From a4adc389b7f09ba8d2bb0dc6a4bc221a9e7f6e44 Mon Sep 17 00:00:00 2001
From: Fabien COMBERNOUS <fabien.combernous@adullact.org>
Date: Wed, 30 Nov 2022 17:12:26 +0100
Subject: [PATCH] add crl_extension parameter

---
 REFERENCE.md                       | 11 ++++++++++-
 manifests/init.pp                  |  4 +++-
 templates/cfssl-gencrl.service.epp |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 387082b..1e1b01b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -98,6 +98,7 @@ The following parameters are available in the `cfssl` class:
 * [`crldir`](#crldir)
 * [`crl_expiry`](#crl_expiry)
 * [`crl_gentimer`](#crl_gentimer)
+* [`crl_extension`](#crl_extension)
 * [`serve_ca`](#serve_ca)
 
 ##### <a name="downloadurl"></a>`downloadurl`
@@ -272,10 +273,18 @@ Default value: `604800`
 
 Data type: `String[1]`
 
-
+Systemd timer https://www.freedesktop.org/software/systemd/man/systemd.time.html
 
 Default value: `'*:00:00'`
 
+##### <a name="crl_extension"></a>`crl_extension`
+
+Data type: `String[1]`
+
+The filename extension suffix used form generated CRL.
+
+Default value: `'pem'`
+
 ##### <a name="serve_ca"></a>`serve_ca`
 
 Data type: `Optional[String[1]]`
diff --git a/manifests/init.pp b/manifests/init.pp
index b2acd0a..8dbfd49 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -46,7 +46,8 @@
 # @param crl_manage If true a CRL file is generated from the served autority.
 # @param crldir A directory where the CRL file is written.
 # @param crl_expiry A value, in seconds, after which the CRL should expire from the moment of the request
-# @param crl_gentimer
+# @param crl_gentimer Systemd timer https://www.freedesktop.org/software/systemd/man/systemd.time.html
+# @param crl_extension The filename extension suffix used form generated CRL.
 # @param serve_ca The Certificate authority served with CFSSL serve
 #
 class cfssl (
@@ -72,6 +73,7 @@ class cfssl (
   Stdlib::Absolutepath $crldir = '/var/cfssl',
   Integer $crl_expiry = 604800,
   String[1] $crl_gentimer = '*:00:00',
+  String[1] $crl_extension  = 'pem',
   Optional[String[1]] $serve_ca = undef,
 ) inherits cfssl::params {
   include cfssl::goose
diff --git a/templates/cfssl-gencrl.service.epp b/templates/cfssl-gencrl.service.epp
index 44cb09d..3c38182 100644
--- a/templates/cfssl-gencrl.service.epp
+++ b/templates/cfssl-gencrl.service.epp
@@ -8,6 +8,6 @@ After=cfssl.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-Environment=CRL=<%= $cfssl::crldir %>/crl-<%= $ca %>.pem
+Environment=CRL=<%= $cfssl::crldir %>/crl-<%= $ca %>.<%= $cfssl::crl_extension %>
 ExecStart=sh -c 'echo "-----BEGIN X509 CRL-----" > $CRL ; cfssl crl -db-config <%= $cfssl::confdir %>/<%= $cfssl::params::db_config_json %> -ca <%= $cfssl::confdir %>/ca/<%= $ca %>.pem -ca-key <%= $cfssl::confdir %>/ca/<%= $ca %>-key.pem | fold -w 64 >> $CRL ; echo "-----END X509 CRL-----" >> $CRL'
 
-- 
GitLab