Class: Vault::Provision::Pki::Intermediate::Generate::Internal
- Inherits:
-
Vault::Provision::Prototype
- Object
- Vault::Provision::Prototype
- Vault::Provision::Pki::Intermediate::Generate::Internal
- Includes:
- Vault::Provision::Pki
- Defined in:
- lib/vault/provision/pki/intermediate/generate/internal.rb
Overview
create the CA
Instance Method Summary collapse
- #gen_file(mount_point) ⇒ Object
- #provision! ⇒ Object
- #sign_intermediate_csr(mount_point, csr) ⇒ Object
Instance Method Details
#gen_file(mount_point) ⇒ Object
5 6 7 |
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 5 def gen_file mount_point "#{@instance_dir}/#{mount_point}/intermediate/generate/internal.json" end |
#provision! ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 |
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 9 def provision! repo_files_by_mount_type('pki').each do |rf| mount_point = rf.split('/')[-4] next unless FileTest.file?(gen_file(mount_point)) next if generated? mount_point next unless @pki_allow_destructive resp = @vault.post "v1/#{mount_point}/intermediate/generate/internal", File.read(rf) sign_intermediate_csr(mount_point, resp[:data][:csr]) end end |
#sign_intermediate_csr(mount_point, csr) ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 21 def sign_intermediate_csr mount_point, csr return if @intermediate_issuer.empty? root_mount = @intermediate_issuer[mount_point.to_sym] return if root_mount.nil? req = JSON.parse(File.read(gen_file(mount_point))) resp = @vault.post "v1/#{root_mount}/root/sign-intermediate", JSON.dump(csr: csr, common_name: req['common_name'], ttl: req['ttl'], max_path_length: 0, exclude_cn_from_sans: true) @vault.post "v1/#{mount_point}/intermediate/set-signed", JSON.dump(certificate: resp[:data][:certificate]) end |