From 269b8552230120b8d3dcf837e41d57bfbe7b3af7 Mon Sep 17 00:00:00 2001
From: Dennis Ahrens <dennis.ahrens@hs-hannover.de>
Date: Mon, 26 Oct 2020 12:09:36 +0100
Subject: [PATCH] Make key and pem optional in deploy.certs to push cacerts
 alone

---
 deploy/certs.sls | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/deploy/certs.sls b/deploy/certs.sls
index 98d8d64..0b81a32 100644
--- a/deploy/certs.sls
+++ b/deploy/certs.sls
@@ -30,6 +30,7 @@ deploy_cert_{{ name }}_group:
     - name: {{ cert_group_name }}
     - system: True
 
+{% if cert.pem is defined %}
 deploy_cert_{{ name }}_pem:
   file.managed:
     - name: {{ deploy.config.cert_directory }}/{{ name }}.pem
@@ -41,7 +42,9 @@ deploy_cert_{{ name }}_pem:
     - requires:
       - file: deploy_cert_create_dir
       - group: deploy_cert_{{ name }}_group
+{% endif %}
 
+{% if cert.key is defined %}
 deploy_cert_{{ name }}_key:
   file.managed:
     - name: {{ deploy.config.cert_directory }}/{{ name }}.key
@@ -54,6 +57,7 @@ deploy_cert_{{ name }}_key:
     - requires:
       - file: deploy_cert_create_dir
       - group: deploy_cert_{{ name }}_group
+{% endif %}
 
 {% if cert.chain is defined %}
 deploy_cert_{{ name }}_chain:
@@ -68,7 +72,9 @@ deploy_cert_{{ name }}_chain:
     - requires:
       - file: deploy_cert_create_dir
       - group: deploy_cert_{{ name }}_group
+{% endif %}
 
+{% if cert.chain is defined and cert.pem is defined %}
 deploy_cert_{{ name }}_fullchain:
   file.managed:
     - name: {{ deploy.config.cert_directory }}/{{ name }}.fullchain.pem
@@ -81,6 +87,9 @@ deploy_cert_{{ name }}_fullchain:
     - requires:
       - file: deploy_cert_create_dir
       - group: deploy_cert_{{ name }}_group
+{% endif %}
+
+{% if cert.chain is defined and cert.pem is defined and cert.key is defined %}
 deploy_cert_{{ name }}_fullchain_with_key:
   file.managed:
     - name: {{ deploy.config.cert_directory }}/{{ name }}.fullchain.key.pem
@@ -125,7 +134,7 @@ deploy_cert_{{ name }}_cacert:
       - group: deploy_cert_{{ name }}_group
 {% endif %}
 
-{% if cert.dhparam is defined and cert.chain is defined %}
+{% if cert.dhparam is defined and cert.chain is defined and cert.pem is defined %}
 deploy_cert_{{ name }}_fullchain_dhparam:
   file.managed:
     - name: {{ deploy.config.cert_directory }}/{{ name }}.fullchain.dhparam.pem
-- 
GitLab