Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5018 Commits
9 Branches
44 Tags
15 MiB
Tree: 0e93aa3cea
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e93aa3cea'
${ noResults }
acme.sh/deploy/cloudhub_v2.sh

205 lines
6.3 KiB
Raw Normal View History

Adding support for CloudHub V2
2 years ago
Adding support for CloudHub V2
2 years ago
Adding support for CloudHub V2
2 years ago
  1. #!/usr/bin/env sh
  3. # Here is a script to deploy certificates to CloudHub V2 using Anypoint Platform REST APIs via curl
  4. # A TLS Context is created and the certificates deployed on it
  5. # (https://docs.mulesoft.com/cloudhub-2/ps-config-domains/)
  6. #
  7. # This script will use Connected Apps - Client Credentials
  8. # The App must have "Cloudhub Network Administrator" or "Cloudhub Organization Admin" scope
  9. # (https://docs.mulesoft.com/access-management/connected-apps-developers#developers)
  10. #
  11. # It requires following environment variables:
  12. #
  13. # CH2_CLIENT_ID - Connected App Client ID
  14. # CH2_CLIENT_SECRET - Connected App Client Secret
  15. # ORGANIZATION_ID - Anypoint Platform Organization ID
  16. # CH2_PRIVATE_SPACE_ID - Private Space ID where the TLS Context will be created
  17. #
  18. #
  20. #returns 0 means success, otherwise error.
  22. ######## Public functions #####################
  24. #!/usr/bin/env sh
  26. #Here is a sample custom api script.
  27. #This file name is "myapi.sh"
  28. #So, here must be a method myapi_deploy()
  29. #Which will be called by acme.sh to deploy the cert
  30. #returns 0 means success, otherwise error.
  32. ######## Public functions #####################
  34. #domain keyfile certfile cafile fullchain
  35. cloudhub_v2_deploy() {
  36. _cdomain="$1"
  37. _ckey="$2"
  38. _ccert="$3"
  39. _cca="$4"
  40. _cfullchain="$5"
  42. _debug _cdomain "$_cdomain"
  43. _debug _ckey "$_ckey"
  44. _debug _ccert "$_ccert"
  45. _debug _cca "$_cca"
  46. _debug _cfullchain "$_cfullchain"
  48. _getdeployconf CH2_CLIENT_ID
  49. _getdeployconf CH2_CLIENT_SECRET
  50. _getdeployconf ORGANIZATION_ID
  51. _getdeployconf CH2_PRIVATE_SPACE_ID
  53. # Validate required env vars
  54. if [ -z "$CH2_CLIENT_ID" ]; then
  55. _err "Connected App CH2_CLIENT_ID not defined."
  56. return 1
  57. fi
  59. if [ -z "$CH2_CLIENT_SECRET" ]; then
  60. _err "Connected App CH2_CLIENT_SECRET not defined."
  61. return 1
  62. fi
  64. if [ -z "$ORGANIZATION_ID" ]; then
  65. _err "ORGANIZATION_ID not defined."
  66. return 1
  67. fi
  69. if [ -z "$CH2_PRIVATE_SPACE_ID" ]; then
  70. _err "CH2_PRIVATE_SPACE_ID not defined."
  71. return 1
  72. fi
  74. # Set Anypoint Platform URL
  75. if [ -z "$ANYPOINT_URL" ]; then
  76. _debug "ANYPOINT_URL Not set, using default https://anypoint.mulesoft.com"
  77. ANYPOINT_URL="https://anypoint.mulesoft.com"
  78. fi
  80. _savedeployconf CH2_CLIENT_ID "$CH2_CLIENT_ID"
  81. _savedeployconf CH2_CLIENT_SECRET "$CH2_CLIENT_SECRET"
  82. _savedeployconf ORGANIZATION_ID "$ORGANIZATION_ID"
  83. _savedeployconf CH2_PRIVATE_SPACE_ID "$CH2_PRIVATE_SPACE_ID"
  84. _savedeployconf ANYPOINT_URL "$ANYPOINT_URL"
  86. # Anypoint Platform access token
  87. _info "Obtaining a Anypoint Platform access token"
  88. token_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${CH2_CLIENT_ID}\", \"client_secret\": \"${CH2_CLIENT_SECRET}\"}"
  89. _debug token_data "$token_data"
  90. token_response="$(_cloudhub_rest "POST" "/accounts/api/v2/oauth2/token" "$token_data")"
  91. _ret="$?"
