stack/caucase: make crt_path optional.

so that we can create caucase-updater for fetching CA / CRL only purpose.

stack/caucase: make crt_path optional.
so that we can create caucase-updater for fetching CA / CRL only purpose.
5e23270a · Kazuhiko Shiozaki · bba044e5 · 5e23270a · 5e23270a · 5e23270a
Commit 5e23270a authored May 27, 2020 by Kazuhiko Shiozaki
Showing with 16 additions and 14 deletions

stack/caucase/README.rst stack/caucase/README.rst +1 -1

stack/caucase/buildout.hash.cfg stack/caucase/buildout.hash.cfg +1 -1

stack/caucase/caucase.jinja2.library stack/caucase/caucase.jinja2.library +14 -12

No files found.
--- a/stack/caucase/README.rst
+++ b/stack/caucase/README.rst
@@ -72,7 +72,7 @@ Client
  
  This script allows you to re-issue a CSR using a locally-generated private key.

-.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, crt_path, ca_path, crl_path, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
+.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, ca_path, crl_path, crt_path=None, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``

  - ``<prefix>``: Creates ``<updater>`` executable file to start ``caucase-updater``, and ``<data_dir>`` directory for its data storage needs.
  

--- a/stack/caucase/buildout.hash.cfg
+++ b/stack/caucase/buildout.hash.cfg
@@ -15,4 +15,4 @@

 [caucase-jinja2-library]
 filename = caucase.jinja2.library
-md5sum = 9a7247cdb2ee1d66c074b0660c54713f
+md5sum = 2e7e61bb0cf41c28d6d811a0283cf03e
--- a/stack/caucase/caucase.jinja2.library
+++ b/stack/caucase/caucase.jinja2.library
@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
  updater_path,
  url,
  data_dir,
-  crt_path,
  ca_path,
  crl_path,
+  crt_path=None,
  key_path=None,
  on_renew=None,
  max_sleep=None,
@@ -59,24 +59,25 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
 recipe = slapos.cookbook:mkdirectory
 data-dir = {{ data_dir }}

-{% if template_csr_pem or template_csr -%}
+{% if crt_path %}
+{%   if template_csr_pem or template_csr -%}
 [{{ prefix }}-provided-csr-content]
-{%   if template_csr_pem %}
+{%     if template_csr_pem %}
 content = {{ dumps(template_csr_pem) }}
-{%   elif template_csr %}
+{%     elif template_csr %}
 content = {{ template_csr }}
-{%   endif %}
+{%     endif %}
 [{{ prefix }}-provided-csr]
 recipe = slapos.recipe.template:jinja2
 mode = 644
-{%   if template_csr_pem %}
+{%     if template_csr_pem %}
 template = inline:{{ '{{ content }}' }}
 rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
 context = key content {{ prefix }}-provided-csr-content:content
-{%   elif template_csr %}
+{%     elif template_csr %}
 template = {{ '${' + prefix }}-provided-csr-content:content}
 rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
-{%   endif %}
+{%     endif %}
 {{   rerequest(
       prefix=prefix ~ '-csr',
       buildout_bin_directory=buildout_bin_directory,
@@ -84,12 +85,13 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
       csr='${:csr}',
       key=key_path,
 )}}
-{%- else -%}
+{%-   else -%}
 [{{ prefix }}-csr]
 recipe = plone.recipe.command
 command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
-{%- endif %}
+{%-   endif %}
 csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
+{%- endif %}

 [{{ prefix }}]
 recipe = slapos.cookbook:wrapper
@@ -98,8 +100,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
  --ca-url '{{ url }}'
  --cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem'
  --mode '{{ mode }}'
-  --csr '${ {{- prefix }}-csr:csr}'
-  --crt '{{ crt_path }}'
+  {% if crt_path %}--csr '${ {{- prefix }}-csr:csr}'
+  --crt '{{ crt_path }}' {%- endif %}
  --ca '{{ ca_path }}'
  --crl '{{ crl_path }}'
  {% if key_path %}--key '{{ key_path }}' {%- endif %}