Browse Source
fix: [letsencrypt] use action ``crt {renew,create}`` to manage properly renewal.
framadate
fix: [letsencrypt] use action ``crt {renew,create}`` to manage properly renewal.
framadate
Valentin Lab
6 years ago
15 changed files with 1444 additions and 100 deletions
-
4apache/lib/common
-
8apache/test/vhost_cert_provider
-
53letsencrypt/actions/crt
-
77letsencrypt/hooks/dc-pre-run
-
2letsencrypt/hooks/schedule_command-relation-joined
-
347letsencrypt/lib/common
-
3letsencrypt/metadata.yml
-
218letsencrypt/test/crt
-
296letsencrypt/test/crt_create
-
178letsencrypt/test/crt_renew
-
61letsencrypt/test/get_challenge_type
-
142letsencrypt/test/get_dc_env
-
96letsencrypt/test/valid_existing_cert
-
33letsencrypt/test/yaml_opt_bash_env
-
26letsencrypt/test/yaml_opt_bash_env_ignore_first_level
@ -0,0 +1,53 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
if [ -z "$SERVICE_DATASTORE" ]; then |
||||
|
echo "This script is meant to be run through 'compose' to work properly." >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
. /etc/shlib |
||||
|
|
||||
|
include parse |
||||
|
include pretty |
||||
|
|
||||
|
. $CHARM_PATH/lib/common |
||||
|
|
||||
|
usage=" |
||||
|
$exname [-h|--help] |
||||
|
$exname create MAIN_DOMAIN [DOMAINS..] |
||||
|
$exname renew |
||||
|
" |
||||
|
|
||||
|
if [ "$#" == 0 ]; then |
||||
|
err "Please specify an action" |
||||
|
print_usage |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
while [ "$1" ]; do |
||||
|
case "$1" in |
||||
|
"--help"|"-h") |
||||
|
print_usage |
||||
|
exit 0 |
||||
|
;; |
||||
|
renew) |
||||
|
exname="$exname $1" |
||||
|
shift |
||||
|
crt_renew "$@" |
||||
|
exit $? |
||||
|
;; |
||||
|
create) |
||||
|
exname="$exname $1" |
||||
|
shift |
||||
|
crt_create "$@" |
||||
|
exit $? |
||||
|
;; |
||||
|
*) |
||||
|
err "Wrong argument" |
||||
|
print_usage |
||||
|
exit 1 |
||||
|
;; |
||||
|
esac |
||||
|
shift |
||||
|
done |
||||
|
|
@ -1,77 +0,0 @@ |
|||||
#!/bin/bash |
|
||||
|
|
||||
## Init is run on host |
|
||||
## For now it is run every time the script is launched, but |
|
||||
## it should be launched only once after build. |
|
||||
|
|
||||
## Accessible variables are: |
|
||||
## - SERVICE_NAME Name of current service |
|
||||
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
|
||||
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
|
||||
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
|
||||
|
|
||||
aimport remainder_args |
|
||||
case "${remainder_args[@]:0:2}" in |
|
||||
"crt info"|"crt list") |
|
||||
exit 0 |
|
||||
;; |
|
||||
esac |
|
||||
|
|
||||
. lib/common || exit 1 |
|
||||
|
|
||||
set -e |
|
||||
|
|
||||
|
|
||||
service_def=$(get_compose_service_def "$SERVICE_NAME") |
|
||||
|
|
||||
config=" |
|
||||
$SERVICE_NAME: |
|
||||
environment: |
|
||||
" |
|
||||
if USER_EMAIL=$(echo "$service_def" | shyaml get-value options.email 2>/dev/null); then |
|
||||
config+=" LETSENCRYPT_USER_MAIL: $USER_EMAIL" |
|
||||
fi |
|
||||
|
|
||||
if environment_def="$(printf "%s" "$service_def" | shyaml -y get-value options.env 2>/dev/null)"; then |
|
||||
while read-0 key value; do |
|
||||
config+="$(printf "\n %s: %s" "$key" "$value")" |
|
||||
