Skip to content

Commit

Permalink
feat: add insecure option to state and module
Browse files Browse the repository at this point in the history
  • Loading branch information
@genaumann
genaumann committed Jan 20, 2024
1 parent 5dc27ee commit 08b9993
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
18 changes: 17 additions & 1 deletion _modules/acme_sh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ def issue(
force=False,
valid_to=None,
valid_from=None,
insecure=False,
):
"""
Obtain a certificate
Expand Down Expand Up @@ -236,6 +237,10 @@ def issue(
valid_from
NotBefore field in cert
see https://github.com/acmesh-official/acme.sh/wiki/Validity
insecure
disable ssl verification
default: False
"""

home_dir = __salt__["user.info"](user)["home"]
Expand Down Expand Up @@ -320,6 +325,10 @@ def issue(
if valid_from:
cmd.extend(["--valid-from", valid_from])

# insecure
if insecure:
cmd.append("--insecure")

if acme_mode == "dns":
log.debug("Set dns_credentials as temporary env")
__salt__["environ.setenv"](dns_credentials)
Expand Down Expand Up @@ -443,7 +452,7 @@ def info(name, user="root", cert_path=None):
return ret


def renew(name, user="root", cert_path=None, force=False):
def renew(name, user="root", cert_path=None, force=False, insecure=False):
"""
Renew a certificate
Expand All @@ -461,6 +470,10 @@ def renew(name, user="root", cert_path=None, force=False):
force
force renewing a certificate
default: False
insecure
disable ssl verification
default: False
"""

home_dir = __salt__["user.info"](user)["home"]
Expand All @@ -477,6 +490,9 @@ def renew(name, user="root", cert_path=None, force=False):
if force:
cmd.append("--force")

if insecure:
cmd.append("--insecure")

renew_cmd = __salt__["cmd.run_all"](" ".join(cmd), python_shell=False, runas=user)

if renew_cmd["retcode"] == 0:
Expand Down
7 changes: 7 additions & 0 deletions _states/acme_sh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ def cert(
force=False,
valid_to=None,
valid_from=None,
insecure=False,
):
"""
Ensure that a certificate is issued
Expand Down Expand Up @@ -192,6 +193,10 @@ def cert(
valid_from
NotBefore field in cert
see https://github.com/acmesh-official/acme.sh/wiki/Validity
insecure
Disable SSL certificate verification
default = False
"""

ret = {
Expand Down Expand Up @@ -265,6 +270,7 @@ def cert(
force=force,
valid_to=valid_to,
valid_from=valid_from,
insecure=insecure,
)

if __context__["retcode"] == 0:
Expand All @@ -290,6 +296,7 @@ def cert(
user=user,
cert_path=cert_path,
force=force,
insecure=insecure,
)

if __context__["retcode"] == 0:
Expand Down
3 changes: 3 additions & 0 deletions acme_sh/cert.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ acme_sh_cert_{{ user }}_{{ domain }}:
{%- if cert_config.get('valid_from') %}
- valid_from: {{ cert_config['valid_from'] }}
{%- endif %}
{%- if cert_config.get('insecure') %}
- insecure: {{ cert_config['insecure'] }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}

0 comments on commit 08b9993

Please sign in to comment.