diff options
author | Tim Smith <tsmith@chef.io> | 2018-01-22 07:44:28 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-22 07:44:28 -0800 |
commit | 9ef5c2d239b2501cad5fc01bdfc9d617ddef5430 (patch) | |
tree | 899d755703c7e861bdc9f0e0e7eba066842db7b2 /lib/chef/resource | |
parent | 84fb46aeb7e6c457665dc4bf5ac5719b4f5eefd5 (diff) | |
parent | 1a88d51c49b23365c8af5c6a6f5a9306eccae225 (diff) | |
download | chef-9ef5c2d239b2501cad5fc01bdfc9d617ddef5430.tar.gz |
Merge pull request #6736 from chef/openssl_resources
Add dhparam, rsa_private_key and rsa_public_key resources
Diffstat (limited to 'lib/chef/resource')
-rw-r--r-- | lib/chef/resource/openssl_dhparam.rb | 59 | ||||
-rw-r--r-- | lib/chef/resource/openssl_rsa_private_key.rb | 69 | ||||
-rw-r--r-- | lib/chef/resource/openssl_rsa_public_key.rb | 56 |
3 files changed, 184 insertions, 0 deletions
diff --git a/lib/chef/resource/openssl_dhparam.rb b/lib/chef/resource/openssl_dhparam.rb new file mode 100644 index 0000000000..cec27d21bd --- /dev/null +++ b/lib/chef/resource/openssl_dhparam.rb @@ -0,0 +1,59 @@ +# +# Copyright:: Copyright 2009-2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" + +class Chef + class Resource + # a resource for generating dhparam.pem files. + # If a valid dhparam.pem file is found at the specified location, no new + # file will be created. If a file is found at the specified location but it + # is not a valid dhparam file, it will be overwritten. + # + # @since 14.0 + class OpensslDhparam < Chef::Resource + require "chef/mixin/openssl" + include Chef::Mixin::OpenSSL + + resource_name :openssl_dhparam + + property :path, String, name_property: true + property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 + property :generator, equal_to: [2, 5], default: 2 + property :owner, [String, nil] + property :group, [String, nil] + property :mode, [Integer, String], default: "0640" + + action :create do + unless dhparam_pem_valid?(new_resource.path) + converge_by("Create a dhparam file #{new_resource.path}") do + dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem + + declare_resource(:file, new_resource.path) do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + sensitive true + content dhparam_content + end + end + end + end + end + end +end diff --git a/lib/chef/resource/openssl_rsa_private_key.rb b/lib/chef/resource/openssl_rsa_private_key.rb new file mode 100644 index 0000000000..32c394846b --- /dev/null +++ b/lib/chef/resource/openssl_rsa_private_key.rb @@ -0,0 +1,69 @@ +# +# Copyright:: Copyright 2009-2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" + +class Chef + class Resource + # A resource for generating rsa private key files. + # If a valid rsa key file can be opened at the specified location, no new file + # will be created. If the RSA key file cannot be opened, either because it + # does not exist or because the password to the RSA key file does not match + # the password in the recipe, it will be overwritten. + # + # @since 14.0 + class OpensslRsaPrivateKey < Chef::Resource + require "chef/mixin/openssl" + include Chef::Mixin::OpenSSL + + resource_name :openssl_rsa_private_key + provides :openssl_rsa_private_key + provides :openssl_rsa_key # legacy cookbook resource name + + property :path, String, name_property: true + property :key_length, equal_to: [1024, 2048, 4096, 8192], default: 2048 + property :key_pass, String + property :key_cipher, String, default: "des3", equal_to: OpenSSL::Cipher.ciphers + property :owner, [String, nil] + property :group, [String, nil] + property :mode, [Integer, String], default: "0600" + property :force, [true, false], default: false + + action :create do + return if new_resource.force || priv_key_file_valid?(new_resource.path, new_resource.key_pass) + + converge_by("create #{new_resource.key_length} bit RSA key #{new_resource.path}") do + if new_resource.key_pass + unencrypted_rsa_key = gen_rsa_priv_key(new_resource.key_length) + rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass, new_resource.key_cipher) + else + rsa_key_content = gen_rsa_priv_key(new_resource.key_length).to_pem + end + + declare_resource(:file, new_resource.path) do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + sensitive true + content rsa_key_content + end + end + end + end + end +end diff --git a/lib/chef/resource/openssl_rsa_public_key.rb b/lib/chef/resource/openssl_rsa_public_key.rb new file mode 100644 index 0000000000..602b48065e --- /dev/null +++ b/lib/chef/resource/openssl_rsa_public_key.rb @@ -0,0 +1,56 @@ +# +# Copyright:: Copyright 2009-2018, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" + +class Chef + class Resource + # A resource for generating rsa public key files given a rsa private key. + # + # @since 14.0 + class OpensslRsaPublicKey < Chef::Resource + require "chef/mixin/openssl" + include Chef::Mixin::OpenSSL + + resource_name :openssl_rsa_public_key + + property :path, String, name_property: true + property :private_key_path, String + property :private_key_content, String + property :private_key_pass, String + property :owner, [String, nil] + property :group, [String, nil] + property :mode, [Integer, String], default: "0640" + + action :create do + raise ArgumentError, "You cannot specify both 'private_key_path' and 'private_key_content' properties at the same time." if new_resource.private_key_path && new_resource.private_key_content + raise ArgumentError, "You must specify the private key with either 'private_key_path' or 'private_key_content' properties." unless new_resource.private_key_path || new_resource.private_key_content + raise "#{new_resource.private_key_path} not a valid private RSA key or password is invalid" unless priv_key_file_valid?((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + rsa_key_content = gen_rsa_pub_key((new_resource.private_key_path || new_resource.private_key_content), new_resource.private_key_pass) + + declare_resource(:file, new_resource.path) do + action :create + owner new_resource.owner unless new_resource.owner.nil? + group new_resource.group unless new_resource.group.nil? + mode new_resource.mode + content rsa_key_content + end + end + end + end +end |