6 files changed, 43 insertions, 36 deletions

diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
index 3b376839..6059453b 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
@@ -16,9 +16,9 @@
   SSLHonorCipherOrder on
 
   SSLCACertificatePath /etc/ssl/certs
-  SSLCertificateChainFile /etc/ssl/certs/leap_webapp.pem
-  SSLCertificateKeyFile /etc/x509/keys/leap_webapp.key
-  SSLCertificateFile /etc/x509/certs/leap_webapp.crt
+  SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::commercial_ca_name') %>.crt
+  SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.key
+  SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt 
 
   RequestHeader set X_FORWARDED_PROTO 'https'
 
diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp
index 008a4e1f..59a161e8 100644
--- a/puppet/modules/site_config/manifests/params.pp
+++ b/puppet/modules/site_config/manifests/params.pp
@@ -23,8 +23,10 @@ class site_config::params {
     fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json")
   }
 
-  $ca_name          = 'leap_ca'
-  $client_ca_name   = 'leap_client_ca'
-  $ca_bundle_name   = 'leap_ca_bundle'
-  $cert_name        = 'leap'
+  $ca_name              = 'leap_ca'
+  $client_ca_name       = 'leap_client_ca'
+  $ca_bundle_name       = 'leap_ca_bundle'
+  $cert_name            = 'leap'
+  $commercial_ca_name   = 'leap_commercial_ca'
+  $commercial_cert_name = 'leap_commercial'
 }
diff --git a/puppet/modules/site_config/manifests/x509/commercial/ca.pp b/puppet/modules/site_config/manifests/x509/commercial/ca.pp
new file mode 100644
index 00000000..8f35759f
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/commercial/ca.pp
@@ -0,0 +1,9 @@
+class site_config::x509::commercial::ca {
+
+  $x509      = hiera('x509')
+  $ca        = $x509['commercial_ca_cert']
+
+  x509::ca { $site_config::params::commercial_ca_name:
+    content => $ca
+  }
+}
diff --git a/puppet/modules/site_config/manifests/x509/commercial/cert.pp b/puppet/modules/site_config/manifests/x509/commercial/cert.pp
new file mode 100644
index 00000000..0c71a705
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/commercial/cert.pp
@@ -0,0 +1,10 @@
+class site_config::x509::commercial::cert {
+
+  $x509      = hiera('x509')
+  $cert      = $x509['commercial_cert']
+
+  x509::cert { $site_config::params::commercial_cert_name:
+    content => $cert
+  }
+
+}
diff --git a/puppet/modules/site_config/manifests/x509/commercial/key.pp b/puppet/modules/site_config/manifests/x509/commercial/key.pp
new file mode 100644
index 00000000..d32e85ef
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/commercial/key.pp
@@ -0,0 +1,9 @@
+class site_config::x509::commercial::key {
+
+  $x509      = hiera('x509')
+  $key       = $x509['commercial_key']
+
+  x509::key { $site_config::params::commercial_cert_name:
+    content => $key
+  }
+}
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp
index 062344d7..6a199b9e 100644
--- a/puppet/modules/site_webapp/manifests/apache.pp
+++ b/puppet/modules/site_webapp/manifests/apache.pp
@@ -7,20 +7,14 @@ class site_webapp::apache {
   $web_domain       = hiera('domain')
   $domain_name      = $web_domain['name']
 
-  $x509             = hiera('x509')
-  $commercial_key   = $x509['commercial_key']
-  $commercial_cert  = $x509['commercial_cert']
-  $commercial_root  = $x509['commercial_ca_cert']
-
-  include site_config::x509::cert
-  include site_config::x509::key
-  include site_config::x509::ca
-
   include x509::variables
+  include site_config::x509::commercial::cert
+  include site_config::x509::commercial::key
+  include site_config::x509::commercial::ca
 
-  X509::Cert[$site_config::params::cert_name] ~> Service[apache]
-  X509::Key[$site_config::params::cert_name]  ~> Service[apache]
-  X509::Ca[$site_config::params::ca_name]  ~> Service[apache]
+  Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
 
   class { '::apache': no_default_site => true, ssl => true }
 
@@ -40,21 +34,4 @@ class site_webapp::apache {
       content => template('site_apache/vhosts.d/api.conf.erb')
   }
 
-  x509::key {
-    'leap_webapp':
-      content => $commercial_key,
-      notify  => Service[apache];
-  }
-
-  x509::cert {
-    'leap_webapp':
-      content => $commercial_cert,
-      notify  => Service[apache];
-  }
-
-  x509::ca {
-    'leap_webapp':
-      content => $commercial_root,
-      notify  => Service[apache];
-  }
 }