[mirror_acme.sh.git] / deploy / kong.sh

#!/usr/bin/env sh

# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter.
# Note that ssl plugin should be available on Kong instance
# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
# one (acme.sh behaviour).
# If ssl config already exist it will update only cert and key not touching other parameter
# If ssl config doesn't exist it will only upload cert and key and not set other parameter
# Not that we deploy full chain
# See https://getkong.org/plugins/dynamic-ssl/ for other options
# Written by Geoffroi Genot <ggenot@voxbone.com>

########  Public functions #####################

#domain keyfile certfile cafile fullchain
kong_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _info "Deploying certificate on Kong instance"
  if [ -z "$KONG_URL" ]; then
    _debug "KONG_URL Not set, using default http://localhost:8001"
    KONG_URL="http://localhost:8001"
  fi

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  #Get uuid linked to the domain
  uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
  if [ -z "$uuid" ]; then
    _err "Unable to get Kong uuid for domain $_cdomain"
    _err "Make sure that KONG_URL is correctly configured"
    _err "Make sure that a Kong api request_host match the domain"
    _err "Kong url: $KONG_URL"
    return 1
  fi
  #Save kong url if it's succesful (First run case)
  _saveaccountconf KONG_URL "$KONG_URL"
  #Generate DEIM
  delim="-----MultipartDelimiter$(date "+%s%N")"
  nl="\015\012"
  #Set Header
  _H1="Content-Type: multipart/form-data; boundary=$delim"
  #Generate data for request (Multipart/form-data with mixed content)
  #set name to ssl
  content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
  #add key
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
  #Add cert
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
  #Close multipart
  content="$content${nl}--$delim--${nl}"
  #Convert CRLF
  content=$(printf %b "$content")
  #DEBUG
  _debug header "$_H1"
  _debug content "$content"
  #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
  ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
  _debug ssl_uuid "$ssl_uuid"
  if [ -z "$ssl_uuid" ]; then
    #Post certificate to Kong
    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
  else
    #patch
    response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
  fi
  if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
    _err "An error occured with cert upload. Check response:"
    _err "$response"
    return 1
  fi
  _debug response "$response"
  _info "Certificate successfully deployed"
}
Commit	Line	Data
1699e94f G	1	#!/usr/bin/env sh
	2
	3	# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter.
	4	# Note that ssl plugin should be available on Kong instance
	5	# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
	6	# one (acme.sh behaviour).
	7	# If ssl config already exist it will update only cert and key not touching other parameter
	8	# If ssl config doesn't exist it will only upload cert and key and not set other parameter
	9	# Not that we deploy full chain
	10	# See https://getkong.org/plugins/dynamic-ssl/ for other options
	11	# Written by Geoffroi Genot <ggenot@voxbone.com>
	12
	13	######## Public functions #####################
	14
	15	#domain keyfile certfile cafile fullchain
e2cc350f	16	kong_deploy() {
1699e94f G	17	_cdomain="$1"
	18	_ckey="$2"
	19	_ccert="$3"
	20	_cca="$4"
	21	_cfullchain="$5"
	22	_info "Deploying certificate on Kong instance"
07feb87d	23	if [ -z "$KONG_URL" ]; then
753d0e7d G	24	_debug "KONG_URL Not set, using default http://localhost:8001"
753d0e7d G	25	KONG_URL="http://localhost:8001"
1699e94f G	26	fi
	27
	28	_debug _cdomain "$_cdomain"
	29	_debug _ckey "$_ckey"
	30	_debug _ccert "$_ccert"
	31	_debug _cca "$_cca"
	32	_debug _cfullchain "$_cfullchain"
	33
	34	#Get uuid linked to the domain
753d0e7d	35	uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" \| _normalizeJson \| _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
5fe91d65	36	if [ -z "$uuid" ]; then
1699e94f G	37	_err "Unable to get Kong uuid for domain $_cdomain"
	38	_err "Make sure that KONG_URL is correctly configured"
	39	_err "Make sure that a Kong api request_host match the domain"
	40	_err "Kong url: $KONG_URL"
	41	return 1
	42	fi
	43	#Save kong url if it's succesful (First run case)
	44	_saveaccountconf KONG_URL "$KONG_URL"
	45	#Generate DEIM
4cedbf80	46	delim="-----MultipartDelimiter$(date "+%s%N")"
5fe91d65	47	nl="\015\012"
1699e94f G	48	#Set Header
	49	_H1="Content-Type: multipart/form-data; boundary=$delim"
	50	#Generate data for request (Multipart/form-data with mixed content)
	51	#set name to ssl
	52	content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
	53	#add key
	54	content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
	55	#Add cert
	56	content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
	57	#Close multipart
	58	content="$content${nl}--$delim--${nl}"
5fe91d65 G	59	#Convert CRLF
5fe91d65 G	60	content=$(printf %b "$content")
1699e94f G	61	#DEBUG
	62	_debug header "$_H1"
	63	_debug content "$content"
	64	#Check if ssl plugins is aready enabled (if not => POST else => PATCH)
07feb87d	65	ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" \| _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' \| _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
1699e94f	66	_debug ssl_uuid "$ssl_uuid"
5fe91d65	67	if [ -z "$ssl_uuid" ]; then
1699e94f	68	#Post certificate to Kong
07feb87d	69	response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
1699e94f G	70	else
1699e94f G	71	#patch
07feb87d	72	response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
1699e94f	73	fi
753d0e7d	74	if ! [ "$(echo "$response" \| _egrep_o "ssl")" = "ssl" ]; then
1699e94f G	75	_err "An error occured with cert upload. Check response:"
	76	_err "$response"
	77	return 1
	78	fi
	79	_debug response "$response"
	80	_info "Certificate successfully deployed"
	81	}