done < <(printf "%s" "$environment_def" | yaml_opt_bash_env_ignore_first_level LEXICON) |
|
||||
|
|
||||
if ! provider=$(printf "%s" "$environment_def" | shyaml -y get-value provider 2>/dev/null); then |
|
||||
provider= |
|
||||
## If no provider is given, we fallback on the first found |
|
||||
|
|
||||
while read-0 key value; do |
|
||||
[[ "$(echo "$value" | shyaml get-type)" == "struct" ]] && { |
|
||||
provider="$key" |
|
||||
break |
|
||||
} |
|
||||
done < <(echo "$environment_def" | shyaml key-values-0) |
|
||||
warn "No ${WHITE}provider${NORMAL} key given, had to infer it, chose '$key'." |
|
||||
fi |
|
||||
|
|
||||
config+=$(echo -en "\n LEXICON_PROVIDER: $provider") |
|
||||
fi |
|
||||
|
|
||||
if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.challenge-type" 2>/dev/null); then |
|
||||
warn "No ${WHITE}challenge-type${NORMAL} provided, defaulting to 'http'." |
|
||||
challenge_type=http |
|
||||
fi |
|
||||
config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type") |
|
||||
|
|
||||
if will_need_http_access; then |
|
||||
while read container_id; do |
|
||||
info "Attempting to clear port 80 by stopping $container_id" |
|
||||
docker stop -t 5 "$container_id" |
|
||||
done < <(docker ps \ |
|
||||
--filter label="compose.project=$PROJECT_NAME" \ |
|
||||
--filter publish=80 \ |
|
||||
--format "{{.ID}}" |
|
||||
) |
|
||||
config+=$(echo -en "\n ports: |
|
||||
- \"0.0.0.0:80:80\"") |
|
||||
fi |
|
||||
|
|
||||
init-config-add "$config" |
|
||||
|
|
||||
mkdir -p "$SERVICE_DATASTORE/etc/letsencrypt" |
|
@ -0,0 +1,218 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
get_dc_env() { |
||||
|
local i |
||||
|
echo \"Calling get_dc_env\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
echo \"\$GET_DC_ENV\" |
||||
|
} |
||||
|
export -f get_dc_env |
||||
|
|
||||
|
will_need_http_access() { |
||||
|
local i |
||||
|
echo \"Calling will_need_http_access\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
[ \"\$WILL_NEED_HTTP_ACCESS\" == 'yes' ] |
||||
|
} |
||||
|
export -f will_need_http_access |
||||
|
|
||||
|
|
||||
|
|
||||
|
" |
||||
|
|
||||
|
## |
||||
|
## Mocks |
||||
|
## |
||||
|
|
||||
|
cfg-get-value() { |
||||
|
local key="$1" |
||||
|
shyaml get-value "$key" 2>/dev/null |
||||
|
} |
||||
|
export -f cfg-get-value |
||||
|
|
||||
|
file_put() { |
||||
|
echo "file_put $1" |
||||
|
cat - | prefix " | " |
||||
|
} |
||||
|
export -f file_put |
||||
|
|
||||
|
docker() { |
||||
|
local i |
||||
|
echo "Calling: docker" >&2 |
||||
|
((i=0)) |
||||
|
for arg in "$@"; do |
||||
|
echo " arg$((i++)):" |
||||
|
echo "$arg" | prefix " | " |
||||
|
done >&2 |
||||
|
if [ "$1" == "ps" ]; then |
||||
|
echo "$DOCKER_PS" |
||||
|
fi |
||||
|
} |
||||
|
export -f docker |
||||
|
|
||||
|
yaml_key_val_str() { |
||||
|
printf "%s:\n%s" "$1" "$(echo "$2" | prefix " ")" |
||||
|
} |
||||
|
export -f yaml_key_val_str |
||||
|
|
||||
|
compose() { |
||||
|
local i |
||||
|
echo "Calling: compose" >&2 |
||||
|
((i=0)) |
||||
|
for arg in "$@"; do |
||||
|
echo " arg$((i++)):" |
||||
|
echo "$arg" | prefix " | " |
||||
|
done >&2 |
||||
|
} |
||||
|
export -f compose |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
WILL_NEED_HTTP_ACCESS= |
||||
|
crt '' create www.example.com |
||||
|
" |
