deploy/cleverreach.sh

   1 #!/usr/bin/env sh
   2 # Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API.
   3 # Your OAuth needs the right scope, please contact CleverReach support for that.
   4 #
   5 # Written by Jan-Philipp Benecke <github@bnck.me>
   6 # Public domain, 2020
   7 #
   8 # Following environment variables must be set:
   9 #
  10 #export DEPLOY_CLEVERREACH_CLIENT_ID=myid
  11 #export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret
  12
  13 cleverreach_deploy() {
  14   _cdomain="$1"
  15   _ckey="$2"
  16   _ccert="$3"
  17   _cca="$4"
  18   _cfullchain="$5"
  19
  20   _rest_endpoint="https://rest.cleverreach.com"
  21
  22   _debug _cdomain "$_cdomain"
  23   _debug _ckey "$_ckey"
  24   _debug _ccert "$_ccert"
  25   _debug _cca "$_cca"
  26   _debug _cfullchain "$_cfullchain"
  27
  28   _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID
  29   _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET
  30   _getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID
  31
  32   if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then
  33     _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID."
  34     return 1
  35   fi
  36   if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then
  37     _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET."
  38     return 1
  39   fi
  40
  41   _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}"
  42   _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}"
  43   _savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  44
  45   _info "Obtaining a CleverReach access token"
  46
  47   _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}"
  48   _auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")"
  49
  50   _debug _data "$_data"
  51   _debug _auth_result "$_auth_result"
  52
  53   _regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$"
  54   _debug _regex "$_regex"
  55   _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
  56
  57   _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  58
  59   if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
  60     _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
  61     export _H1="Authorization: Bearer ${_access_token}"
  62     _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")"
  63     _access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p")
  64
  65     _debug _subclient_token_result "$_access_token"
  66
  67     _info "Destroying parent token at CleverReach, as it not needed anymore"
  68     _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
  69     _debug _destroy_result "$_destroy_result"
  70   fi
  71
  72   _info "Uploading certificate and key to CleverReach"
  73
  74   _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
  75   export _H1="Authorization: Bearer ${_access_token}"
  76   _add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")"
  77
  78   if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
  79     _info "Destroying token at CleverReach, as it not needed anymore"
  80     _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
  81     _debug _destroy_result "$_destroy_result"
  82   fi
  83
  84   if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then
  85     _info "Uploaded certificate successfully"
  86     return 0
  87   else
  88     _debug _add_cert_result "$_add_cert_result"
  89     _err "Unable to update certificate"
  90     return 1
  91   fi
  92 }