- [SSH-CA KRL (0.3.0 or later)](#ssh-ca-krl-030-or-later)
- [SSL server keys and certificates](#ssl-server-keys-and-certificates)
- [References of deployed key and certificate file paths (with default attributes)](#references-of-deployed-key-and-certificate-file-paths-with-default-attributes)
+ - [Helper methods](#helper-methods)
- [License and Authors](#license-and-authors)
## Requirements
### References of deployed key and certificate file paths (with default attributes)
-- `node['ssl_cert']["#{ca}_cert_path"]` - e.g. `node['ssl_cert']['grid_ca_cert_path']`
-- `node['ssl_cert']["#{ca}_pubkey_path"]` - e.g. `node['ssl_cert']['grid_ssh_ca_pubkey_path']`
-- `node['ssl_cert']["#{ca}_krl_path"]` - e.g. `node['ssl_cert']['grid_ssh_ca_krl_path']`
-- `node['ssl_cert']["#{undotted_cn}_key_path"]` - e.g. `node['ssl_cert']['node_example_com_key_path']`
-- `node['ssl_cert']["#{undotted_cn}_cert_path"]` - e.g. `node['ssl_cert']['node_example_com_cert_path']`
+- `node['ssl_cert']["#{ca}_cert_path"]`: e.g. `node['ssl_cert']['grid_ca_cert_path']`
+- `node['ssl_cert']["#{ca}_pubkey_path"]`: e.g. `node['ssl_cert']['grid_ssh_ca_pubkey_path']`
+- `node['ssl_cert']["#{ca}_krl_path"]`: e.g. `node['ssl_cert']['grid_ssh_ca_krl_path']`
+- `node['ssl_cert']["#{undotted_cn}_key_path"]`: e.g. `node['ssl_cert']['node_example_com_key_path']`
+- `node['ssl_cert']["#{undotted_cn}_cert_path"]`: e.g. `node['ssl_cert']['node_example_com_cert_path']`
+
+### Helper methods
+
+- `SSLCert::Helper.ca_cert_path(ca_name)`: return CA certificate file path string.
+- `SSLCert::Helper.ca_pubkey_path(ca_name)`: return CA public key file path string.
+- `SSLCert::Helper.ca_krl_path(ca_name)`: return CA KRL file path string.
+- `SSLCert::Helper.server_key_path(common_name)`: return server private key file path string.
+- `SSLCert::Helper.server_cert_path(common_name)`: return server certificate file path string.
+- `SSLCert::Helper.append_members_to_key_access_group(members_array)`: append members to the key access group (default: `ssl-cert`).
+
+```ruby
+::Chef::Recipe.send(:include, SSLCert::Helper)
+
+append_members_to_key_access_group(['openldap'])
+grid_ca_cert_path = ca_cert_path('grid_ca')
+ldap_key_path = server_key_path('ldap.grid.example.com')
+ldap_cert_path = server_cert_path('ldap.grid.example.com')
+```
## License and Authors
end
def append_members_to_key_access_group(mems)
+ mems = [mems] if mems.is_a?(String)
key_group = get_private_key_group
if key_group == 'root'
Chef::Log.warn('Skip member adding because the key access group is root.')
key_path = server_key_path(cn)
key_group = get_private_key_group
- unless key_group == 'root'
- resources(group: key_group) rescue group key_group do
- system true
- action :create
- append true
- end
+ resources(group: key_group) rescue group key_group do
+ system true
+ action :create
+ append true
+ not_if { key_group == 'root' }
end
key_mode = get_private_key_mode