Convert openssl resources to unified_mode

Mostly does what the title says, there wasn't much that depended on compile/converge ordering and mostly this might fix a bug or two in intention. Renamed a method that had a misspelling. Used tap in two places. Removed the mutation of the new_resource in two places which is the most disruptive part of this change. Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
author: Lamont Granquist <lamont@scriptkiddie.org> 2020-08-03 15:44:29 -0700
committer: Lamont Granquist <lamont@scriptkiddie.org> 2020-08-03 15:44:29 -0700
commit: 69399484afc5e559258dfc7479d70f31843b5859 (patch)
tree: 6a4db5d25b280df8ec591bbb1fae367d141188bb /lib/chef/resource/openssl_x509_certificate.rb
parent: 71088574e7b67850612c43e0804d00baa0984506 (diff)
download: chef-69399484afc5e559258dfc7479d70f31843b5859.tar.gz
1 files changed, 26 insertions, 21 deletions
diff --git a/lib/chef/resource/openssl_x509_certificate.rb b/lib/chef/resource/openssl_x509_certificate.rb
index 7b54ad2d6b..4bf9404411 100644
--- a/lib/chef/resource/openssl_x509_certificate.rb
+++ b/lib/chef/resource/openssl_x509_certificate.rb
@@ -24,6 +24,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides :openssl_x509_certificate
       provides(:openssl_x509) { true } # legacy cookbook name.
 
@@ -161,7 +163,7 @@ class Chef
           content cert.to_pem
         end
 
-        if !new_resource.renew_before_expiry.nil? && cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry)
+        if !new_resource.renew_before_expiry.nil? && cert_need_renewal?(new_resource.path, new_resource.renew_before_expiry)
           file new_resource.path do
             action :create
             owner new_resource.owner unless new_resource.owner.nil?
@@ -173,7 +175,7 @@ class Chef
         end
 
         if new_resource.csr_file.nil?
-          file new_resource.key_file do
+          file key_file do
             action :create_if_missing
             owner new_resource.owner unless new_resource.owner.nil?
             group new_resource.group unless new_resource.group.nil?
@@ -185,24 +187,27 @@ class Chef
       end
 
       action_class do
-        def generate_key_file
-          unless new_resource.key_file
-            path, file = ::File.split(new_resource.path)
-            filename = ::File.basename(file, ::File.extname(file))
-            new_resource.key_file path + "/" + filename + ".key"
-          end
-          new_resource.key_file
+        def key_file
+          @key_file ||=
+            begin
+              if new_resource.key_file
+                new_resource.key_file
+              else
+                path, file = ::File.split(new_resource.path)
+                filename = ::File.basename(file, ::File.extname(file))
+                path + "/" + filename + ".key"
+              end
+            end
         end
 
         def key
-          @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
-                     OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
+          @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
+                     OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
                    elsif new_resource.key_type == "rsa"
                      gen_rsa_priv_key(new_resource.key_length)
                    else
                      gen_ec_priv_key(new_resource.key_curve)
                    end
-          @key
         end
 
         def request
@@ -214,15 +219,15 @@ class Chef
         end
 
         def subject
-          subject = OpenSSL::X509::Name.new
-          subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
-          subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
-          subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
-          subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
-          subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
-          subject.add_entry("CN", new_resource.common_name)
-          subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
-          subject
+          OpenSSL::X509::Name.new.tap do |csr_subject|
+            csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
+            csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
+            csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
+            csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
+            csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
+            csr_subject.add_entry("CN", new_resource.common_name)
+            csr_subject.add_entry("emailcsr_subject.address", new_resource.email) unless new_resource.email.nil?
+          end
         end
 
         def ca_private_key
author	Lamont Granquist <lamont@scriptkiddie.org>	2020-08-03 15:44:29 -0700
committer	Lamont Granquist <lamont@scriptkiddie.org>	2020-08-03 15:44:29 -0700
commit	69399484afc5e559258dfc7479d70f31843b5859 (patch)
tree	6a4db5d25b280df8ec591bbb1fae367d141188bb /lib/chef/resource/openssl_x509_certificate.rb
parent	71088574e7b67850612c43e0804d00baa0984506 (diff)
download	chef-69399484afc5e559258dfc7479d70f31843b5859.tar.gz