-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New argument to set exportability of the certificate #46
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,6 @@ | ||
# Author:: Paul Stack (mailto:[email protected]) | ||
# Copyright:: Copyright (c) 2013 OpenTable Inc | ||
# License:: MIT | ||
|
||
# == Define: sslcertificate | ||
# | ||
# This defined type will install SSL Certs on windows | ||
|
@@ -17,7 +16,8 @@ | |
# The password for the given certifcate | ||
# | ||
# [*location*] | ||
# The location to store intermediate certificates | ||
# The location to store intermediate certificates. | ||
# Do not end the string with any forward or backslash. | ||
# | ||
# [*thumbprint*] | ||
# The thumbprint used to verify the certifcate | ||
|
@@ -28,53 +28,98 @@ | |
# [*root_store*] | ||
# The store location for the given certifcation store. Either LocalMachine or CurrentUser | ||
# | ||
# [*scripts_dir*] | ||
# The directory where the scripts to verify and install the certificates will be stored. | ||
# By default is C:\temp | ||
# | ||
# [*is_exportable*] | ||
# Flag to set the key as exportable. true == exportable; false == not exportable. | ||
# By default is set to true. | ||
# === Examples | ||
# | ||
# To install a certificate in the My directory of the LocalMachine root store: | ||
# | ||
# sslcertificate { "Install-PFX-Certificate" : | ||
# name => 'mycert.pfx', | ||
# password => 'password123', | ||
# location => 'C:\', | ||
# location => 'C:', | ||
# thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' | ||
# } | ||
# | ||
# To install a certifcate in an alterntative direcotory: | ||
# To install a certifcate in an alternative directory: | ||
# | ||
# sslcertificate { "Install-Intermediate-Certificate" : | ||
# name => 'go_daddy_intermediate.p7b', | ||
# location => 'C:\', | ||
# location => 'C:', | ||
# store_dir => 'CA', | ||
# root_store => 'LocalMachine', | ||
# thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' | ||
# } | ||
# | ||
define sslcertificate($password, $location, $thumbprint, $root_store = 'LocalMachine', $store_dir = 'My') { | ||
validate_re($name, '^(.)+$',"Must pass name to ${module_name}[${title}]") | ||
validate_re($location, '^(.)+$',"Must pass location to ${module_name}[${title}]") | ||
# To install a certificate in the My directory of the LocalMachine root store | ||
# using a different directory to store the scripts: | ||
# | ||
# sslcertificate { "Install-PFX-Certificate" : | ||
# name => 'mycert.pfx', | ||
# password => 'password123', | ||
# location => 'C:', | ||
# thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B', | ||
# scripts_dir => 'C:\scripts_dir' | ||
# } | ||
# | ||
# To install a certificate in the My directory of the LocalMachine root store | ||
# and set the key as not exportable: | ||
# | ||
# sslcertificate { "Install-PFX-Certificate" : | ||
# name => 'mycert.pfx', | ||
# password => 'password123', | ||
# location => 'C:', | ||
# thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B', | ||
# is_exportable => false | ||
# } | ||
# | ||
define sslcertificate ( | ||
$password, | ||
$location, | ||
$thumbprint, | ||
$root_store = 'LocalMachine', | ||
$store_dir = 'My', | ||
$scripts_dir = 'C:\temp', | ||
$is_exportable = true) { | ||
validate_re($name, '^(.)+$', "Must pass name to ${module_name}[${title}]") | ||
validate_re($location, '^(.)+$', "Must pass location to ${module_name}[${title}]") | ||
validate_re($thumbprint, '^(.)+$', "Must pass a certificate thumbprint to ${module_name}[${title}]") | ||
|
||
ensure_resource('file', 'C:\temp', { ensure => directory }) | ||
ensure_resource('file', $scripts_dir, { | ||
ensure => directory | ||
} | ||
) | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the closing parenthesis should follow the brace on the same line. |
||
if($is_exportable){ | ||
$key_storage_flags = 'Exportable,PersistKeySet' | ||
}else{ | ||
$key_storage_flags = 'PersistKeySet' | ||
} | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the parentheses around |
||
file { "inspect-${name}-certificate.ps1" : | ||
file { "inspect-${name}-certificate.ps1": | ||
ensure => present, | ||
path => "C:\\temp\\inspect-${name}.ps1", | ||
path => "${scripts_dir}\\inspect-${name}.ps1", | ||
content => template('sslcertificate/inspect.ps1.erb'), | ||
require => File['C:\temp'], | ||
require => File[$scripts_dir], | ||
} | ||
|
||
file { "import-${name}-certificate.ps1" : | ||
file { "import-${name}-certificate.ps1": | ||
ensure => present, | ||
path => "C:\\temp\\import-${name}.ps1", | ||
path => "${scripts_dir}\\import-${name}.ps1", | ||
content => template('sslcertificate/import.ps1.erb'), | ||
require => File['C:\temp'], | ||
require => File[$scripts_dir], | ||
} | ||
|
||
exec { "Install-${name}-SSLCert": | ||
provider => powershell, | ||
command => "c:\\temp\\import-${name}.ps1", | ||
onlyif => "c:\\temp\\inspect-${name}.ps1", | ||
command => "${scripts_dir}\\import-${name}.ps1", | ||
onlyif => "${scripts_dir}\\inspect-${name}.ps1", | ||
logoutput => true, | ||
require => [ File["inspect-${name}-certificate.ps1"], File["import-${name}-certificate.ps1"] ], | ||
require => [File["inspect-${name}-certificate.ps1"], File["import-${name}-certificate.ps1"]], | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer this to be just
exportable
instead.Is 'My' a good default for store_dir?
This should probably be converted to use Puppet 4 datatypes, so that you can get rid of the validate calls below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, 'My' is a default dir. I just have extended the code, as you can see, I maintained the default options/parameters.