ data_dir }} data-dir = {{ data_dir }}
{% if template_csr_pem -%} {% if template_csr_pem or template_csr -%}
[{{ prefix }}-provided-csr-content] [{{ prefix }}-provided-csr-content]
{% if template_csr_pem %}
content = {{ dumps(template_csr_pem) }} content = {{ dumps(template_csr_pem) }}
{% elif template_csr %}
content = {{ template_csr }}
Please register or sign in to reply
{% endif %}
[{{ prefix }}-provided-csr] [{{ prefix }}-provided-csr]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
mode = 644 mode = 644
{% if template_csr_pem %}
template = inline:{{ '{{ content }}' }} template = inline:{{ '{{ content }}' }}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
context = key content {{ prefix }}-provided-csr-content:content context = key content {{ prefix }}-provided-csr-content:content
{% elif template_csr %}
template = {{ '${' + prefix }}-provided-csr-content:content}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
{% endif %}
{{ rerequest( {{ rerequest(
prefix=prefix ~ '-csr', prefix=prefix ~ '-csr',
buildout_bin_directory=buildout_bin_directory, buildout_bin_directory=buildout_bin_directory,
......
  • I'm tempted to split these arguments in 2 parts:

    • one which decides the file path & name
    • the other which decides what to write in it

    So this gives something like:

    template_csr template_csr_pem Meaning
    None None Auto-generate CSR wherever
    None X Use this CSR data wherever
    Y None Use this pre-existing CSR file
    Y X Can behave like "Store pre-existing CSR in this file" without being too surprising to user, although they should really not reuse CSRs
  • mentioned in merge request nexedi/slapos!434 (merged)

    Toggle commit list
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment