diff options
-rw-r--r-- | lib/chef/resource/trusted_certificate.rb | 82 | ||||
-rw-r--r-- | lib/chef/resources.rb | 1 |
2 files changed, 83 insertions, 0 deletions
diff --git a/lib/chef/resource/trusted_certificate.rb b/lib/chef/resource/trusted_certificate.rb new file mode 100644 index 0000000000..80c69bd815 --- /dev/null +++ b/lib/chef/resource/trusted_certificate.rb @@ -0,0 +1,82 @@ +# +# Copyright:: Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" + +class Chef + class Resource + class TrustedCertificate < Chef::Resource + resource_name :trusted_certificate + + description "" + introduced "16.0" + + property :certificate_name, String, + name_property: true, + description: "" + + property :content, String, + description: "", + required: true + + action :create do + execute "update trusted certificates" do + command update_cert_command + action :nothing + end + + file "#{certificate_path}/#{new_resource.certificate_name}.crt" do + content new_resource.content + owner "root" + group "staff" if debian? + action :create + notifies :run, "execute[update trusted certificates]" + end + end + + action :delete do + execute "update trusted certificates" do + command update_cert_command + action :nothing + end + + file "#{certificate_path}/#{new_resource.certificate_name}.crt" do + action :delete + notifies :run, "execute[update trusted certificates]" + end + end + + action_class do + # @return [String] the platform specific command to update certs + def update_cert_command + platform_family?("debian", "suse") ? "update-ca-certificates" : "update-ca-trust extract" + end + + # @return [String] the platform specific path to certs + def certificate_path + case node["platform_family"] + when "debian" + "/usr/local/share/ca-certificates" + when "suse" + "/etc/pki/trust/anchors/" + else # probably RHEL + "/etc/pki/ca-trust/source/anchors" + end + end + end + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index f997d43a39..d08e9ebf49 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -116,6 +116,7 @@ require_relative "resource/sysctl" require_relative "resource/swap_file" require_relative "resource/systemd_unit" require_relative "resource/ssh_known_hosts_entry" +require_relative "resource/trusted_certificate" require_relative "resource/windows_service" require_relative "resource/subversion" require_relative "resource/smartos_package" |