deploy/kong.sh

   1 #!/usr/bin/env sh
   2 # If certificate already exists it will update only cert and key, not touching other parameters
   3 # If certificate doesn't exist it will only upload cert and key, and not set other parameters
   4 # Note that we deploy full chain
   5 # Written by Geoffroi Genot <ggenot@voxbone.com>
   6
   7 ########  Public functions #####################
   8
   9 #domain keyfile certfile cafile fullchain
  10 kong_deploy() {
  11   _cdomain="$1"
  12   _ckey="$2"
  13   _ccert="$3"
  14   _cca="$4"
  15   _cfullchain="$5"
  16   _info "Deploying certificate on Kong instance"
  17   if [ -z "$KONG_URL" ]; then
  18     _debug "KONG_URL Not set, using default http://localhost:8001"
  19     KONG_URL="http://localhost:8001"
  20   fi
  21
  22   _debug _cdomain "$_cdomain"
  23   _debug _ckey "$_ckey"
  24   _debug _ccert "$_ccert"
  25   _debug _cca "$_cca"
  26   _debug _cfullchain "$_cfullchain"
  27
  28   #Get ssl_uuid linked to the domain
  29   ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
  30   if [ -z "$ssl_uuid" ]; then
  31     _debug "Unable to get Kong ssl_uuid for domain $_cdomain"
  32     _debug "Make sure that KONG_URL is correctly configured"
  33     _debug "Make sure that a Kong certificate match the sni"
  34     _debug "Kong url: $KONG_URL"
  35     _info "No existing certificate, creating..."
  36     #return 1
  37   fi
  38   #Save kong url if it's succesful (First run case)
  39   _saveaccountconf KONG_URL "$KONG_URL"
  40   #Generate DEIM
  41   delim="-----MultipartDelimiter$(date "+%s%N")"
  42   nl="\015\012"
  43   #Set Header
  44   _H1="Content-Type: multipart/form-data; boundary=$delim"
  45   #Generate data for request (Multipart/form-data with mixed content)
  46   if [ -z "$ssl_uuid" ]; then
  47     #set sni to domain
  48     content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain"
  49   fi
  50   #add key
  51   content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
  52   #Add cert
  53   content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
  54   #Close multipart
  55   content="$content${nl}--$delim--${nl}"
  56   #Convert CRLF
  57   content=$(printf %b "$content")
  58   #DEBUG
  59   _debug header "$_H1"
  60   _debug content "$content"
  61   #Check if sslcreated (if not => POST else => PATCH)
  62
  63   if [ -z "$ssl_uuid" ]; then
  64     #Post certificate to Kong
  65     response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
  66   else
  67     #patch
  68     response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
  69   fi
  70   if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
  71     _err "An error occurred with cert upload. Check response:"
  72     _err "$response"
  73     return 1
  74   fi
  75   _debug response "$response"
  76   _info "Certificate successfully deployed"
  77 }