||||
|
is err reg 'Calling get_dc_env |
||||
|
arg0: |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
Calling will_need_http_access |
||||
|
arg0: |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
Calling: compose |
||||
|
.* |
||||
|
| run |
||||
|
.* |
||||
|
| letsencrypt |
||||
|
.* |
||||
|
| crt |
||||
|
.* |
||||
|
| create |
||||
|
.* |
||||
|
| www.example.com' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_DC_ENV=' |
||||
|
\$SERVICE_NAME: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
LEXICON_OVH_FOO: 1 |
||||
|
LEXICON_PROVIDER: wiz |
||||
|
' |
||||
|
WILL_NEED_HTTP_ACCESS= |
||||
|
crt '' create www.example.com |
||||
|
" |
||||
|
is err reg 'Calling: compose |
||||
|
.* |
||||
|
| --add-compose-content |
||||
|
.* |
||||
|
| docker-compose: |
||||
|
| $SERVICE_NAME: |
||||
|
| environment: |
||||
|
| LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
| LEXICON_OVH_FOO: 1 |
||||
|
| LEXICON_PROVIDER: wiz |
||||
|
.* |
||||
|
| run |
||||
|
.* |
||||
|
| letsencrypt |
||||
|
.* |
||||
|
| crt |
||||
|
.* |
||||
|
| create |
||||
|
.* |
||||
|
| www.example.com' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_DC_ENV=' |
||||
|
\$SERVICE_NAME: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
LEXICON_OVH_FOO: 1 |
||||
|
LEXICON_PROVIDER: wiz |
||||
|
' |
||||
|
WILL_NEED_HTTP_ACCESS=yes |
||||
|
DOCKER_PS= |
||||
|
crt '' create www.example.com |
||||
|
" "need http acces, no docker on port 80" |
||||
|
is err part 'Calling: docker |
||||
|
arg0: |
||||
|
| ps' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
try " |
||||
|
GET_DC_ENV=' |
||||
|
\$SERVICE_NAME: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
LEXICON_OVH_FOO: 1 |
||||
|
LEXICON_PROVIDER: wiz |
||||
|
' |
||||
|
WILL_NEED_HTTP_ACCESS=yes |
||||
|
DOCKER_PS=' |
||||
|
docker_1 |
||||
|
docker_2 |
||||
|
' |
||||
|
crt '' create www.example.com |
||||
|
" "need http acces, 2 dockers on port 80" |
||||
|
is err reg 'II Attempting to clear port 80 by stopping docker_1 |
||||
|
Calling: docker |
||||
|
arg0: |
||||
|
. stop |
||||
|
.* |
||||
|
. docker_1 |
||||
|
II Attempting to clear port 80 by stopping docker_2 |
||||
|
Calling: docker |
||||
|
arg0: |
||||
|
. stop |
||||
|
.* |
||||
|
. docker_2 |
||||
|
Calling: compose |
||||
|
.* |
||||
|
II Attempting restart docker_1 |
||||
|
Calling: docker |
||||
|
arg0: |
||||
|
. start |
||||
|
.* |
||||
|
. docker_1 |
||||
|
II Attempting restart docker_2 |
||||
|
Calling: docker |
||||
|
arg0: |
||||
|
. start |
||||
|
.* |
||||
|
. docker_2' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
@ -0,0 +1,296 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
valid_existing_cert() { |
||||
|
local i |
||||
|
echo \"Calling valid_existing_cert\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
return \"\$VALID_EXISTING_CERT\" |
||||
|
} |
||||
|
export -f valid_existing_cert |
||||
|
|
||||
|
crt() { |
||||
|
local i |
||||
|
echo \"Calling crt\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
return \$CRT |
||||
|
} |
||||
|
export -f crt |
||||
|
|
||||
|
|
||||
|
letsencrypt_set_renew_before_expiry() { |
||||
|
local i |
||||
|
echo \"Calling letsencrypt_set_renew_before_expiry\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
