- add fact to export vault public cert from agents - add fact to export list of trusted incus client certs - add method for incus clients to export their client cert to be trusted
This commit is contained in:
@@ -0,0 +1,11 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/vault_cert_content.rb
|
||||
|
||||
Facter.add(:vault_cert_content) do
|
||||
confine kernel: 'Linux'
|
||||
setcode do
|
||||
cert_path = '/etc/pki/tls/vault/certificate.crt'
|
||||
File.read(cert_path) if File.exist?(cert_path) && File.readable?(cert_path)
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,23 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/vault_cert_fingerprint.rb
|
||||
|
||||
Facter.add(:vault_cert_fingerprint) do
|
||||
confine kernel: 'Linux'
|
||||
setcode do
|
||||
require 'openssl'
|
||||
require 'digest'
|
||||
|
||||
cert_path = '/etc/pki/tls/vault/certificate.crt'
|
||||
if File.exist?(cert_path) && File.readable?(cert_path)
|
||||
begin
|
||||
cert_content = File.read(cert_path)
|
||||
cert = OpenSSL::X509::Certificate.new(cert_content)
|
||||
# Calculate SHA256 fingerprint like incus does
|
||||
Digest::SHA256.hexdigest(cert.to_der)
|
||||
rescue StandardError
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user