]>
Commit | Line | Data |
---|---|---|
1699e94f G |
1 | #!/usr/bin/env sh |
2 | ||
3 | # This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter. | |
4 | # Note that ssl plugin should be available on Kong instance | |
5 | # The hook will match cdomain to request_host, in case of multiple domain it will always take the first | |
6 | # one (acme.sh behaviour). | |
7 | # If ssl config already exist it will update only cert and key not touching other parameter | |
8 | # If ssl config doesn't exist it will only upload cert and key and not set other parameter | |
9 | # Not that we deploy full chain | |
10 | # See https://getkong.org/plugins/dynamic-ssl/ for other options | |
11 | # Written by Geoffroi Genot <ggenot@voxbone.com> | |
12 | ||
13 | ######## Public functions ##################### | |
14 | ||
15 | #domain keyfile certfile cafile fullchain | |
e2cc350f | 16 | kong_deploy() { |
1699e94f G |
17 | _cdomain="$1" |
18 | _ckey="$2" | |
19 | _ccert="$3" | |
20 | _cca="$4" | |
21 | _cfullchain="$5" | |
22 | _info "Deploying certificate on Kong instance" | |
07feb87d | 23 | if [ -z "$KONG_URL" ]; then |
753d0e7d G |
24 | _debug "KONG_URL Not set, using default http://localhost:8001" |
25 | KONG_URL="http://localhost:8001" | |
1699e94f G |
26 | fi |
27 | ||
28 | _debug _cdomain "$_cdomain" | |
29 | _debug _ckey "$_ckey" | |
30 | _debug _ccert "$_ccert" | |
31 | _debug _cca "$_cca" | |
32 | _debug _cfullchain "$_cfullchain" | |
33 | ||
34 | #Get uuid linked to the domain | |
753d0e7d | 35 | uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') |
5fe91d65 | 36 | if [ -z "$uuid" ]; then |
1699e94f G |
37 | _err "Unable to get Kong uuid for domain $_cdomain" |
38 | _err "Make sure that KONG_URL is correctly configured" | |
39 | _err "Make sure that a Kong api request_host match the domain" | |
40 | _err "Kong url: $KONG_URL" | |
41 | return 1 | |
42 | fi | |
43 | #Save kong url if it's succesful (First run case) | |
44 | _saveaccountconf KONG_URL "$KONG_URL" | |
45 | #Generate DEIM | |
4cedbf80 | 46 | delim="-----MultipartDelimiter$(date "+%s%N")" |
5fe91d65 | 47 | nl="\015\012" |
1699e94f G |
48 | #Set Header |
49 | _H1="Content-Type: multipart/form-data; boundary=$delim" | |
50 | #Generate data for request (Multipart/form-data with mixed content) | |
51 | #set name to ssl | |
52 | content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl" | |
53 | #add key | |
54 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" | |
55 | #Add cert | |
56 | content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" | |
57 | #Close multipart | |
58 | content="$content${nl}--$delim--${nl}" | |
5fe91d65 G |
59 | #Convert CRLF |
60 | content=$(printf %b "$content") | |
1699e94f G |
61 | #DEBUG |
62 | _debug header "$_H1" | |
63 | _debug content "$content" | |
64 | #Check if ssl plugins is aready enabled (if not => POST else => PATCH) | |
07feb87d | 65 | ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') |
1699e94f | 66 | _debug ssl_uuid "$ssl_uuid" |
5fe91d65 | 67 | if [ -z "$ssl_uuid" ]; then |
1699e94f | 68 | #Post certificate to Kong |
07feb87d | 69 | response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST") |
1699e94f G |
70 | else |
71 | #patch | |
07feb87d | 72 | response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") |
1699e94f | 73 | fi |
753d0e7d | 74 | if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then |
1699e94f G |
75 | _err "An error occured with cert upload. Check response:" |
76 | _err "$response" | |
77 | return 1 | |
78 | fi | |
79 | _debug response "$response" | |
80 | _info "Certificate successfully deployed" | |
81 | } |