  93. if [ "$_ret" != 0 ]; then
  94. _err "Error while creating token"
  95. return 1
  96. fi
  98. regex_token=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$"
  99. _debug regex_token "$regex_token"
  100. access_token=$(echo "$token_response" | _json_decode | sed -n "s/$regex_token/\1/p")
  102. _debug access_token "$access_token"
  103. export _H1="Authorization: Bearer ${access_token}"
  105. # Get TLS-Context
  106. tls_context_name=$(echo "$_cdomain" | tr '.' '-' | tr '*' 'x')
  107. tls_context_id=$(_get_tls_context_id "$tls_context_name")
  108. _ret="$?"
  110. if [ "$_ret" != 0 ]; then
  111. _err "Error while retrieving TLS-Context"
  112. return 1
  113. fi
  115. _debug tls_context_id "$tls_context_id"
  117. cert_data="{\"name\":\"$tls_context_name\", \"tlsConfig\": {\"keyStore\":{\"source\":\"PEM\",\"certificate\":\"$(_json_encode <"$_ccert")\", \"key\":\"$(_json_encode <"$_ckey")\", \"capath\":\"$(_json_encode <"$_cca")\"}}}"
  119. if [ -z "$tls_context_id" ]; then
  120. #Post certificate to Private Space
  121. _info "Creating a new TLS-Context with name: $tls_context_name"
  122. cert_response="$(_cloudhub_rest "POST" "/runtimefabric/api/organizations/$ORGANIZATION_ID/privatespaces/$CH2_PRIVATE_SPACE_ID/tlsContexts" "$cert_data")"
  123. else
  124. #Patch certificate to Private Space
  125. _info "Updating TLS-Context with name: $tls_context_name and id: $tls_context_id"
  126. cert_response="$(_cloudhub_rest "PATCH" "/runtimefabric/api/organizations/$ORGANIZATION_ID/privatespaces/$CH2_PRIVATE_SPACE_ID/tlsContexts/$tls_context_id" "$cert_data")"
  127. fi
  129. _debug cert_response "$cert_response"
  131. _ret="$?"
  133. if [ "$_ret" != 0 ]; then
  134. _err "Error while creating/updating TLS-Context"
  135. return 1
  136. fi
  138. _info "Certificate deployed!"
  139. }
  141. #################### Private functions below ##################################
  142. # Retrieve TLS Context If from Private Space
  143. #returns
  144. # tls_context_id
  145. _get_tls_context_id() {
  146. _domain=$1
  148. # Get Tls-Context
  149. tls_context_response="$(_cloudhub_rest "GET" "/runtimefabric/api/organizations/$ORGANIZATION_ID/privatespaces/$CH2_PRIVATE_SPACE_ID/tlsContexts" | _normalizeJson)"
  150. _ret="$?"
  152. if [ "$_ret" != 0 ]; then
  153. return 1
  154. fi
  156. if _contains "$tls_context_response" "\"name\":\"$_domain\"" >/dev/null; then
  157. tlscontext_list=$(echo "$tls_context_response" | _egrep_o "\"id\":\".*\",\"name\":\"$_domain\"")
  159. if [ "$tlscontext_list" ]; then
  160. regex_id=".*\"id\":\"\([-._0-9A-Za-z]*\)\".*$"
  161. tls_context_id=$(echo "$tlscontext_list" | sed -n "s/$regex_id/\1/p")
  162. if [ "$tls_context_id" ]; then
  163. _debug "TLS-Context id: $tls_context_id found! The script will update it."
  164. printf "%s" "$tls_context_id"
  165. return 0
  166. fi
  167. _err "Can't extract TLS-Context id from: $tlscontext_list"
  168. return 1
  169. fi
  170. fi
  172. return 0
  173. }
  175. _cloudhub_rest() {
  176. _method=$1
  177. _path="$2"
  178. _data="$3"
  180. # clear headers from previous request to avoid getting wrong http code
  181. : >"$HTTP_HEADER"
  183. _debug data "$_data"
  184. if [ "$_method" != "GET" ]; then
  185. response="$(_post "$_data" "$ANYPOINT_URL""$_path" "" "$_method" "application/json")"
  186. else
  187. response="$(_get "$ANYPOINT_URL""$_path")"
  188. fi
  189. _ret="$?"
  191. http_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  192. _debug "HTTP status $http_code"
  193. _debug response "$response"
  194. _debug _ret "$_ret"
  196. if [ "$_ret" = "0" ] && { [ "$http_code" -ge 200 ] && [ "$http_code" -le 299 ];}; then
  197. printf "%s" "$response"
  198. return 0
  199. else
  200. _err "Error sending request to $_path"
  201. _err "HTTP Status $http_code"
  202. _err "Response $response"
  203. return 1
  204. fi
  205. }