77 lines
2.8 KiB

8 years ago
8 years ago
8 years ago
8 years ago
  1. #!/usr/bin/env sh
  2. # If certificate already exists it will update only cert and key, not touching other parameters
  3. # If certificate doesn't exist it will only upload cert and key, and not set other parameters
  4. # Note that we deploy full chain
  5. # Written by Geoffroi Genot <ggenot@voxbone.com>
  6. ######## Public functions #####################
  7. #domain keyfile certfile cafile fullchain
  8. kong_deploy() {
  9. _cdomain="$1"
  10. _ckey="$2"
  11. _ccert="$3"
  12. _cca="$4"
  13. _cfullchain="$5"
  14. _info "Deploying certificate on Kong instance"
  15. if [ -z "$KONG_URL" ]; then
  16. _debug "KONG_URL Not set, using default http://localhost:8001"
  17. KONG_URL="http://localhost:8001"
  18. fi
  19. _debug _cdomain "$_cdomain"
  20. _debug _ckey "$_ckey"
  21. _debug _ccert "$_ccert"
  22. _debug _cca "$_cca"
  23. _debug _cfullchain "$_cfullchain"
  24. #Get ssl_uuid linked to the domain
  25. ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
  26. if [ -z "$ssl_uuid" ]; then
  27. _debug "Unable to get Kong ssl_uuid for domain $_cdomain"
  28. _debug "Make sure that KONG_URL is correctly configured"
  29. _debug "Make sure that a Kong certificate match the sni"
  30. _debug "Kong url: $KONG_URL"
  31. _info "No existing certificate, creating..."
  32. #return 1
  33. fi
  34. #Save kong url if it's succesful (First run case)
  35. _saveaccountconf KONG_URL "$KONG_URL"
  36. #Generate DEIM
  37. delim="-----MultipartDelimiter$(date "+%s%N")"
  38. nl="\015\012"
  39. #Set Header
  40. _H1="Content-Type: multipart/form-data; boundary=$delim"
  41. #Generate data for request (Multipart/form-data with mixed content)
  42. if [ -z "$ssl_uuid" ]; then
  43. #set sni to domain
  44. content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
  45. fi
  46. #add key
  47. content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
  48. #Add cert
  49. content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
  50. #Close multipart
  51. content="$content${nl}--$delim--${nl}"
  52. #Convert CRLF
  53. content=$(printf %b "$content")
  54. #DEBUG
  55. _debug header "$_H1"
  56. _debug content "$content"
  57. #Check if sslcreated (if not => POST else => PATCH)
  58. if [ -z "$ssl_uuid" ]; then
  59. #Post certificate to Kong
  60. response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
  61. else
  62. #patch
  63. response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
  64. fi
  65. if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
  66. _err "An error occurred with cert upload. Check response:"
  67. _err "$response"
  68. return 1
  69. fi
  70. _debug response "$response"
  71. _info "Certificate successfully deployed"
  72. }