[ \"\$LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY\" == \"yes\" ] |
||||
|
} |
||||
|
export -f letsencrypt_set_renew_before_expiry |
||||
|
|
||||
|
|
||||
|
letsencrypt_cert_delete() { |
||||
|
local i |
||||
|
echo \"Calling letsencrypt_cert_delete\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
[ \"\$LETSENCRYPT_CERT_DELETE\" == \"yes\" ] |
||||
|
} |
||||
|
export -f letsencrypt_cert_delete |
||||
|
|
||||
|
|
||||
|
" |
||||
|
|
||||
|
## |
||||
|
## Mocks |
||||
|
## |
||||
|
|
||||
|
get_compose_service_def() { |
||||
|
local i |
||||
|
echo "Calling: get_compose_service_def" >&2 |
||||
|
((i=0)) |
||||
|
for arg in "$@"; do |
||||
|
echo " arg$((i++)):" |
||||
|
echo "$arg" | prefix " | " |
||||
|
done >&2 |
||||
|
echo "$GET_COMPOSE_SERVICE_DEF" |
||||
|
} |
||||
|
export -f get_compose_service_def |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
crt_create |
||||
|
" |
||||
|
is err 'Error: At least one domain should be provided as argument. |
||||
|
usage: |
||||
|
crt create [-h|--help] |
||||
|
crt create MAIN_DOMAIN [ALT_DOMAINS...]' RTRIM |
||||
|
is errlvl 1 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
crt_create --help |
||||
|
" |
||||
|
is err '' |
||||
|
is out 'usage: |
||||
|
crt create [-h|--help] |
||||
|
crt create MAIN_DOMAIN [ALT_DOMAINS...]' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
CRT=0 |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
crt_create www.example.com |
||||
|
" "invalid cert" |
||||
|
is err 'Calling: get_compose_service_def |
||||
|
arg0: |
||||
|
| $SERVICE_NAME |
||||
|
Calling valid_existing_cert |
||||
|
arg0: |
||||
|
| 30 |
||||
|
arg1: |
||||
|
| www.example.com |
||||
|
Calling crt |
||||
|
arg0: |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
Calling letsencrypt_set_renew_before_expiry |
||||
|
arg0: |
||||
|
| www.example.com |
||||
|
arg1: |
||||
|
| 30' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
VALID_EXISTING_CERT=0 |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
crt_create www.example.com |
||||
|
" "valid cert" |
||||
|
is err 'Calling: get_compose_service_def |
||||
|
arg0: |
||||
|
| $SERVICE_NAME |
||||
|
Calling valid_existing_cert |
||||
|
arg0: |
||||
|
| 30 |
||||
|
arg1: |
||||
|
| www.example.com |
||||
|
II A valid cert already exists for domain www.example.com.' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
VALID_EXISTING_CERT=0 |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
crt_create www.example.com -f |
||||
|
" "valid cert but force" |
||||
|
is err 'Calling: get_compose_service_def |
||||
|
arg0: |
||||
|
| $SERVICE_NAME |
||||
|
Calling valid_existing_cert |
||||
|
arg0: |
||||
|
| 30 |
||||
|
arg1: |
||||
|
| www.example.com |
||||
|
Calling crt |
||||
|
arg0: |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
Calling letsencrypt_set_renew_before_expiry |
||||
|
arg0: |
||||
|
| www.example.com |
||||
|
arg1: |
||||
|
| 30' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
GET_COMPOSE_SERVICE_DEF=' |
||||
|
a: 1 |
||||
|
options: |
||||
|
foo: bar' |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
crt_create www.example.com |
||||
|
" "not valid, cfg is passed correctly" |
||||
|
