External pillar for populating hosts' private keys and certificates.

ca.py

"""
Custom pillar module to retrieve certificates and private keys based on the
server id.

Configuring the CA ext_pillar
=============================

The CA ext_pillar configuration needs a path to the PKI directory and a Pillar
variable name to populate the data into. In the end ext_pillar configuration
will look like:

.. code-block:: yaml

  ext_pillar:
    - ca:
      - pillar_key: capath


where ``capath`` is an absolute path to PKI directory with directories named
``private`` and ``certs`` to store hosts private key and certificate
respectively. All private keys should end with ``.key`` extension while all
certificates - with ``.crt``. The only exception is CA certificate which has
``.pem`` extension by default and is called ``cacert.pem``.

It is possible to specify multiple pairs of key/directory by just adding
more lines similar to the last one in the example above.
"""

import logging
LOG = logging.getLogger(__name__)

import os.path

__opts__ = {}

def ext_pillar( pillar, **kwargs ):
    """Provide certificate information to the minion"""
    ca_pillar = {}
    host_id = __opts__['id']
    for pillar_key, ca_dir in kwargs.iteritems():
        cacert_path = os.path.join(ca_dir, 'cacert.pem')
        cert_path = os.path.join(ca_dir, 'certs', "".join([host_id, '.crt']))
        key_path = os.path.join(ca_dir, 'private', "".join([host_id, '.key']))
        try:
            cacert = open(cacert_path,'r').read()
            key = open(key_path,'r').read()
            cert = open(cert_path, 'r').read()

            ca_pillar[pillar_key] = {
                "cacert": cacert,
                "key": key,
                "cert": cert 
                }

        except IOError:
            continue

    return ca_pillar