Support adding extra subjectAltName to the host certificate

9a5edc8c · Chris Burr · 4f0c3ba4 · 9a5edc8c
Verified Commit 9a5edc8c authored 1 month ago by Chris Burr
--- a/code/manifests/init.pp
+++ b/code/manifests/init.pp
@@ -33,6 +33,7 @@
 # @param oracle_support if set to true, ensures that the oracle RPM client libraries are installed
 # @param oracle_client_version version of the oracle RPM client libraries to install
 # @param tornado_processes number of processes tornado is going to spawn if the web app is used
+# @param extra_aliases extra aliases to include as subjectAltName in the host certificate
 #
 #
 # Although some parameters (like master_cs, master_config_name, extensions*, etc) could be part of the config_args,
@@ -53,7 +54,8 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac',
            Hash $dirac_config_args = {},
            Boolean $oracle_support = false,
            String $oracle_client_version = '12.1',
-            Numeric $tornado_processes = 4){
+            Numeric $tornado_processes = 4,
+            Array $extra_aliases = []){


  # Retrieve the fully qualified name
@@ -89,22 +91,21 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac',
    target => '/etc/grid-security/allCAs.pem',
  }

-
  # Collect the DNS alias to add them to the host certificate
-  if $facts['landb_ip_aliases'] {
-    # landb_ip_aliases are not FQDN
-    $aliases = split($facts['landb_ip_aliases'], ',')
-    $diraccertifalias = join(suffix($aliases, '.cern.ch'), ',')
-  }
-  else {
-    $diraccertifalias = ''
+  $ip_aliases = $facts['landb_ip_aliases'] ? {
+    undef   => [],                                  # no fact → empty list
+    default => split($facts['landb_ip_aliases'], ','),  # comma-separated
  }
+  $fqdn_ip_aliases = suffix($ip_aliases, '.cern.ch')
+  $all_aliases = $fqdn_ip_aliases + $extra_aliases
+  $san_string = join($all_aliases, ',')
+
  certmgr::certificate {'dirac perm':
    hostcert      => '/opt/dirac/etc/grid-security/hostcert.pem',
    hostkey       => '/opt/dirac/etc/grid-security/hostkey.pem',
    owner         => $dirac_user,
    group         => $dirac_group,
-    san           => $diraccertifalias,
+    san           => $san_string,
    hostkey_mode  => '0400',
    hostcert_mode => '0440',
    # require       => File['/opt/dirac/etc/grid-security/hostkey.pem'],