diff --git a/REFERENCE.md b/REFERENCE.md
index 7673b9b2..7b9e01ba 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -74,7 +74,6 @@ start on boot and will be restarted if stopped.
### Functions
-* [`icinga2::cert`](#icinga2--cert): Choose the path of tls key, cert and ca file.
* [`icinga2::icinga2_attributes`](#icinga2--icinga2_attributes): Calls the simple parser to decide what to quote.
For more information, see lib/puppet_x/icinga2/utils.rb.
* [`icinga2::icinga2_ticket_id`](#icinga2--icinga2_ticket_id): Summarise what the function does here
@@ -5531,60 +5530,6 @@ Default value: `[]`
## Functions
-### `icinga2::cert`
-
-Type: Puppet Language
-
-Choose the path of tls key, cert and ca file.
-
-#### `icinga2::cert(String $name, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Variant[String, Sensitive[String]]] $key = undef, Optional[String] $cert = undef, Optional[String] $cacert = undef)`
-
-The icinga2::cert function.
-
-Returns: `Hash` Returned hash includes all paths and the key, cert and cacert.
-
-##### `name`
-
-Data type: `String`
-
-
-
-##### `key_file`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-
-
-##### `cert_file`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-
-
-##### `cacert_file`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-
-
-##### `key`
-
-Data type: `Optional[Variant[String, Sensitive[String]]]`
-
-
-
-##### `cert`
-
-Data type: `Optional[String]`
-
-
-
-##### `cacert`
-
-Data type: `Optional[String]`
-
-
-
### `icinga2::icinga2_attributes`
Type: Ruby 4.x API
diff --git a/functions/cert.pp b/functions/cert.pp
deleted file mode 100644
index 495f5b96..00000000
--- a/functions/cert.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-# @summary
-# Choose the path of tls key, cert and ca file.
-#
-# @return
-# Returned hash includes all paths and the key, cert and cacert.
-#
-function icinga2::cert(
- String $name,
- Optional[Stdlib::Absolutepath] $key_file = undef,
- Optional[Stdlib::Absolutepath] $cert_file = undef,
- Optional[Stdlib::Absolutepath] $cacert_file = undef,
- Optional[Variant[String, Sensitive[String]]] $key = undef,
- Optional[String] $cert = undef,
- Optional[String] $cacert = undef,
-) >> Hash {
- # @param name
- # The base name of certicate, key and ca file.
- #
- # @param tls_cert_path
- # Location of the certificate.
- #
- # @param tls_cacert_path
- # Location of the CA certificate.
- #
- # @param tls_crl_path
- # Location of the Certicicate Revocation List.
- #
- # @param tls_key
- # The private key in a base64 encoded string to store in spicified tls_key_path file.
- #
- # @param tls_cert
- # The certificate in a base64 encoded string to store in spicified tls_cert_path file.
- #
- # @param tls_cacert
- # The CA root certificate in a base64 encoded string to store in spicified tls_cacert_path file.
- #
- # @param tls_capath
- # Trusted CA certificates in PEM format directory path.
- #
- $default_dir = $icinga2::globals::cert_dir
-
- $result = {
- 'key' => if $key =~ Sensitive {
- $key
- } elsif $key =~ String {
- Sensitive($key)
- } else {
- undef
- },
- 'key_file' => if $key {
- if $key_file {
- $key_file
- } else {
- "${default_dir}/${name}.key"
- }
- } else {
- $key_file
- },
- 'cert' => $cert,
- 'cert_file' => if $cert {
- if $cert_file {
- $cert_file
- } else {
- "${default_dir}/${name}.crt"
- }
- } else {
- $cert_file
- },
- 'cacert' => $cacert,
- 'cacert_file' => if $cacert {
- if $cacert_file {
- $cacert_file
- } else {
- "${default_dir}/${name}_ca.crt"
- }
- } else {
- $cacert_file
- },
- }
-
- $result
-}
diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp
index 856da2c3..8bc99d09 100644
--- a/manifests/feature/elasticsearch.pp
+++ b/manifests/feature/elasticsearch.pp
@@ -109,8 +109,9 @@
}