is err reg 'Calling crt |
||||
|
arg0: |
||||
|
. foo: bar |
||||
|
arg1: |
||||
|
. create |
||||
|
arg2: |
||||
|
. www.example.com' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF=' |
||||
|
a: 1 |
||||
|
options: |
||||
|
foo: bar' |
||||
|
VALID_EXISTING_CERT=2 |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
LETSENCRYPT_CERT_DELETE=yes |
||||
|
crt_create www.example.com |
||||
|
" "not valid, already existing diff domain" |
||||
|
is err 'Calling: get_compose_service_def |
||||
|
arg0: |
||||
|
| $SERVICE_NAME |
||||
|
Calling valid_existing_cert |
||||
|
arg0: |
||||
|
| 30 |
||||
|
arg1: |
||||
|
| www.example.com |
||||
|
Error: Domain mismatch detected, lets delete previous cert. |
||||
|
Calling letsencrypt_cert_delete |
||||
|
arg0: |
||||
|
| www.example.com |
||||
|
Error: Previous cert for www.example.com deleted. |
||||
|
Calling crt |
||||
|
arg0: |
||||
|
| foo: bar |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
Calling letsencrypt_set_renew_before_expiry |
||||
|
arg0: |
||||
|
| www.example.com |
||||
|
arg1: |
||||
|
| 30' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
LETSENCRYPT_SET_RENEW_BEFORE_EXPIRY=yes |
||||
|
GET_COMPOSE_SERVICE_DEF=' |
||||
|
a: 1 |
||||
|
options: |
||||
|
foo: bar |
||||
|
renew-before-expiry: 15 |
||||
|
' |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
crt_create www.example.com |
||||
|
" "not valid, renew-before-expiry is used" |
||||
|
is err reg 'Calling valid_existing_cert |
||||
|
arg0: |
||||
|
. 15 |
||||
|
arg1: |
||||
|
. www.example.com |
||||
|
' RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 0 |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
crt() { return 1; } |
||||
|
exname=\"crt create\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF='' |
||||
|
VALID_EXISTING_CERT=1 |
||||
|
crt_create www.example.com |
||||
|
" "valid cert but force" |
||||
|
is err part "Error: Certificate creation/renew failed for domain 'www.example.com'." RTRIM |
||||
|
is out '' RTRIM |
||||
|
is errlvl 1 |
@ -0,0 +1,178 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
valid_existing_cert() { |
||||
|
local i |
||||
|
echo \"Calling valid_existing_cert\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
[ \"\$VALID_EXISTING_CERT\" == \"yes\" ] |
||||
|
} |
||||
|
export -f valid_existing_cert |
||||
|
|
||||
|
crt() { |
||||
|
local i |
||||
|
echo \"Calling crt\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
} |
||||
|
export -f crt |
||||
|
|
||||
|
get_domain_list() { |
||||
|
local i |
||||
|
echo \"Calling get_domain_list\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
echo \"\$GET_DOMAIN_LIST\" |
||||
|
} |
||||
|
export -f get_domain_list |
||||
|
|
||||
|
|
||||
|
" |
||||
|
|
||||
|
## |
||||
|
## Mocks |
||||
|
## |
||||
|
|
||||
|
get_compose_service_def() { |
||||
|
local i |
||||
|
echo "Calling: get_compose_service_def" >&2 |
||||
|
((i=0)) |
||||
|
for arg in "$@"; do |
||||
|
echo " arg$((i++)):" |
||||
|
echo "$arg" | prefix " | " |
||||
|
done >&2 |
||||
|
echo "$GET_COMPOSE_SERVICE_DEF" |
||||
|
} |
||||
|
export -f get_compose_service_def |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
crt_renew xxx |
||||
|
" |
||||
|
is err 'Error: No argument required |
