From 5e23270a707ac5474f9fd48929b411923a88eafa Mon Sep 17 00:00:00 2001
From: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>
Date: Wed, 27 May 2020 09:35:27 +0200
Subject: [PATCH] stack/caucase: make crt_path optional.
so that we can create caucase-updater for fetching CA / CRL only purpose.
---
stack/caucase/README.rst | 2 +-
stack/caucase/buildout.hash.cfg | 2 +-
stack/caucase/caucase.jinja2.library | 26 ++++++++++++++------------
3 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/stack/caucase/README.rst b/stack/caucase/README.rst
index c58b8b6c5..b9270d0ba 100644
--- a/stack/caucase/README.rst
+++ b/stack/caucase/README.rst
@@ -72,7 +72,7 @@ Client
This script allows you to re-issue a CSR using a locally-generated private key.
-.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, crt_path, ca_path, crl_path, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
+.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, ca_path, crl_path, crt_path=None, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
- ``<prefix>``: Creates ``<updater>`` executable file to start ``caucase-updater``, and ``<data_dir>`` directory for its data storage needs.
diff --git a/stack/caucase/buildout.hash.cfg b/stack/caucase/buildout.hash.cfg
index 2f26b6a56..4168bbf5c 100644
--- a/stack/caucase/buildout.hash.cfg
+++ b/stack/caucase/buildout.hash.cfg
@@ -15,4 +15,4 @@
[caucase-jinja2-library]
filename = caucase.jinja2.library
-md5sum = 9a7247cdb2ee1d66c074b0660c54713f
+md5sum = 2e7e61bb0cf41c28d6d811a0283cf03e
diff --git a/stack/caucase/caucase.jinja2.library b/stack/caucase/caucase.jinja2.library
index e9eeb9973..254b8e9d0 100644
--- a/stack/caucase/caucase.jinja2.library
+++ b/stack/caucase/caucase.jinja2.library
@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
updater_path,
url,
data_dir,
- crt_path,
ca_path,
crl_path,
+ crt_path=None,
key_path=None,
on_renew=None,
max_sleep=None,
@@ -59,24 +59,25 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
recipe = slapos.cookbook:mkdirectory
data-dir = {{ data_dir }}
-{% if template_csr_pem or template_csr -%}
+{% if crt_path %}
+{% if template_csr_pem or template_csr -%}
[{{ prefix }}-provided-csr-content]
-{% if template_csr_pem %}
+{% if template_csr_pem %}
content = {{ dumps(template_csr_pem) }}
-{% elif template_csr %}
+{% elif template_csr %}
content = {{ template_csr }}
-{% endif %}
+{% endif %}
[{{ prefix }}-provided-csr]
recipe = slapos.recipe.template:jinja2
mode = 644
-{% if template_csr_pem %}
+{% if template_csr_pem %}
template = inline:{{ '{{ content }}' }}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
context = key content {{ prefix }}-provided-csr-content:content
-{% elif template_csr %}
+{% elif template_csr %}
template = {{ '${' + prefix }}-provided-csr-content:content}
rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
-{% endif %}
+{% endif %}
{{ rerequest(
prefix=prefix ~ '-csr',
buildout_bin_directory=buildout_bin_directory,
@@ -84,12 +85,13 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
csr='${:csr}',
key=key_path,
)}}
-{%- else -%}
+{%- else -%}
[{{ prefix }}-csr]
recipe = plone.recipe.command
command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
-{%- endif %}
+{%- endif %}
csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
+{%- endif %}
[{{ prefix }}]
recipe = slapos.cookbook:wrapper
@@ -98,8 +100,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
--ca-url '{{ url }}'
--cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem'
--mode '{{ mode }}'
- --csr '${ {{- prefix }}-csr:csr}'
- --crt '{{ crt_path }}'
+ {% if crt_path %}--csr '${ {{- prefix }}-csr:csr}'
+ --crt '{{ crt_path }}' {%- endif %}
--ca '{{ ca_path }}'
--crl '{{ crl_path }}'
{% if key_path %}--key '{{ key_path }}' {%- endif %}
--
2.30.9