Merge pull request #94 from BarthV/master

Adding peer-cert-allowed-cn new option in allowed resources properties
sous-chefs · Jan 20, 2019 · fe13456 · fe13456
2 parents 2f20353 + 2c45ca4
commit fe13456
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -305,6 +305,7 @@ The `etcd_service` resource property list corresponds to the options found in
 - `peer_key_file`
 - `peer_client_cert_auth`
 - `peer_trusted_ca_file`
+- `peer_cert_allowed_cn`
 - `peer_auto_tls`
 - `etcdctl_client_cert_file`
 - `etcdctl_client_key_file`

diff --git a/libraries/etcd_common_properties.rb b/libraries/etcd_common_properties.rb
@@ -61,6 +61,7 @@ def self.included(base)
         property :client_cert_auth, [true, false], default: false, desired_state: false
         property :trusted_ca_file, String, desired_state: false
         property :auto_tls, [true, false], default: false, desired_state: false
+	property :peer_cert_allowed_cn, String, desired_state: false
         property :peer_cert_file, String, desired_state: false
         property :peer_key_file, String, desired_state: false
         property :peer_client_cert_auth, [true, false], default: false, desired_state: false

diff --git a/libraries/helpers_service.rb b/libraries/helpers_service.rb
@@ -39,6 +39,7 @@ def etcd_daemon_opts
         opts << "-listen-peer-urls=#{new_resource.listen_peer_urls}" unless new_resource.listen_peer_urls.nil?
         opts << "-max-snapshots=#{new_resource.max_snapshots}" unless new_resource.max_snapshots.nil?
         opts << "-max-wals=#{new_resource.max_wals}" unless new_resource.max_wals.nil?
+	opts << "-peer-cert-allowed-cn=#{new_resource.peer_cert_allowed_cn}" unless new_resource.peer_cert_allowed_cn?
         opts << "-peer-cert-file=#{new_resource.peer_cert_file}" unless new_resource.peer_cert_file.nil?
         opts << '-peer-client-cert-auth=true' if new_resource.peer_client_cert_auth == true
         opts << "-peer-key-file=#{new_resource.peer_key_file}" unless new_resource.peer_key_file.nil?