||||
|
usage: $ |
||||
|
crt renew [-h|--help]' RTRIM |
||||
|
is errlvl 1 |
||||
|
is out '' |
||||
|
|
||||
|
try " |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
GET_DOMAIN_LIST= |
||||
|
crt_renew |
||||
|
" |
||||
|
is err part 'II No domain founds' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF=' |
||||
|
options: |
||||
|
wiz: foo |
||||
|
' |
||||
|
GET_DOMAIN_LIST=' |
||||
|
www.example.com: |
||||
|
remaining: 20 |
||||
|
foo.bar: |
||||
|
remaining: 32 |
||||
|
' |
||||
|
crt_renew |
||||
|
" "2 certs, one need renew, one is ok" |
||||
|
is err part 'II Renewing domain www.example.com (20 days left)' RTRIM |
||||
|
is err part 'Calling crt |
||||
|
arg0: |
||||
|
| wiz: foo |
||||
|
arg1: |
||||
|
| renew |
||||
|
arg2: |
||||
|
| www.example.com |
||||
|
' |
||||
|
is err part 'II Domain foo.bar does not need renewing (32 days left).' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF=' |
||||
|
options: |
||||
|
wiz: foo |
||||
|
renew-before-expiry: 15 |
||||
|
' |
||||
|
GET_DOMAIN_LIST=' |
||||
|
www.example.com: |
||||
|
remaining: 45 |
||||
|
' |
||||
|
crt_renew |
||||
|
" "setting renew-before-expiry" |
||||
|
is err part 'II Domain www.example.com does not need renewing (45 days left).' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
GET_DOMAIN_LIST=' |
||||
|
www.example.com: |
||||
|
remaining: EXPIRED |
||||
|
' |
||||
|
crt_renew |
||||
|
" "expired cert" |
||||
|
is err part 'II Renewing domain www.example.com (expired).' RTRIM |
||||
|
is errlvl 0 |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
crt() { ! [[ \"\$3\" =~ ^wiz|foo$ ]]; } |
||||
|
exname=\"crt renew\" |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_COMPOSE_SERVICE_DEF= |
||||
|
GET_DOMAIN_LIST=' |
||||
|
www.example.com: |
||||
|
remaining: EXPIRED |
||||
|
foo: |
||||
|
remaining: EXPIRED |
||||
|
bar: |
||||
|
remaining: 98 |
||||
|
wiz: |
||||
|
remaining: 10 |
||||
|
' |
||||
|
crt_renew |
||||
|
" "some failed renewal" |
||||
|
is err part 'II Renewing domain www.example.com (expired).' RTRIM |
||||
|
is err part 'Error: At least one domain failed to be renewed: foo wiz' RTRIM |
||||
|
is errlvl 1 |
||||
|
is out '' |
||||
|
|
@ -0,0 +1,61 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
letsencrypt_get_challenge_type() { |
||||
|
echo 'Calling letsencrypt_get_challenge_type' >&2 |
||||
|
echo \"\$LETSENCRYPT_GET_CHALLENGE_TYPE\" |
||||
|
} |
||||
|
export -f letsencrypt_get_challenge_type |
||||
|
|
||||
|
" |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
LETSENCRYPT_GET_CHALLENGE_TYPE=foo |
||||
|
get_challenge_type '' create "bar" |
||||
|
" |
||||
|
is errlvl 0 |
||||
|
is err "Warning: No challenge-type provided, defaulting to 'http'." RTRIM |
||||
|
is out 'http' RTRIM |
||||
|
|
||||
|
try " |
||||
|
LETSENCRYPT_GET_CHALLENGE_TYPE=foo |
||||
|
get_challenge_type ' |
||||
|
challenge-type: wiz |
||||
|
' create "bar" |
||||
|
" |
||||
|
noerror |
||||
|
is out 'wiz' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
LETSENCRYPT_GET_CHALLENGE_TYPE=foo |
||||
|
get_challenge_type ' |
||||
|
challenge-type: wiz |
||||
|
' renew "bar" |
||||
|
" |
||||
|
is errlvl 0 |
||||
|
is err 'Calling letsencrypt_get_challenge_type' RTRIM |
||||
|
