]>
Commit | Line | Data |
---|---|---|
824ffa24 | 1 | #!/usr/bin/env sh |
eca57bee TG |
2 | # If certificate already exists it will update only cert and key, not touching other parameters |
3 | # If certificate doesn't exist it will only upload cert and key, and not set other parameters | |
1231b712 | 4 | # Note that we deploy full chain |
1699e94f G |
5 | # Written by Geoffroi Genot <ggenot@voxbone.com> |
6 | ||
7 | ######## Public functions ##################### | |
8 | ||
9 | #domain keyfile certfile cafile fullchain | |
e2cc350f | 10 | kong_deploy() { |
1699e94f G |
11 | _cdomain="$1" |
12 | _ckey="$2" | |
13 | _ccert="$3" | |
14 | _cca="$4" | |
15 | _cfullchain="$5" | |
16 | _info "Deploying certificate on Kong instance" | |
07feb87d | 17 | if [ -z "$KONG_URL" ]; then |
753d0e7d G |
18 | _debug "KONG_URL Not set, using default http://localhost:8001" |
19 | KONG_URL="http://localhost:8001" | |
1699e94f G |
20 | fi |
21 | ||
22 | _debug _cdomain "$_cdomain" | |
23 | _debug _ckey "$_ckey" | |
24 | _debug _ccert "$_ccert" | |
25 | _debug _cca "$_cca" | |
26 | _debug _cfullchain "$_cfullchain" | |
27 | ||
0138e167 | 28 | #Get ssl_uuid linked to the domain |
29 | ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') | |
30 | if [ -z "$ssl_uuid" ]; then | |
31 | _debug "Unable to get Kong ssl_uuid for domain $_cdomain" | |
32 | _debug "Make sure that KONG_URL is correctly configured" | |
33 | _debug "Make sure that a Kong certificate match the sni" | |
34 | _debug "Kong url: $KONG_URL" | |
35 | _info "No existing certificate, creating..." | |
36 | #return 1 | |
1699e94f G |
37 | fi |
38 | #Save kong url if it's succesful (First run case) | |
39 | _saveaccountconf KONG_URL "$KONG_URL" | |
40 | #Generate DEIM | |
4cedbf80 | 41 | delim="-----MultipartDelimiter$(date "+%s%N")" |
5fe91d65 | 42 | nl="\015\012" |
1699e94f G |
43 | #Set Header |
44 | _H1="Content-Type: multipart/form-data; boundary=$delim" | |
45 | #Generate data for request (Multipart/form-data with mixed content) | |
0138e167 | 46 | if [ -z "$ssl_uuid" ]; then |
47 | #set sni to domain | |
2447fccf | 48 | content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain" |
0138e167 | 49 | fi |
1699e94f | 50 | #add key |
0138e167 | 51 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" |
1699e94f | 52 | #Add cert |
0138e167 | 53 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" |
1699e94f G |
54 | #Close multipart |
55 | content="$content${nl}--$delim--${nl}" | |
5fe91d65 G |
56 | #Convert CRLF |
57 | content=$(printf %b "$content") | |
1699e94f G |
58 | #DEBUG |
59 | _debug header "$_H1" | |
60 | _debug content "$content" | |
0138e167 | 61 | #Check if sslcreated (if not => POST else => PATCH) |
62 | ||
c140fe9b | 63 | if [ -z "$ssl_uuid" ]; then |
1699e94f | 64 | #Post certificate to Kong |
0138e167 | 65 | response=$(_post "$content" "$KONG_URL/certificates" "" "POST") |
1699e94f G |
66 | else |
67 | #patch | |
0138e167 | 68 | response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH") |
1699e94f | 69 | fi |
0138e167 | 70 | if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then |
00b34eb2 | 71 | _err "An error occurred with cert upload. Check response:" |
1699e94f G |
72 | _err "$response" |
73 | return 1 | |
74 | fi | |
75 | _debug response "$response" | |
76 | _info "Certificate successfully deployed" | |
77 | } |