Update cookbooks and add wordpress cookbook

2016-02-19 18:09:49 +01:00
parent 9ba973e3ac
commit 820b0ab3f8
606 changed files with 22421 additions and 14084 deletions
--- a/cookbooks/openssl/providers/dhparam.rb
+++ b/cookbooks/openssl/providers/dhparam.rb
@@ -0,0 +1,33 @@
+#
+# dhparam.pem provider
+#
+# Author:: Charles Johnson <charles@chef.io>
+#
+
+include OpenSSLCookbook::Helpers
+
+use_inline_resources
+
+def whyrun_supported?
+  true
+end
+
+action :create do
+  converge_by("Create a dhparam file #{@new_resource}") do
+    unless dhparam_pem_valid?(new_resource.name)
+      dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem
+
+      log "Generating #{new_resource.key_length} bit "\
+          "dhparam file at #{new_resource.name}, this may take some time"
+
+      file new_resource.name do
+        action :create
+        owner new_resource.owner
+        group new_resource.group
+        mode new_resource.mode
+        sensitive true
+        content dhparam_content
+      end
+    end
+  end
+end
--- a/cookbooks/openssl/providers/rsa_key.rb
+++ b/cookbooks/openssl/providers/rsa_key.rb
@@ -0,0 +1,39 @@
+#
+# dhparam.pem provider
+#
+# Author:: Charles Johnson <charles@chef.io>
+#
+
+include OpenSSLCookbook::Helpers
+
+use_inline_resources
+
+def whyrun_supported?
+  true
+end
+
+action :create do
+  converge_by("Create an RSA key #{@new_resource}") do
+    unless key_file_valid?(new_resource.name, new_resource.key_pass)
+
+      log "Generating #{new_resource.key_length} bit "\
+          "RSA key file at #{new_resource.name}, this may take some time"
+
+      if new_resource.key_pass
+        unencrypted_rsa_key = gen_rsa_key(new_resource.key_length)
+        rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass)
+      else
+        rsa_key_content = gen_rsa_key(new_resource.key_length).to_pem
+      end
+
+      file new_resource.name do
+        action :create
+        owner new_resource.owner
+        group new_resource.group
+        mode new_resource.mode
+        sensitive true
+        content rsa_key_content
+      end
+    end
+  end
+end
--- a/cookbooks/openssl/providers/x509.rb
+++ b/cookbooks/openssl/providers/x509.rb
@@ -3,51 +3,61 @@
 #
 # Author:: Jesse Nelson <spheromak@gmail.com>
 #
-require 'openssl'
+
+include OpenSSLCookbook::Helpers

 use_inline_resources

+def whyrun_supported?
+  true
+end
+
 attr_reader :key_file, :key, :cert, :ef

-action :create  do
-  unless ::File.exists? new_resource.name
-    create_keys
-    cert_content = cert.to_pem
-    key_content = key.to_pem
+action :create do
+  converge_by("Create #{@new_resource}") do
+    unless ::File.exist? new_resource.name
+      create_keys
+      cert_content = cert.to_pem
+      key_content = key.to_pem

-    file new_resource.name do
-      action :create_if_missing
-      mode  new_resource.mode
-      owner new_resource.owner
-      group new_resource.group
-      content cert_content
+      file new_resource.name do
+        action :create_if_missing
+        mode new_resource.mode
+        owner new_resource.owner
+        group new_resource.group
+        sensitive true
+        content cert_content
+      end
+
+      file new_resource.key_file do
+        action :create_if_missing
+        mode new_resource.mode
+        owner new_resource.owner
+        group new_resource.group
+        sensitive true
+        content key_content
+      end
+      new_resource.updated_by_last_action(true)
    end
-
-    file new_resource.key_file do
-      action :create_if_missing
-      mode  new_resource.mode
-      owner new_resource.owner
-      group new_resource.group
-      content key_content
-    end
-
  end
 end

 protected

+  # rubocop:disable Metrics/AbcSize, Style/IndentationConsistency
  def key_file
    unless new_resource.key_file
-      path, file= ::File.split(new_resource.name)
-      filename  = ::File.basename(file, ::File.extname(file) )
-      new_resource.key_file  path + "/" + filename + ".key"
+      path, file = ::File.split(new_resource.name)
+      filename = ::File.basename(file, ::File.extname(file))
+      new_resource.key_file path + '/' + filename + '.key'
    end
    new_resource.key_file
  end

  def key
-    @key ||= if ::File.exists? key_file
-               OpenSSL::PKey::RSA.new File.read(key_file), new_resource.key_pass
+    @key ||= if key_file_valid?(key_file, new_resource.key_pass)
+               OpenSSL::PKey::RSA.new ::File.read(key_file), new_resource.key_pass
             else
               OpenSSL::PKey::RSA.new(new_resource.key_length)
             end
@@ -69,16 +79,16 @@ protected
  end

  def subject
-    @subject ||= "/C="  + new_resource.country +
-                 "/O="  + new_resource.org +
-                 "/OU=" + new_resource.org_unit +
-                 "/CN=" + new_resource.common_name
+    @subject ||= '/C=' + new_resource.country +
+                 '/O=' + new_resource.org +
+                 '/OU=' + new_resource.org_unit +
+                 '/CN=' + new_resource.common_name
  end

  def extensions
    [
-      ef.create_extension("basicConstraints","CA:TRUE", true),
-      ef.create_extension("subjectKeyIdentifier", "hash"),
+      ef.create_extension('basicConstraints', 'CA:TRUE', true),
+      ef.create_extension('subjectKeyIdentifier', 'hash')
    ]
  end

@@ -88,7 +98,7 @@ protected
    ef.subject_certificate = cert
    ef.issuer_certificate = cert
    cert.extensions = extensions
-    cert.add_extension ef.create_extension("authorityKeyIdentifier",
-                                       "keyid:always,issuer:always")
-    cert.sign key, OpenSSL::Digest::SHA1.new
+    cert.add_extension ef.create_extension('authorityKeyIdentifier',
+                                           'keyid:always,issuer:always')
+    cert.sign key, OpenSSL::Digest::SHA256.new
  end