is out 'foo' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
LETSENCRYPT_GET_CHALLENGE_TYPE=http-01 |
||||
|
get_challenge_type ' |
||||
|
challenge-type: wiz |
||||
|
' renew "bar" |
||||
|
" |
||||
|
is errlvl 0 |
||||
|
is err 'Calling letsencrypt_get_challenge_type' RTRIM |
||||
|
is out 'http' RTRIM |
||||
|
|
@ -0,0 +1,142 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
get_challenge_type() { |
||||
|
local i |
||||
|
echo \"Calling get_challenge_type\" >&2 |
||||
|
((i=0)) |
||||
|
for arg in \"\$@\"; do |
||||
|
echo \" arg\$((i++)):\" |
||||
|
echo \"\$arg\" | prefix \" | \" |
||||
|
done >&2 |
||||
|
echo \"\$GET_CHALLENGE_TYPE\" |
||||
|
} |
||||
|
export -f get_challenge_type |
||||
|
|
||||
|
" |
||||
|
|
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_CHALLENGE_TYPE=foo |
||||
|
get_dc_env '' create bar |
||||
|
" |
||||
|
is errlvl 0 |
||||
|
is err part "\ |
||||
|
Calling get_challenge_type |
||||
|
arg0: |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| bar |
||||
|
" RTRIM |
||||
|
is out '$SERVICE_NAME: |
||||
|
docker-compose: |
||||
|
environment: |
||||
|
CHALLENGE_TYPE: foo' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_CHALLENGE_TYPE=foo |
||||
|
get_dc_env ' |
||||
|
email: foo@example.com |
||||
|
' create bar |
||||
|
" |
||||
|
is errlvl 0 |
||||
|
is err part "\ |
||||
|
Calling get_challenge_type |
||||
|
arg0: |
||||
|
| |
||||
|
| email: foo@example.com |
||||
|
| |
||||
|
arg1: |
||||
|
| create |
||||
|
arg2: |
||||
|
| bar |
||||
|
" RTRIM |
||||
|
is out '$SERVICE_NAME: |
||||
|
docker-compose: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
CHALLENGE_TYPE: foo' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_CHALLENGE_TYPE=foo |
||||
|
get_dc_env ' |
||||
|
email: foo@example.com |
||||
|
env: |
||||
|
' create bar |
||||
|
" "environment def is empty" |
||||
|
is errlvl 0 |
||||
|
is out '$SERVICE_NAME: |
||||
|
docker-compose: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
CHALLENGE_TYPE: foo' RTRIM |
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_CHALLENGE_TYPE=foo |
||||
|
get_dc_env ' |
||||
|
email: foo@example.com |
||||
|
env: |
||||
|
ignore: x |
||||
|
ovh: |
||||
|
foo: 1 |
||||
|
bar: 2 |
||||
|
wiz: |
||||
|
foo: 1 |
||||
|
' create bar |
||||
|
" "environment def without provider" |
||||
|
is errlvl 0 |
||||
|
is out '$SERVICE_NAME: |
||||
|
docker-compose: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
LEXICON_OVH_FOO: 1 |
||||
|
LEXICON_OVH_BAR: 2 |
||||
|
LEXICON_WIZ_FOO: 1 |
||||
|
LEXICON_PROVIDER: ovh |
||||
|
CHALLENGE_TYPE: foo' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
SERVICE_NAME='\$SERVICE_NAME' |
||||
|
GET_CHALLENGE_TYPE=foo |
||||
|
get_dc_env ' |
||||
|
email: foo@example.com |
||||
|
env: |
||||
|
ignore: y |
||||
|
ovh: |
||||
|
foo: 1 |
||||
|
bar: 2 |
||||
|
wiz: |
||||
|
foo: 1 |
||||
|
provider: wiz |
||||
|
' create bar |
||||
|
" "environment def with provider" |
||||
|
is errlvl 0 |
||||
|
is out '$SERVICE_NAME: |
||||
|
docker-compose: |
||||
|
environment: |
||||
|
LETSENCRYPT_USER_MAIL: foo@example.com |
||||
|
LEXICON_OVH_FOO: 1 |
||||
|
LEXICON_OVH_BAR: 2 |
||||
|
LEXICON_WIZ_FOO: 1 |
||||
|
LEXICON_PROVIDER: wiz |
||||
|
