Skip to content

Commit

Permalink
Merge pull request #225 from ekohl/array-parameters
Browse files Browse the repository at this point in the history
Pass openssl commands as an array
  • Loading branch information
bastelfreak authored Aug 19, 2024
2 parents ad07d44 + 6e1c856 commit cc2c300
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 50 deletions.
20 changes: 6 additions & 14 deletions manifests/export/pem_cert.pp
Original file line number Diff line number Diff line change
Expand Up @@ -37,28 +37,20 @@
}

if $der_cert {
$sslmodule = 'x509'
$sslmodule = ['x509', '-inform', 'DER']
$in_cert = $der_cert
$module_opt = '-inform DER'
} else {
$sslmodule = 'pkcs12'
$sslmodule = ['pkcs12']
$in_cert = $pfx_cert
$module_opt = ''
}

$passin_opt = $in_pass ? {
undef => '',
default => "-nokeys -passin pass:${shellquote($in_pass)}",
undef => [],
default => ['-nokeys', '-passin', "pass:${in_pass}"],
}

if $ensure == 'present' {
$cmd = [
"openssl ${sslmodule}",
$module_opt,
"-in ${in_cert}",
"-out ${pem_cert}",
$passin_opt,
]
$cmd = ['openssl'] + $sslmodule + ['-in', $in_cert, '-out', $pem_cert] + $passin_opt

if $dynamic {
$exec_params = {
Expand All @@ -70,7 +62,7 @@
}

exec { "Export ${in_cert} to ${pem_cert}":
command => inline_template('<%= @cmd.join(" ") %>'),
command => $cmd,
path => $facts['path'],
* => $exec_params,
}
Expand Down
20 changes: 9 additions & 11 deletions manifests/export/pem_key.pp
Original file line number Diff line number Diff line change
Expand Up @@ -26,23 +26,21 @@
) {
if $ensure == 'present' {
$passin_opt = $in_pass ? {
undef => '',
default => "-passin pass:${shellquote($in_pass)}",
undef => [],
default => ['-passin', "pass:${in_pass}"],
}

$passout_opt = $out_pass ? {
undef => '-nodes',
default => "-passout pass:${shellquote($out_pass)}",
undef => ['-nodes'],
default => ['-passout', "pass:${out_pass}"],
}

$cmd = [
'openssl pkcs12',
"-in ${pfx_cert}",
"-out ${pem_key}",
'openssl', 'pkcs12',
'-in', $pfx_cert,
'-out', $pem_key,
'-nocerts',
$passin_opt,
$passout_opt,
]
] + $passin_opt + $passout_opt

if $dynamic {
$exec_params = {
Expand All @@ -54,7 +52,7 @@
}

exec { "Export ${pfx_cert} to ${pem_key}":
command => inline_template('<%= @cmd.join(" ") %>'),
command => $cmd,
path => $facts['path'],
* => $exec_params,
}
Expand Down
37 changes: 17 additions & 20 deletions manifests/export/pkcs12.pp
Original file line number Diff line number Diff line change
Expand Up @@ -30,35 +30,32 @@
Optional[String] $in_pass = undef,
Optional[String] $out_pass = undef,
) {
$full_path = "${basedir}/${name}.p12"

if $ensure == 'present' {
$pass_opt = $in_pass ? {
undef => '',
default => "-passin pass:${shellquote($in_pass)}",
undef => [],
default => ['-passin', "pass:${in_pass}"],
}

$passout_opt = $out_pass ? {
undef => '',
default => "-passout pass:${shellquote($out_pass)}",
undef => [],
default => ['-passout', "pass:${out_pass}"],
}

$chain_opt = $chaincert ? {
undef => '',
default => "-chain -CAfile ${chaincert}",
undef => [],
default => ['-chain', '-CAfile', $chaincert],
}

$cmd = [
'openssl pkcs12 -export',
"-in ${cert}",
"-inkey ${pkey}",
"-out ${basedir}/${name}.p12",
"-name ${name}",
'-nodes -noiter',
$chain_opt,
$pass_opt,
$passout_opt,
]

$full_path = "${basedir}/${name}.p12"
'openssl', 'pkcs12', '-export',
'-in', $cert,
'-inkey', $pkey,
'-out', $full_path,
'-name', $name,
'-nodes', '-noiter',
] + $chain_opt + $pass_opt + $passout_opt

if $dynamic {
$exec_params = {
Expand All @@ -70,12 +67,12 @@
}

exec { "Export ${name} to ${full_path}":
command => inline_template('<%= @cmd.join(" ") %>'),
command => $cmd,
path => $facts['path'],
* => $exec_params,
}
} else {
file { "${basedir}/${name}.p12":
file { $full_path:
ensure => absent,
}
}
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 7.0.0 < 9.0.0"
"version_requirement": ">= 7.9.0 < 9.0.0"
}
]
}
8 changes: 4 additions & 4 deletions spec/defines/openssl_export_pem_cert_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@

it {
is_expected.to contain_exec('Export /etc/ssl/certs/foo.pfx to /etc/ssl/certs/foo.pem').with(
command: 'openssl pkcs12 -in /etc/ssl/certs/foo.pfx -out /etc/ssl/certs/foo.pem ',
command: ['openssl', 'pkcs12', '-in', '/etc/ssl/certs/foo.pfx', '-out', '/etc/ssl/certs/foo.pem'],
creates: '/etc/ssl/certs/foo.pem',
path: '/usr/bin:/bin:/usr/sbin:/sbin'
)
Expand All @@ -60,7 +60,7 @@

it {
is_expected.to contain_exec('Export /etc/ssl/certs/foo.pfx to /etc/ssl/certs/foo.pem').with(
command: 'openssl pkcs12 -in /etc/ssl/certs/foo.pfx -out /etc/ssl/certs/foo.pem ',
command: ['openssl', 'pkcs12', '-in', '/etc/ssl/certs/foo.pfx', '-out', '/etc/ssl/certs/foo.pem'],
path: '/usr/bin:/bin:/usr/sbin:/sbin',
refreshonly: true
)
Expand All @@ -79,7 +79,7 @@

it {
is_expected.to contain_exec('Export /etc/ssl/certs/foo.pfx to /etc/ssl/certs/foo.pem').with(
command: "openssl pkcs12 -in /etc/ssl/certs/foo.pfx -out /etc/ssl/certs/foo.pem -nokeys -passin pass:'5r$}^'",
command: ['openssl', 'pkcs12', '-in', '/etc/ssl/certs/foo.pfx', '-out', '/etc/ssl/certs/foo.pem', '-nokeys', '-passin', 'pass:5r$}^'],
creates: '/etc/ssl/certs/foo.pem',
path: '/usr/bin:/bin:/usr/sbin:/sbin'
)
Expand All @@ -96,7 +96,7 @@

it {
is_expected.to contain_exec('Export /etc/ssl/certs/foo.der to /etc/ssl/certs/foo.pem').with(
command: 'openssl x509 -inform DER -in /etc/ssl/certs/foo.der -out /etc/ssl/certs/foo.pem ',
command: ['openssl', 'x509', '-inform', 'DER', '-in', '/etc/ssl/certs/foo.der', '-out', '/etc/ssl/certs/foo.pem'],
creates: '/etc/ssl/certs/foo.pem',
path: '/usr/bin:/bin:/usr/sbin:/sbin'
)
Expand Down

0 comments on commit cc2c300

Please sign in to comment.