{##ensure that ca pillar exists##}
{%- if pillar['ca'] is defined -%}
  {##copy certs and private keys for machine##}
  {%- for name in pillar['ca'] %}
    {%- if pillar['ca'][name]['priv-locations'] is defined -%}
      {%- for plocation in pillar['ca'][name]['priv-locations'] %}
priv_location_{{plocation}}:
  file.managed:
    - name: {{plocation}}
    - source: salt://secure/ca/private/{{name}}.key
    - user: {{pillar['ca'][name]['priv-locations'][plocation]['user']}}
    - group: {{pillar['ca'][name]['priv-locations'][plocation]['group']}}
    - mode: {{pillar['ca'][name]['priv-locations'][plocation]['mode']}}
      {%- endfor %}
    {%- endif %}

    {%- if pillar['ca'][name]['cert-locations'] is defined -%}
      {%- for clocation in pillar['ca'][name]['cert-locations'] %}
cert_location{{clocation}}:
  file.managed:
    - name: {{clocation}}
    - source: salt://secure/ca/issued/{{name}}.crt
    - user: {{pillar['ca'][name]['cert-locations'][clocation]['user']}}
    - group: {{pillar['ca'][name]['cert-locations'][clocation]['group']}}
    - mode: {{pillar['ca'][name]['cert-locations'][clocation]['mode']}}
      {%- endfor %}
    {%- endif %}
  {%- endfor %}
{%- endif %}