class Vault::Provision::Pki::Intermediate::Generate::Internal
create the CA
Public Instance Methods
gen_file(mount_point)
click to toggle source
# File lib/vault/provision/pki/intermediate/generate/internal.rb, line 5 def gen_file mount_point "#{@instance_dir}/#{mount_point}/intermediate/generate/internal.json" end
provision!()
click to toggle source
# File lib/vault/provision/pki/intermediate/generate/internal.rb, line 9 def provision! repo_files_by_mount_type('pki').each do |rf| mount_point = rf.split('/')[-4] next unless FileTest.file?(gen_file(mount_point)) next if generated? mount_point next unless @pki_allow_destructive resp = @vault.post "v1/#{mount_point}/intermediate/generate/internal", File.read(rf) sign_intermediate_csr(mount_point, resp[:data][:csr]) end end
sign_intermediate_csr(mount_point, csr)
click to toggle source
# File lib/vault/provision/pki/intermediate/generate/internal.rb, line 21 def sign_intermediate_csr mount_point, csr return if @intermediate_issuer.empty? root_mount = @intermediate_issuer[mount_point.to_sym] return if root_mount.nil? req = JSON.parse(File.read(gen_file(mount_point))) resp = @vault.post "v1/#{root_mount}/root/sign-intermediate", JSON.dump(csr: csr, common_name: req['common_name'], ttl: req['ttl'], max_path_length: 0, exclude_cn_from_sans: true) @vault.post "v1/#{mount_point}/intermediate/set-signed", JSON.dump(certificate: resp[:data][:certificate]) end