search

sous-chefs / certificate

Development repository for the certificate cookbook
https://supermarket.chef.io/cookbooks/certificate
73 stars 43 forks source link

Add custom data bag type #49

Closed niven01 closed 9 years ago

niven01 commented 9 years ago

Hi,

I was in the process of writing my own certificate cookbook and one of my colleagues pointed me to yours. I believe he met you recently at a Chef summit or similar. He told me you were keen for the community to contribute.

This PR add the data bag type `custom' which allows me to handle how I store and retrieve the certificates. I have quite a few scenarios where there is an existing data bag structure that does not meet your cookbook requirements.

I did submit a PR previously but decided it was more complicated than it needed to be and was in effect a rewrite. https://github.com/atomic-penguin/cookbook-certificate/pull/48

Have a look and let me know your thoughts on this. I'm keen to keep on using your cookbook but I do need the flexibility of my own data bag structure.

The resource will be as follows:

certificate_manage 'Install certificate' do
  cert_file custom_data_bag['cert_name']
  key_file custom_data_bag['key_name']
  chain_file custom_data_bag['chain_file_bundle']
  cert_file_source custom_data_bag['cert_file_source']
  key_file_source custom_data_bag['key_file_source']
  chain_file_source custom_data_bag['chain_file_source']
  data_bag_type 'custom'
end

I've also added a remove action to delete certificates

niven01 commented 9 years ago

any thoughts on this?

atomic-penguin commented 9 years ago

@niven01 its not immediately clear to me what this solves, that couldn't be solved by calling the resource from a wrapper cookbook with whichever custom attributes. Could you provide a few examples of data_bag structure you are working with, redacting any confidential data of course?

niven01 commented 9 years ago

hmm, ok. Seems I may have missed something then. Anyway, example of data bag structure:

[node.chef_environment]['vhost']['cert'] [node.chef_environment]['vhost']['cert_key']

{
    "id": "website1",
    "staging": {
        "vhost": {
            "port": 80,
            "server_name": "staging.website1.com",
            "server_alias": [
                "test-staging.website1.com"
            ],
            "ssl": false,
            "cert": "",
            "cert_key": "",
            "ca_file": ""
        },
        "database": {
            "db_name": "db1",
            "db_user": "db1",
            "db_password": "aSecret",
            "additional_db_users": {
                "user1": "aSecret",
                "user2": "aSecret"
            }
        }
    },
    "production": {
        "vhost": {
            "port": 80,
            "server_name": "www.website1.com",
            "server_alias": [
                "test-www.website1.com"
            ],
            "ssl": true,
            "cert": "-----BEGIN CERTIFICATE-----",
            "cert_key": "-----BEGIN RSA PRIVATE KEY-----",
            "ca_file": "CA_SSL.crt"
        },
        "database": {
            "db_name": "db1",
            "db_user": "db1",
            "db_password": "aSecret",
            "additional_db_users": {
                "user1": "aSecret",
                "user2": "aSecret"
            }
        }
    }
}