summaryrefslogtreecommitdiff
path: root/provider_base/common.rb
blob: a8cc6717a5fa9abac67926cc358cd906def10b3a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

##
## common.rb -- evaluated (last) for every node.
##
## Because common.rb is evaluated last, it is good practice to only modify
## values here if they are empty. This gives a chance for tags and services
## to set values.
##

#
# X509 server certificates that use our own CA
#

if self['x509.use']
  if self['x509.cert'].nil?
    self.set('x509.cert', lambda{file(
      :node_x509_cert,
      :missing => "x509 certificate for node $node. Run `leap cert update` to generate it."
    )})
  end
  if self['x509.key'].nil?
    self.set('x509.key', lambda{file(
     :node_x509_key,
      :missing => "x509 key for node $node. Run `leap cert update` to generate it."
    )})
  end
else
  self.set('x509.cert', nil)
  self.set('x509.key', nil)
end

#
# X509 server certificates that use an external CA
#

if self['x509.use_commercial']
  domain = self['webapp.domain'] || self['domain.full_suffix']
  if self['x509.commercial_cert'].nil?
    self.set('x509.commercial_cert', lambda{file(
      [:commercial_cert, domain],
      :missing => "commercial x509 certificate for node `$node`. " +
        "Add file $file, or run `leap cert csr %s`." % domain
    )})
  end
  if self['x509.commercial_key'].nil?
    self.set('x509.commercial_key', lambda{file(
      [:commercial_key, domain],
      :missing => "commercial x509 key for node `$node`. " +
        "Add file $file, or run `leap cert csr %s`" % domain
    )})
  end

  #
  # the content of x509.commercial_cert might include the cert
  # and the full CA chain, or it might just be the cert only.
  #
  # if it is the cert only, then we want to additionally specify
  # 'commercial_ca_cert'. Otherwise, we leave this empty.
  #
  if self['x509.commercial_ca_cert'].nil?
    self.set('x509.commercial_ca_cert', lambda{
      if self['x509.commercial_cert'].scan(/BEGIN CERTIFICATE/).length == 1
        try_file(:commercial_ca_cert)
      else
        nil
      end
    })
  end
else
  self.set('x509.commercial_cert', nil)
  self.set('x509.commercial_key', nil)
  self.set('x509.commercial_ca_cert', nil)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 01:50:29 +0000