CHALLENGE_TYPE: foo' RTRIM |
||||
|
|
@ -0,0 +1,96 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
has_existing_cert() { |
||||
|
echo \"Calling has_existing_cert $*\" >&2 |
||||
|
[ \"\$HAS_EXISTING_CERT\" == 'yes' ] |
||||
|
} |
||||
|
export -f has_existing_cert |
||||
|
|
||||
|
letsencrypt_cert_info() { |
||||
|
echo \"Calling letsencrypt_cert_info $*\" >&2 |
||||
|
echo \"\$LETSENCRYPT_CERT_INFO\" |
||||
|
} |
||||
|
export -f letsencrypt_cert_info |
||||
|
|
||||
|
" |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT= ## False |
||||
|
valid_existing_cert 30 'www.example.com' |
||||
|
" |
||||
|
is errlvl 1 |
||||
|
is err 'Calling has_existing_cert' RTRIM |
||||
|
is out '' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT=yes ## False |
||||
|
LETSENCRYPT_CERT_INFO=' |
||||
|
domains: www.example.com |
||||
|
remaining: 74 |
||||
|
' |
||||
|
valid_existing_cert 30 'www.example.com' |
||||
|
" "existing and valid cert" |
||||
|
is errlvl 0 |
||||
|
is err part 'Calling has_existing_cert' RTRIM |
||||
|
is err part 'Querying www.example.com for previous info...' RTRIM |
||||
|
is err part 'Calling letsencrypt_cert_info' RTRIM |
||||
|
is out '' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT=yes ## False |
||||
|
LETSENCRYPT_CERT_INFO=' |
||||
|
domains: www.example.com |
||||
|
remaining: 74 |
||||
|
' |
||||
|
valid_existing_cert 90 'www.example.com' |
||||
|
" "days validity beneath threshold" |
||||
|
is errlvl 1 |
||||
|
is out '' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT=yes ## False |
||||
|
LETSENCRYPT_CERT_INFO=' |
||||
|
domains: www.example.com example.com |
||||
|
remaining: 74 |
||||
|
' |
||||
|
valid_existing_cert 30 'www.example.com' |
||||
|
" "domains mismatch 1" |
||||
|
is errlvl 2 |
||||
|
is out '' RTRIM |
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT=yes ## False |
||||
|
LETSENCRYPT_CERT_INFO=' |
||||
|
domains: www.example.com |
||||
|
remaining: 74 |
||||
|
' |
||||
|
valid_existing_cert 30 'www.example.com' example.com |
||||
|
" "domains mismatch 2" |
||||
|
is errlvl 2 |
||||
|
is out '' RTRIM |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
HAS_EXISTING_CERT=yes ## False |
||||
|
LETSENCRYPT_CERT_INFO=' |
||||
|
domains: www.example.com |
||||
|
remaining: EXPIRED |
||||
|
' |
||||
|
valid_existing_cert 30 www.example.com |
||||
|
" "expired" |
||||
|
is errlvl 1 |
||||
|
is out '' RTRIM |
@ -0,0 +1,33 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
" |
||||
|
|
||||
|
|
||||
|
try "echo ' |
||||
|
a: b |
||||
|
' | yaml_opt_bash_env PREFIX | tr '\0' ':'" |
||||
|
noerror |
||||
|
is out 'PREFIX_A:b:' |
||||
|
|
||||
|
|
||||
|
try "echo ' |
||||
|
x: 1 |
||||
|
y: |
||||
|
a: 4 |
||||
|
b: 3 |
||||
|
|
||||
|
' | yaml_opt_bash_env PREFIX | tr '\0' ':'" |
||||
|
noerror |
||||
|
is out 'PREFIX_X:1:PREFIX_Y_A:4:PREFIX_Y_B:3:' |
||||
|
|
||||
|
|
@ -0,0 +1,26 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
" |
||||
|
|
||||
|
|
||||
|
try "echo ' |
||||
|
x: 1 |
||||
|
y: |
||||
|
a: 4 |
||||
|
b: 3 |
||||
|
|
||||
|
' | yaml_opt_bash_env PREFIX | tr '\0' ':'" |
||||
|
noerror |
||||
|
is out 'PREFIX_X:1:PREFIX_Y_A:4:PREFIX_Y_B:3:' |
||||
|
|
||||
|
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue