From 9c862f73ba7bd37c2b56e58eb939da9f3c4dfd04 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 21:30:16 +0200 Subject: [PATCH 1/8] feat: refreshable exports Add possibility to switch the underlying Execs to "refreshonly" mode and handle over subscriptions to resource(s) as parameter. This fixes also a bug when p12 file is not renewed after the input file changed. Backward compatibility fully given. --- manifests/export/pem_cert.pp | 27 +++++++++++++++++++++------ manifests/export/pem_key.pp | 29 ++++++++++++++++++++++------- manifests/export/pkcs12.pp | 35 ++++++++++++++++++++++++++--------- 3 files changed, 69 insertions(+), 22 deletions(-) diff --git a/manifests/export/pem_cert.pp b/manifests/export/pem_cert.pp index 2bcd79f..44348f0 100644 --- a/manifests/export/pem_cert.pp +++ b/manifests/export/pem_cert.pp @@ -1,7 +1,11 @@ # @summary Export certificate(s) to PEM/x509 format # +# @param dynamic +# dynamically renew certificate file # @param ensure # Whether the certificate file should exist +# @param resources +# List of resources to subcribe for certificate file renewal # @param pfx_cert # PFX certificate/key container # @param der_cert @@ -12,11 +16,13 @@ # PFX password # define openssl::export::pem_cert ( - Enum['present', 'absent'] $ensure = present, - Stdlib::Absolutepath $pem_cert = $title, - Optional[Stdlib::Absolutepath] $pfx_cert = undef, - Optional[Stdlib::Absolutepath] $der_cert = undef, - Optional[String] $in_pass = undef, + Boolean $dynamic = false, + Enum['present', 'absent'] $ensure = present, + Variant[Type, Array[Type]] $resources = undef, + Stdlib::Absolutepath $pem_cert = $title, + Optional[Stdlib::Absolutepath] $pfx_cert = undef, + Optional[Stdlib::Absolutepath] $der_cert = undef, + Optional[String] $in_pass = undef, ) { #local variables @@ -54,10 +60,19 @@ $passin_opt, ] + if $dynamic { + $exec_params = { + refreshonly => true, + subscribe => $resources, + } + } else { + $exec_params = { creates => $pem_cert, } + } + exec { "Export ${in_cert} to ${pem_cert}": command => inline_template('<%= @cmd.join(" ") %>'), path => $facts['path'], - creates => $pem_cert, + * => $exec_params, } } else { file { $pem_cert: diff --git a/manifests/export/pem_key.pp b/manifests/export/pem_key.pp index 8820042..5770eea 100644 --- a/manifests/export/pem_key.pp +++ b/manifests/export/pem_key.pp @@ -4,19 +4,25 @@ # PFX certificate/key container # @param pem_key # PEM certificate +# @param dynamic +# dynamically renew key file # @param ensure -# Whether the key file should exist +# Whether the keyfile should exist +# @param resources +# List of resources to subcribe for key renewal # @param in_pass # PFX container password # @param out_pass # PEM key password # define openssl::export::pem_key ( - Stdlib::Absolutepath $pfx_cert, - Stdlib::Absolutepath $pem_key = $title, - Enum['present', 'absent'] $ensure = present, - Optional[String] $in_pass = undef, - Optional[String] $out_pass = undef, + Stdlib::Absolutepath $pfx_cert, + Stdlib::Absolutepath $pem_key = $title, + Boolean $dynamic = false, + Enum['present', 'absent'] $ensure = present, + Variant[Type, Array[Type]] $resources = undef, + Optional[String] $in_pass = undef, + Optional[String] $out_pass = undef, ) { if $ensure == 'present' { $passin_opt = $in_pass ? { @@ -38,10 +44,19 @@ $passout_opt, ] + if $dynamic { + $exec_params = { + refreshonly => true, + subscribe => $resources, + } + } else { + $exec_params = { creates => $pem_key, } + } + exec { "Export ${pfx_cert} to ${pem_key}": command => inline_template('<%= @cmd.join(" ") %>'), path => $facts['path'], - creates => $pem_key, + * => $exec_params, } } else { file { $pem_key: diff --git a/manifests/export/pkcs12.pp b/manifests/export/pkcs12.pp index 01a6279..2c1bb76 100644 --- a/manifests/export/pkcs12.pp +++ b/manifests/export/pkcs12.pp @@ -6,8 +6,12 @@ # Private key # @param cert # Certificate +# @param dynamic +# dynamically renew PKCS12 file # @param ensure # Whether the PKCS12 file should exist +# @param resources +# List of resources to subcribe for PKCS12 renewal # @param in_pass # Private key password # @param out_pass @@ -16,13 +20,15 @@ # Chain certificate to include in pkcs12 # define openssl::export::pkcs12 ( - Stdlib::Absolutepath $basedir, - Stdlib::Absolutepath $pkey, - Stdlib::Absolutepath $cert, - Enum['present', 'absent'] $ensure = present, - Optional[String] $chaincert = undef, - Optional[String] $in_pass = undef, - Optional[String] $out_pass = undef, + Stdlib::Absolutepath $basedir, + Stdlib::Absolutepath $pkey, + Stdlib::Absolutepath $cert, + Boolean $dynamic = false, + Enum['present', 'absent'] $ensure = present, + Variant[Type, Array[Type]] $resources = undef, + Optional[String] $chaincert = undef, + Optional[String] $in_pass = undef, + Optional[String] $out_pass = undef, ) { if $ensure == 'present' { $pass_opt = $in_pass ? { @@ -52,10 +58,21 @@ $passout_opt, ] - exec { "Export ${name} to ${basedir}/${name}.p12": + $full_path = "${basedir}/${name}.p12" + + if $dynamic { + $exec_params = { + refreshonly => true, + subscribe => $resources, + } + } else { + $exec_params = { creates => $full_path, } + } + + exec { "Export ${name} to ${full_path}": command => inline_template('<%= @cmd.join(" ") %>'), path => $facts['path'], - creates => "${basedir}/${name}.p12", + * => $exec_params, } } else { file { "${basedir}/${name}.p12": From a5febe7c3968d3a9d7d9e9baebdd0e9ea7806d24 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 21:49:27 +0200 Subject: [PATCH 2/8] Update REFERENCE.md --- REFERENCE.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/REFERENCE.md b/REFERENCE.md index 15bcf45..9769ae6 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -918,6 +918,8 @@ The following parameters are available in the `openssl::export::pem_cert` define * [`der_cert`](#-openssl--export--pem_cert--der_cert) * [`pem_cert`](#-openssl--export--pem_cert--pem_cert) * [`in_pass`](#-openssl--export--pem_cert--in_pass) +* [`dynamic`](#-openssl--export--pem_cert--dynamic) +* [`resources`](#-openssl--export--pem_cert--resources) ##### `ensure` @@ -959,6 +961,22 @@ PFX password Default value: `undef` +##### `dynamic` + +Data type: `Boolean` + +Switch to dynamic mode of export, if input configuration changes + +Default value: `false` + +##### `resources` + +Data type: `Variant[Type, Array[Type]]` + +Single resource or a list of resources to subcribe on for dynamic refresh + +Default value: `undef` + ### `openssl::export::pem_key` Export a key to PEM format @@ -972,6 +990,8 @@ The following parameters are available in the `openssl::export::pem_key` defined * [`ensure`](#-openssl--export--pem_key--ensure) * [`in_pass`](#-openssl--export--pem_key--in_pass) * [`out_pass`](#-openssl--export--pem_key--out_pass) +* [`dynamic`](#-openssl--export--pem_key--dynamic) +* [`resources`](#-openssl--export--pem_key--resources) ##### `pfx_cert` @@ -1011,6 +1031,22 @@ PEM key password Default value: `undef` +##### `dynamic` + +Data type: `Boolean` + +Switch to dynamic mode of export, if input configuration changes + +Default value: `false` + +##### `resources` + +Data type: `Variant[Type, Array[Type]]` + +Single resource or a list of resources to subcribe on for dynamic refresh + +Default value: `undef` + ### `openssl::export::pkcs12` Export a key pair to PKCS12 format @@ -1026,6 +1062,8 @@ The following parameters are available in the `openssl::export::pkcs12` defined * [`in_pass`](#-openssl--export--pkcs12--in_pass) * [`out_pass`](#-openssl--export--pkcs12--out_pass) * [`chaincert`](#-openssl--export--pkcs12--chaincert) +* [`dynamic`](#-openssl--export--pkcs12--dynamic) +* [`resources`](#-openssl--export--pkcs12--resources) ##### `basedir` @@ -1077,6 +1115,22 @@ Chain certificate to include in pkcs12 Default value: `undef` +##### `dynamic` + +Data type: `Boolean` + +Switch to dynamic mode of export, if input configuration changes + +Default value: `false` + +##### `resources` + +Data type: `Variant[Type, Array[Type]]` + +Single resource or a list of resources to subcribe on for dynamic refresh + +Default value: `undef` + ## Resource types ### `cert_file` From 7dbf3fe24d337c49afe3899ab3f3fb479565f823 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 21:55:01 +0200 Subject: [PATCH 3/8] Update README.md --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 5aa434e..8dcda40 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,21 @@ openssl::export::pem_key { 'foo': } ``` +### Dynamic refresh of exported files + +If you want Puppet to refresh the PKCS#12, PEM/x509 or PEM key file in case the input files changed, set the dynamic mode on and handle over desired resources for subscription: + +```puppet +openssl::export::pkcs12 { 'bar': + ensure => 'present', + basedir => '/path/to/dir', + pkey => '/here/is/my/private.key', + cert => '/there/is/the/cert.crt', + dynamic => true, + resources => File['/here/is/my/private.key','/there/is/the/cert.crt'], +} +``` + ### Create Diffie-Hellman parameters The [openssl::dhparam](REFERENCE.md#openssldhparam) defined type and its back-end resource type [dhparam](REFERENCE.md#dhparam) allow to generate Diffie-Hellman parameters. From d93de283b881f7f6d210a6b0e66c87f31a2ce961 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 22:19:12 +0200 Subject: [PATCH 4/8] Update REFERENCE.md --- REFERENCE.md | 110 +++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 9769ae6..dbad3ed 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -913,13 +913,21 @@ Export certificate(s) to PEM/x509 format The following parameters are available in the `openssl::export::pem_cert` defined type: +* [`dynamic`](#-openssl--export--pem_cert--dynamic) * [`ensure`](#-openssl--export--pem_cert--ensure) +* [`resources`](#-openssl--export--pem_cert--resources) * [`pfx_cert`](#-openssl--export--pem_cert--pfx_cert) * [`der_cert`](#-openssl--export--pem_cert--der_cert) * [`pem_cert`](#-openssl--export--pem_cert--pem_cert) * [`in_pass`](#-openssl--export--pem_cert--in_pass) -* [`dynamic`](#-openssl--export--pem_cert--dynamic) -* [`resources`](#-openssl--export--pem_cert--resources) + +##### `dynamic` + +Data type: `Boolean` + +dynamically renew certificate file + +Default value: `false` ##### `ensure` @@ -929,6 +937,14 @@ Whether the certificate file should exist Default value: `present` +##### `resources` + +Data type: `Variant[Type, Array[Type]]` + +List of resources to subcribe for certificate file renewal + +Default value: `undef` + ##### `pfx_cert` Data type: `Optional[Stdlib::Absolutepath]` @@ -961,22 +977,6 @@ PFX password Default value: `undef` -##### `dynamic` - -Data type: `Boolean` - -Switch to dynamic mode of export, if input configuration changes - -Default value: `false` - -##### `resources` - -Data type: `Variant[Type, Array[Type]]` - -Single resource or a list of resources to subcribe on for dynamic refresh - -Default value: `undef` - ### `openssl::export::pem_key` Export a key to PEM format @@ -987,11 +987,11 @@ The following parameters are available in the `openssl::export::pem_key` defined * [`pfx_cert`](#-openssl--export--pem_key--pfx_cert) * [`pem_key`](#-openssl--export--pem_key--pem_key) +* [`dynamic`](#-openssl--export--pem_key--dynamic) * [`ensure`](#-openssl--export--pem_key--ensure) +* [`resources`](#-openssl--export--pem_key--resources) * [`in_pass`](#-openssl--export--pem_key--in_pass) * [`out_pass`](#-openssl--export--pem_key--out_pass) -* [`dynamic`](#-openssl--export--pem_key--dynamic) -* [`resources`](#-openssl--export--pem_key--resources) ##### `pfx_cert` @@ -1007,43 +1007,43 @@ PEM certificate Default value: `$title` +##### `dynamic` + +Data type: `Boolean` + +dynamically renew key file + +Default value: `false` + ##### `ensure` Data type: `Enum['present', 'absent']` -Whether the key file should exist +Whether the keyfile should exist Default value: `present` -##### `in_pass` +##### `resources` -Data type: `Optional[String]` +Data type: `Variant[Type, Array[Type]]` -PFX container password +List of resources to subcribe for key renewal Default value: `undef` -##### `out_pass` +##### `in_pass` Data type: `Optional[String]` -PEM key password +PFX container password Default value: `undef` -##### `dynamic` - -Data type: `Boolean` - -Switch to dynamic mode of export, if input configuration changes - -Default value: `false` - -##### `resources` +##### `out_pass` -Data type: `Variant[Type, Array[Type]]` +Data type: `Optional[String]` -Single resource or a list of resources to subcribe on for dynamic refresh +PEM key password Default value: `undef` @@ -1058,12 +1058,12 @@ The following parameters are available in the `openssl::export::pkcs12` defined * [`basedir`](#-openssl--export--pkcs12--basedir) * [`pkey`](#-openssl--export--pkcs12--pkey) * [`cert`](#-openssl--export--pkcs12--cert) +* [`dynamic`](#-openssl--export--pkcs12--dynamic) * [`ensure`](#-openssl--export--pkcs12--ensure) +* [`resources`](#-openssl--export--pkcs12--resources) * [`in_pass`](#-openssl--export--pkcs12--in_pass) * [`out_pass`](#-openssl--export--pkcs12--out_pass) * [`chaincert`](#-openssl--export--pkcs12--chaincert) -* [`dynamic`](#-openssl--export--pkcs12--dynamic) -* [`resources`](#-openssl--export--pkcs12--resources) ##### `basedir` @@ -1083,6 +1083,14 @@ Data type: `Stdlib::Absolutepath` Certificate +##### `dynamic` + +Data type: `Boolean` + +dynamically renew PKCS12 file + +Default value: `false` + ##### `ensure` Data type: `Enum['present', 'absent']` @@ -1091,6 +1099,14 @@ Whether the PKCS12 file should exist Default value: `present` +##### `resources` + +Data type: `Variant[Type, Array[Type]]` + +List of resources to subcribe for PKCS12 renewal + +Default value: `undef` + ##### `in_pass` Data type: `Optional[String]` @@ -1115,22 +1131,6 @@ Chain certificate to include in pkcs12 Default value: `undef` -##### `dynamic` - -Data type: `Boolean` - -Switch to dynamic mode of export, if input configuration changes - -Default value: `false` - -##### `resources` - -Data type: `Variant[Type, Array[Type]]` - -Single resource or a list of resources to subcribe on for dynamic refresh - -Default value: `undef` - ## Resource types ### `cert_file` From 1fb2b967e5814e6e86c62b21871332c0c8ca1e73 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 23:30:45 +0200 Subject: [PATCH 5/8] fix: types, specs, reference.md --- REFERENCE.md | 6 +++--- manifests/export/pem_cert.pp | 2 +- manifests/export/pem_key.pp | 2 +- manifests/export/pkcs12.pp | 2 +- spec/defines/openssl_export_pem_cert_spec.rb | 18 ++++++++++++++++++ 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index dbad3ed..0970a9c 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -943,7 +943,7 @@ Data type: `Variant[Type, Array[Type]]` List of resources to subcribe for certificate file renewal -Default value: `undef` +Default value: `[]` ##### `pfx_cert` @@ -1029,7 +1029,7 @@ Data type: `Variant[Type, Array[Type]]` List of resources to subcribe for key renewal -Default value: `undef` +Default value: `[]` ##### `in_pass` @@ -1105,7 +1105,7 @@ Data type: `Variant[Type, Array[Type]]` List of resources to subcribe for PKCS12 renewal -Default value: `undef` +Default value: `[]` ##### `in_pass` diff --git a/manifests/export/pem_cert.pp b/manifests/export/pem_cert.pp index 44348f0..17ed475 100644 --- a/manifests/export/pem_cert.pp +++ b/manifests/export/pem_cert.pp @@ -18,7 +18,7 @@ define openssl::export::pem_cert ( Boolean $dynamic = false, Enum['present', 'absent'] $ensure = present, - Variant[Type, Array[Type]] $resources = undef, + Variant[Type, Array[Type]] $resources = [], Stdlib::Absolutepath $pem_cert = $title, Optional[Stdlib::Absolutepath] $pfx_cert = undef, Optional[Stdlib::Absolutepath] $der_cert = undef, diff --git a/manifests/export/pem_key.pp b/manifests/export/pem_key.pp index 5770eea..59a9991 100644 --- a/manifests/export/pem_key.pp +++ b/manifests/export/pem_key.pp @@ -20,7 +20,7 @@ Stdlib::Absolutepath $pem_key = $title, Boolean $dynamic = false, Enum['present', 'absent'] $ensure = present, - Variant[Type, Array[Type]] $resources = undef, + Variant[Type, Array[Type]] $resources = [], Optional[String] $in_pass = undef, Optional[String] $out_pass = undef, ) { diff --git a/manifests/export/pkcs12.pp b/manifests/export/pkcs12.pp index 2c1bb76..f6d542f 100644 --- a/manifests/export/pkcs12.pp +++ b/manifests/export/pkcs12.pp @@ -25,7 +25,7 @@ Stdlib::Absolutepath $cert, Boolean $dynamic = false, Enum['present', 'absent'] $ensure = present, - Variant[Type, Array[Type]] $resources = undef, + Variant[Type, Array[Type]] $resources = [], Optional[String] $chaincert = undef, Optional[String] $in_pass = undef, Optional[String] $out_pass = undef, diff --git a/spec/defines/openssl_export_pem_cert_spec.rb b/spec/defines/openssl_export_pem_cert_spec.rb index ef1e8d2..cf3a742 100644 --- a/spec/defines/openssl_export_pem_cert_spec.rb +++ b/spec/defines/openssl_export_pem_cert_spec.rb @@ -48,6 +48,24 @@ ) } end + + context 'when using defaults pkcs12 to PEM with dynamic refresh' do + let(:params) do + { + ensure: :present, + pfx_cert: '/etc/ssl/certs/foo.pfx', + dynamic: true, + } + end + + it { + is_expected.to contain_exec('Export /etc/ssl/certs/foo.pfx to /etc/ssl/certs/foo.pem').with( + command: 'openssl pkcs12 -in /etc/ssl/certs/foo.pfx -out /etc/ssl/certs/foo.pem ', + path: '/usr/bin:/bin:/usr/sbin:/sbin', + refreshonly: true, + ) + } + end context 'when converting pkcs12 to PEM with password for just the certificate' do let(:params) do From a52a1b91d865cd05e6ec556197fe5274d7683b04 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 23:33:38 +0200 Subject: [PATCH 6/8] fix: linting --- spec/defines/openssl_export_pem_cert_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/openssl_export_pem_cert_spec.rb b/spec/defines/openssl_export_pem_cert_spec.rb index cf3a742..3271aac 100644 --- a/spec/defines/openssl_export_pem_cert_spec.rb +++ b/spec/defines/openssl_export_pem_cert_spec.rb @@ -62,7 +62,7 @@ is_expected.to contain_exec('Export /etc/ssl/certs/foo.pfx to /etc/ssl/certs/foo.pem').with( command: 'openssl pkcs12 -in /etc/ssl/certs/foo.pfx -out /etc/ssl/certs/foo.pem ', path: '/usr/bin:/bin:/usr/sbin:/sbin', - refreshonly: