diff options
author | Julien Huon <julien@huon.email> | 2019-12-25 23:20:10 +0100 |
---|---|---|
committer | Julien Huon <julien@huon.email> | 2019-12-25 23:20:10 +0100 |
commit | a8cf453d0601908a10d775499a7a04d79998ae52 (patch) | |
tree | f301ac8a3e23d064b350650604a16e2c976cc9ee | |
parent | 0e58820b5b2b537ab22b3efe7841ac301b9534d3 (diff) | |
download | chef-a8cf453d0601908a10d775499a7a04d79998ae52.tar.gz |
Fix : renew the certificate only if renew_before_expiry is set.
Signed-off-by: Julien Huon <julien@huon.email>
-rw-r--r-- | lib/chef/resource/openssl_x509_certificate.rb | 53 |
1 files changed, 30 insertions, 23 deletions
diff --git a/lib/chef/resource/openssl_x509_certificate.rb b/lib/chef/resource/openssl_x509_certificate.rb index 354c8c0dab..16dc8dff04 100644 --- a/lib/chef/resource/openssl_x509_certificate.rb +++ b/lib/chef/resource/openssl_x509_certificate.rb @@ -110,33 +110,40 @@ class Chef description: "The passphrase for CA private key's passphrase." property :renew_before_expiry, Integer, - description: "The number of days before the expiry. The certificate will be automaticaly renewed when the value is reached.", - default: 5 + description: "The number of days before the expiry. The certificate will be automaticaly renewed when the value is reached." action :create do description "Generate a certificate" - if cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry) - converge_by("Create #{@new_resource}") do - file new_resource.path do - action :create - owner new_resource.owner unless new_resource.owner.nil? - group new_resource.group unless new_resource.group.nil? - mode new_resource.mode unless new_resource.mode.nil? - sensitive true - content cert.to_pem - end - - if new_resource.csr_file.nil? - file new_resource.key_file do - action :create_if_missing - owner new_resource.owner unless new_resource.owner.nil? - group new_resource.group unless new_resource.group.nil? - mode new_resource.mode unless new_resource.mode.nil? - sensitive true - content key.to_pem - end - end + file new_resource.path do + action :create_if_missing + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content cert.to_pem + end + + unless new_resource.renew_before_expiry.nil? + file new_resource.path do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content cert.to_pem + only_if { cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry) } + end + end + + if new_resource.csr_file.nil? + file new_resource.key_file do + action :create_if_missing + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode unless new_resource.mode.nil? + sensitive true + content key.to_pem end end end |