diff --git a/README.md b/README.md index 952dc23..b9144c2 100644 --- a/README.md +++ b/README.md @@ -305,6 +305,7 @@ The `etcd_service` resource property list corresponds to the options found in - `peer_key_file` - `peer_client_cert_auth` - `peer_trusted_ca_file` +- `peer_cert_allowed_cn` - `peer_auto_tls` - `etcdctl_client_cert_file` - `etcdctl_client_key_file` diff --git a/libraries/etcd_common_properties.rb b/libraries/etcd_common_properties.rb index 1876eef..53c0e13 100644 --- a/libraries/etcd_common_properties.rb +++ b/libraries/etcd_common_properties.rb @@ -61,6 +61,7 @@ def self.included(base) property :client_cert_auth, [true, false], default: false, desired_state: false property :trusted_ca_file, String, desired_state: false property :auto_tls, [true, false], default: false, desired_state: false + property :peer_cert_allowed_cn, String, desired_state: false property :peer_cert_file, String, desired_state: false property :peer_key_file, String, desired_state: false property :peer_client_cert_auth, [true, false], default: false, desired_state: false diff --git a/libraries/helpers_service.rb b/libraries/helpers_service.rb index 8f72f28..4f0b986 100644 --- a/libraries/helpers_service.rb +++ b/libraries/helpers_service.rb @@ -39,6 +39,7 @@ def etcd_daemon_opts opts << "-listen-peer-urls=#{new_resource.listen_peer_urls}" unless new_resource.listen_peer_urls.nil? opts << "-max-snapshots=#{new_resource.max_snapshots}" unless new_resource.max_snapshots.nil? opts << "-max-wals=#{new_resource.max_wals}" unless new_resource.max_wals.nil? + opts << "-peer-cert-allowed-cn=#{new_resource.peer_cert_allowed_cn}" unless new_resource.peer_cert_allowed_cn? opts << "-peer-cert-file=#{new_resource.peer_cert_file}" unless new_resource.peer_cert_file.nil? opts << '-peer-client-cert-auth=true' if new_resource.peer_client_cert_auth == true opts << "-peer-key-file=#{new_resource.peer_key_file}" unless new_resource.peer_key_file.nil?