true, + refreshonly: true ) } end From fecb1cb5adf616d767ce7c5ccce7a59d33486051 Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Mon, 15 Jul 2024 23:36:47 +0200 Subject: [PATCH 7/8] fix: lint --- spec/defines/openssl_export_pem_cert_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/openssl_export_pem_cert_spec.rb b/spec/defines/openssl_export_pem_cert_spec.rb index 3271aac..a478741 100644 --- a/spec/defines/openssl_export_pem_cert_spec.rb +++ b/spec/defines/openssl_export_pem_cert_spec.rb @@ -48,7 +48,7 @@ ) } end - + context 'when using defaults pkcs12 to PEM with dynamic refresh' do let(:params) do { From 4feddcc88754b1ef60d983845feea5dc2f624bac Mon Sep 17 00:00:00 2001 From: pavelkovtunov Date: Tue, 16 Jul 2024 08:58:29 +0200 Subject: [PATCH 8/8] Apply suggestions from code review Co-authored-by: Kenyon Ralph --- README.md | 2 +- REFERENCE.md | 6 +++--- manifests/export/pem_cert.pp | 2 +- manifests/export/pem_key.pp | 2 +- manifests/export/pkcs12.pp | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 8dcda40..0446b79 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ openssl::export::pem_key { 'foo': ### Dynamic refresh of exported files -If you want Puppet to refresh the PKCS#12, PEM/x509 or PEM key file in case the input files changed, set the dynamic mode on and handle over desired resources for subscription: +If you want Puppet to refresh the PKCS#12, PEM/x509 or PEM key file in case the input files changed, set the dynamic mode on and list desired resources for subscription: ```puppet openssl::export::pkcs12 { 'bar': diff --git a/REFERENCE.md b/REFERENCE.md index 0970a9c..0632859 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -941,7 +941,7 @@ Default value: `present` Data type: `Variant[Type, Array[Type]]` -List of resources to subcribe for certificate file renewal +List of resources to subscribe to for certificate file renewal Default value: `[]` @@ -1027,7 +1027,7 @@ Default value: `present` Data type: `Variant[Type, Array[Type]]` -List of resources to subcribe for key renewal +List of resources to subscribe to for key renewal Default value: `[]` @@ -1103,7 +1103,7 @@ Default value: `present` Data type: `Variant[Type, Array[Type]]` -List of resources to subcribe for PKCS12 renewal +List of resources to subscribe to for PKCS12 renewal Default value: `[]` diff --git a/manifests/export/pem_cert.pp b/manifests/export/pem_cert.pp index 17ed475..8b41011 100644 --- a/manifests/export/pem_cert.pp +++ b/manifests/export/pem_cert.pp @@ -5,7 +5,7 @@ # @param ensure # Whether the certificate file should exist # @param resources -# List of resources to subcribe for certificate file renewal +# List of resources to subscribe to for certificate file renewal # @param pfx_cert # PFX certificate/key container # @param der_cert diff --git a/manifests/export/pem_key.pp b/manifests/export/pem_key.pp index 59a9991..eddc0fd 100644 --- a/manifests/export/pem_key.pp +++ b/manifests/export/pem_key.pp @@ -9,7 +9,7 @@ # @param ensure # Whether the keyfile should exist # @param resources -# List of resources to subcribe for key renewal +# List of resources to subscribe to for key renewal # @param in_pass # PFX container password # @param out_pass diff --git a/manifests/export/pkcs12.pp b/manifests/export/pkcs12.pp index f6d542f..e79bf14 100644 --- a/manifests/export/pkcs12.pp +++ b/manifests/export/pkcs12.pp @@ -11,7 +11,7 @@ # @param ensure # Whether the PKCS12 file should exist # @param resources -# List of resources to subcribe for PKCS12 renewal +# List of resources to subscribe to for PKCS12 renewal # @param in_pass # Private key password # @param out_pass