Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / salt / bca80b792f5164a541a67713fe00680f35f199cd^! / .
commitbca80b792f5164a541a67713fe00680f35f199cd[log] [tgz]
authorAles Komarek <ales.komarek@tcpcloud.eu>Mon Apr 11 16:55:22 2016 +0200
committerAles Komarek <ales.komarek@tcpcloud.eu>Mon Apr 11 16:55:22 2016 +0200
tree696397b257b6144df6ca748eb2797a495e319276
parent370356a93361fb84929e6d1a8e114b3817931788 [diff]
x509 subject properties

diff --git a/salt/files/_pki.conf b/salt/files/_pki.conf
index 19c6dc1..489263b 100644
--- a/salt/files/_pki.conf
+++ b/salt/files/_pki.conf

@@ -7,9 +7,21 @@
     - minions: '{{ signing_policy.minions }}'
     - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
     - signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
+    {%- if ca.country is defined %}
     - C: {{ ca.country }}
+    {%- endif %}
+    {%- if ca.state is defined %}
     - ST: {{ ca.state }}
+    {%- endif %}
+    {%- if ca.locality is defined %}
     - L: {{ ca.locality }}
+    {%- endif %}
+    {%- if ca.organization is defined %}
+    - O: {{ ca.organization }}
+    {%- endif %}
+    {%- if ca.organization_unit is defined %}
+    - OU: {{ ca.organization_unit }}
+    {%- endif %}
     {%- if signing_policy.type == 'v3_edge_cert_client' %}
     - basicConstraints: "CA:FALSE"
     - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"

diff --git a/salt/minion/ca.sls b/salt/minion/ca.sls
index b67f760..196359d 100644
--- a/salt/minion/ca.sls
+++ b/salt/minion/ca.sls

@@ -30,9 +30,21 @@
   x509.certificate_managed:
   - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
   - CN: {{ ca.common_name }}
+  {%- if ca.country is defined %}
   - C: {{ ca.country }}
+  {%- endif %}
+  {%- if ca.state is defined %}
   - ST: {{ ca.state }}
+  {%- endif %}
+  {%- if ca.locality is defined %}
   - L: {{ ca.locality }}
+  {%- endif %}
+  {%- if ca.organization is defined %}
+  - O: {{ ca.organization }}
+  {%- endif %}
+  {%- if ca.organization_unit is defined %}
+  - OU: {{ ca.organization_unit }}
+  {%- endif %}
   - basicConstraints: "critical,CA:TRUE"
   - keyUsage: "critical,cRLSign,keyCertSign"
   - subjectKeyIdentifier: hash