diff options
author | Johannes Löthberg <johannes@kyriasis.com> | 2017-01-10 18:36:06 +0100 |
---|---|---|
committer | Johannes Löthberg <johannes@kyriasis.com> | 2017-01-10 18:36:06 +0100 |
commit | d4ea3686df254165fe0c1f8fa7d091104ae7b727 (patch) | |
tree | 6404491b96fea4b439fbc0cecee32eef1889336a /_states | |
parent | 537bfdd77291e7480b1be782a678002811aec8bf (diff) | |
download | file-d4ea3686df254165fe0c1f8fa7d091104ae7b727.tar.xz |
remove acme module
It's now in a released version.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Diffstat (limited to '_states')
-rw-r--r-- | _states/acme.py | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/_states/acme.py b/_states/acme.py deleted file mode 100644 index 4fcf09a..0000000 --- a/_states/acme.py +++ /dev/null @@ -1,121 +0,0 @@ -# -*- coding: utf-8 -*- -''' -ACME / Let's Encrypt certificate management state -================================================= - -.. versionadded: 2016.3 - -See also the module documentation - -.. code-block:: yaml - - reload-gitlab: - cmd.run: - - name: gitlab-ctl hup - - dev.example.com: - acme.cert: - - aliases: - - gitlab.example.com - - email: acmemaster@example.com - - webroot: /opt/gitlab/embedded/service/gitlab-rails/public - - renew: 14 - - fire_event: acme/dev.example.com - - onchanges_in: - - cmd: reload-gitlab - -''' -# Import python libs -from __future__ import absolute_import -import logging - -log = logging.getLogger(__name__) - - -def __virtual__(): - ''' - Only work when the ACME module agrees - ''' - return 'acme.cert' in __salt__ - - -def cert(name, - aliases=None, - email=None, - webroot=None, - test_cert=False, - renew=None, - keysize=None, - server=None, - owner='root', - group='root'): - ''' - Obtain/renew a certificate from an ACME CA, probably Let's Encrypt. - - :param name: Common Name of the certificate (DNS name of certificate) - :param aliases: subjectAltNames (Additional DNS names on certificate) - :param email: e-mail address for interaction with ACME provider - :param webroot: True or a full path to use to use webroot. Otherwise use standalone mode - :param test_cert: Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server') - :param renew: True/'force' to force a renewal, or a window of renewal before expiry in days - :param keysize: RSA key bits - :param server: API endpoint to talk to - :param owner: owner of private key - :param group: group of private key - ''' - - if __opts__['test']: - ret = { - 'name': name, - 'changes': {}, - 'result': None - } - window = None - try: - window = int(renew) - except: # pylint: disable=bare-except - pass - - comment = 'Certificate {0} '.format(name) - if not __salt__['acme.has'](name): - comment += 'would have been obtained' - elif __salt__['acme.needs_renewal'](name, window): - comment += 'would have been renewed' - else: - comment += 'would not have been touched' - ret['comment'] = comment - return ret - - if not __salt__['acme.has'](name): - old = None - else: - old = __salt__['acme.info'](name) - - res = __salt__['acme.cert']( - name, - aliases=aliases, - email=email, - webroot=webroot, - test_cert=test_cert, - renew=renew, - keysize=keysize, - server=server, - owner=owner, - group=group - ) - - ret = { - 'name': name, - 'result': res['result'] is not False, - 'comment': res['comment'] - } - - if res['result'] is None: - ret['changes'] = {} - else: - ret['changes'] = { - 'old': old, - 'new': __salt__['acme.info'](name) - } - - return ret |