Class: Vault::Provision::Pki::Intermediate::Generate::Internal

Inherits:
Vault::Provision::Prototype
  • Object
show all
Includes:
Vault::Provision::Pki
Defined in:
lib/vault/provision/pki/intermediate/generate/internal.rb

Overview

create the CA

Instance Method Summary collapse

Instance Method Details

#gen_file(mount_point) ⇒ Object 



5
6
7
 
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 5

def gen_file mount_point
  "#{@instance_dir}/#{mount_point}/intermediate/generate/internal.json"
end

#provision!Object 



9
10
11
12
13
14
15
16
17
18
19
 
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 9

def provision!
  repo_files_by_mount_type('pki').each do |rf|
    mount_point = rf.split('/')[-4]
    next unless FileTest.file?(gen_file(mount_point))
    next if generated? mount_point
    next unless @pki_allow_destructive
    resp = @vault.post "v1/#{mount_point}/intermediate/generate/internal",
                       File.read(rf)
    sign_intermediate_csr(mount_point, resp[:data][:csr])
  end
end

#sign_intermediate_csr(mount_point, csr) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/vault/provision/pki/intermediate/generate/internal.rb', line 21

def sign_intermediate_csr mount_point, csr
  return if @intermediate_issuer.empty?
  root_mount = @intermediate_issuer[mount_point.to_sym]
  return if root_mount.nil?

  req = JSON.parse(File.read(gen_file(mount_point)))
  resp = @vault.post "v1/#{root_mount}/root/sign-intermediate",
                     JSON.dump(csr:                  csr,
                               common_name:          req['common_name'],
                               ttl:                  req['ttl'],
                               max_path_length:      0,
                               exclude_cn_from_sans: true)

  @vault.post "v1/#{mount_point}/intermediate/set-signed",
              JSON.dump(certificate: resp[:data][:certificate])
end