From 377414d029f76cd4bd9940e0bdf392cdbb852c40 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 31 Jan 2016 17:57:55 +0100
Subject: [PATCH] handle array of certfiles

---
 .../puppet/parser/functions/gen_tlsa_entry.rb | 38 +++++++++++--------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb b/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
index 1257ae81c..e2d0a6026 100644
--- a/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
+++ b/modules/puppetmaster/lib/puppet/parser/functions/gen_tlsa_entry.rb
@@ -10,23 +10,31 @@ module Puppet::Parser::Functions
       ports = [port]
     end
 
+    if certfile.kind_of?(Array)
+      certs = certfile
+    else
+      certs = [ certfile ]
+    end
+
     res = []
-    res << "; cert #{certfile} for #{hostname}:#{ports}."
-    ports.each do |port|
-      if File.exist?(certfile)
-        cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', certfile, '--port', port.to_s, hostname]
-        IO.popen(cmd, "r") {|i| res << i.read }
-      else
-        res << "; certfile #{certfile} did not exist to create TLSA record for #{hostname}:#{port}."
-      end
+    certs.each do |certfile|
+      res << "; cert #{certfile} for #{hostname}:#{ports}."
+      ports.each do |port|
+        if File.exist?(certfile)
+          cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', certfile, '--port', port.to_s, hostname]
+          IO.popen(cmd, "r") {|i| res << i.read }
+        else
+          res << "; certfile #{certfile} did not exist to create TLSA record for #{hostname}:#{port}."
+        end
 
-      cfnew = certfile.gsub(/\.crt$/, '-new.crt')
-      if cfnew != certfile and File.exist?(cfnew)
-        cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', cfnew, '--port', port.to_s, hostname]
-        new_entry = ''
-        IO.popen(cmd, "r") {|i| new_entry = i.read }
-        if not res.include?(new_entry)
-          res << new_entry
+        cfnew = certfile.gsub(/\.crt$/, '-new.crt')
+        if cfnew != certfile and File.exist?(cfnew)
+          cmd = ['swede', 'create', '--usage=3', '--selector=1', '--mtype=1', '--certificate', cfnew, '--port', port.to_s, hostname]
+          new_entry = ''
+          IO.popen(cmd, "r") {|i| new_entry = i.read }
+          if not res.include?(new_entry)
+            res << new_entry
+          end
         end
       end
     end
-- 
2.20.1