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'ElasticsearchWriter_elasticsearch',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/manifests/feature/gelf.pp b/manifests/feature/gelf.pp
index e0d2ed66..c99d093f 100644
--- a/manifests/feature/gelf.pp
+++ b/manifests/feature/gelf.pp
@@ -79,8 +79,9 @@
}
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'GelfWriter_gelf',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/manifests/feature/icingadb.pp b/manifests/feature/icingadb.pp
index e89da664..62a65076 100644
--- a/manifests/feature/icingadb.pp
+++ b/manifests/feature/icingadb.pp
@@ -124,8 +124,9 @@
}
if $enable_tls {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'IcingaDB-icingadb',
+ $ssl_dir,
$tls_key_file,
$tls_cert_file,
$tls_cacert_file,
diff --git a/manifests/feature/idomysql.pp b/manifests/feature/idomysql.pp
index 116a6a54..77a3b8f0 100644
--- a/manifests/feature/idomysql.pp
+++ b/manifests/feature/idomysql.pp
@@ -148,8 +148,9 @@
}
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'IdoMysqlConnection_ido-mysql',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/manifests/feature/idopgsql.pp b/manifests/feature/idopgsql.pp
index 7fd1723f..fc0301c8 100644
--- a/manifests/feature/idopgsql.pp
+++ b/manifests/feature/idopgsql.pp
@@ -134,8 +134,9 @@
}
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'IdoPgsqlConnection_ido-pgsql',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp
index 5c5c7874..9a15be29 100644
--- a/manifests/feature/influxdb.pp
+++ b/manifests/feature/influxdb.pp
@@ -148,8 +148,9 @@
$service_template = { measurement => $service_measurement, tags => $service_tags }
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'InfluxdbWriter_influxdb',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/manifests/feature/influxdb2.pp b/manifests/feature/influxdb2.pp
index 0649e5b8..d357fdc5 100644
--- a/manifests/feature/influxdb2.pp
+++ b/manifests/feature/influxdb2.pp
@@ -126,8 +126,9 @@
$service_template = { measurement => $service_measurement, tags => $service_tags }
if $enable_ssl {
- $cert = icinga2::cert(
+ $cert = icinga::cert::files(
'Influxdb2Writer_influxdb2',
+ $ssl_dir,
$ssl_key_path,
$ssl_cert_path,
$ssl_cacert_path,
diff --git a/spec/functions/cert_spec.rb b/spec/functions/cert_spec.rb
deleted file mode 100644
index 3e9faa90..00000000
--- a/spec/functions/cert_spec.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-require 'spec_helper'
-
-describe 'icinga2::cert' do
- let(:pre_condition) do
- [
- "class { 'icinga2': }",
- ]
- end
-
- let(:facts) do
- {
- kernel: 'Linux',
- os: {
- family: 'Debian',
- name: 'Debian',
- },
- }
- end
-
- it { is_expected.not_to eq(nil) }
-
- it 'with just a name' do
- is_expected.to run.with_params(
- 'foo',
- ).and_return({ 'key' => nil, 'key_file' => nil, 'cert' => nil, 'cert_file' => nil, 'cacert' => nil, 'cacert_file' => nil })
- end
-
- it 'with key, cert and cacert' do
- is_expected.to run.with_params(
- 'foo',
- nil,
- nil,
- nil,
- 'key',
- 'cert',
- 'cacert',
- ).and_return({ 'key' => sensitive('key'), 'key_file' => '/var/lib/icinga2/certs/foo.key',
- 'cert' => 'cert', 'cert_file' => '/var/lib/icinga2/certs/foo.crt',
- 'cacert' => 'cacert', 'cacert_file' => '/var/lib/icinga2/certs/foo_ca.crt' })
- end
-
- it 'with file paths only' do
- is_expected.to run.with_params(
- 'foo',
- '/foo.key',
- '/foo.crt',
- '/ca.crt',
- nil,
- nil,
- nil,
- ).and_return({ 'key' => nil, 'key_file' => '/foo.key', 'cert' => nil, 'cert_file' => '/foo.crt', 'cacert' => nil, 'cacert_file' => '/ca.crt' })
- end
-
- it 'with all params' do
- is_expected.to run.with_params(
- 'foo',
- '/foo.key',
- '/foo.crt',
- '/ca.crt',
- 'key',
- 'cert',
- 'cacert',
- ).and_return({ 'key' => sensitive('key'), 'key_file' => '/foo.key', 'cert' => 'cert', 'cert_file' => '/foo.crt', 'cacert' => 'cacert', 'cacert_file' => '/ca.crt' })
- end
-end