X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=blobdiff_plain;f=modules%2Fpuppetmaster%2Flib%2Fpuppet%2Fparser%2Ffunctions%2Fgen_tlsa_entry.rb;h=baaa73b4dfcd59c08d54597a9ba0d73fe0bc180f;hp=5bc39853d397cec3e6147cb84e48c1bac4f9ac37;hb=d32b5ca2040af0e861851c5519aa5ff5b7887768;hpb=925ab8ddb02719ba2204a6207c540cc81399f2b0

diff --git a/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb b/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
index 5bc39853..baaa73b4 100644
--- a/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
+++ b/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
@@ -4,20 +4,30 @@ module Puppet::Parser::Functions
     hostname = args.shift()
     port = args.shift()
 
-    res = []
-    if File.exist?(certfile)
-      cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', certfile, '--port', port.to_s, hostname]
-      IO.popen(cmd, "r") {|i| res << i.read }
+    if port.kind_of?(Array)
+      ports = port
     else
-      res << "; certfile #{certfile} did not exist to create TLSA record for #{hostname}:#{port}."
+      ports = [port]
     end
 
-    certfile += ".new"
-    if File.exist?(certfile)
-      cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', certfile, '--port', port.to_s, hostname]
-      IO.popen(cmd, "r") {|i| new_entry = i.read }
-      if not res.include?(new_entry)
-        res << new_entry
+    res = []
+    res << "; cert #{certfile} for #{hostname}:#{ports}."
+    ports.each do |port|
+      cf = certfile
+      if File.exist?(cf)
+        cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', cf, '--port', port.to_s, hostname]
+        IO.popen(cmd, "r") {|i| res << i.read }
+      else
+        res << "; certfile #{cf} did not exist to create TLSA record for #{hostname}:#{port}."
+      end
+
+      if cf.gsub!(/\.crt$/, '-new.crt') and File.exist?(cf)
+        cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', cf, '--port', port.to_s, hostname]
+        new_entry = ''
+        IO.popen(cmd, "r") {|i| new_entry = i.read }
+        if not res.include?(new_entry)
+          res << new_entry
+        end
       end
     end