Add crl-dist-point to upload-signed-csr action

Change-Id: I5917771295d55ffb4b67191e2c6b687ad9170343

src/actions.yaml

@@ -107,6 +107,11 @@ upload-signed-csr:
       default: '8760h'
       description: >-
         Specifies the maximum Time To Live
+    crl-dist-point:
+      type: string
+      default: '' 
+      description: >-
+        Specifies Certificate Revocation List Distribution Point
     root-ca:
       type: string
       description: >-

src/actions/actions.py

@@ -131,7 +131,8 @@ def upload_signed_csr(*args):
         allow_subdomains=action_config.get('allow-subdomains'),
         enforce_hostnames=action_config.get('enforce-hostnames'),
         allow_any_name=action_config.get('allow-any-name'),
-        max_ttl=action_config.get('max-ttl'))
+        max_ttl=action_config.get('max-ttl'),
+        crl_dist_point=action_config.get('crl-dist-point'))
     set_flag('charm.vault.ca.ready')
     set_flag('pki.backend.tuned')
     # reissue any certificates we might previously have provided

src/lib/charm/vault_pki.py

@@ -203,7 +203,7 @@ def get_csr(ttl=None, common_name=None, locality=None,
 
 def upload_signed_csr(pem, allowed_domains, allow_subdomains=True,
                       enforce_hostnames=False, allow_any_name=True,
-                      max_ttl=None):
+                      max_ttl=None,crl_dist_point=None):
     """Upload signed csr to intermediate pki
 
     :param pem: signed csr in pem format
@@ -234,7 +234,7 @@ def upload_signed_csr(pem, allowed_domains, allow_subdomains=True,
         {
             "issuing_certificates": "{}/v1/{}/ca".format(addr, CHARM_PKI_MP),
             "crl_distribution_points":
-            "{}/v1/{}/crl".format(addr, CHARM_PKI_MP),
+            "{}/v1/{}/crl".format(addr, CHARM_PKI_MP) if not crl_dist_point else crl_dist_point,
         },
         mount_point=CHARM_PKI_MP
     )