Allow updating ca_certificates without salt-pki
diff --git a/linux/system/certificate.sls b/linux/system/certificate.sls
index a342cbe..f9f39d4 100644
--- a/linux/system/certificate.sls
+++ b/linux/system/certificate.sls
@@ -3,19 +3,39 @@
{%- if system.ca_certificates is defined %}
-{%- for certificate in system.ca_certificates %}
+linux_system_ca_certificates:
+ pkg.installed:
+ - name: ca-certificates
+{%- if system.ca_certificates is mapping %}
+{%- for name, cert in system.ca_certificates.iteritems() %}
+{{ system.ca_certs_dir }}/{{ name }}.crt:
+ file.managed:
+ - contents_pillar: "linux:system:ca_certificates:{{ name }}"
+ - watch_in:
+ - cmd: update_certificates
+ - require:
+ - pkg: linux_system_ca_certificates
+{%- endfor %}
+
+{%- else %}
+{#- salt-pki way #}
+
+{%- for certificate in system.ca_certificates %}
{{ system.ca_certs_dir }}/{{ certificate }}.crt:
file.managed:
- source: salt://pki/{{ certificate }}/{{ certificate }}-chain.cert.pem
- watch_in:
- cmd: update_certificates
-
+ - require:
+ - pkg: linux_system_ca_certificates
{%- endfor %}
+{%- endif %}
+
update_certificates:
cmd.wait:
- - name: /usr/sbin/update-ca-certificates
+ - name: update-ca-certificates
{%- endif %}