From edcef92f70ed57fe6958b5b7e62a475d3e0d061e Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Tue, 15 May 2018 14:04:26 +0800 Subject: [PATCH 1/7] Initial deploy hook for VMware UAG appliance --- deploy/vmwareuag.sh | 131 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 deploy/vmwareuag.sh diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh new file mode 100644 index 00000000..7cc9ab5b --- /dev/null +++ b/deploy/vmwareuag.sh @@ -0,0 +1,131 @@ +#!/usr/bin/env sh + +# Script for acme.sh to deploy certificates to a VMware UAG appliance +# +# The following variables can be exported: +# +# export DEPLOY_VMWAREUAG_USERNAME="admin" +# export DEPLOY_VMWAREUAG_PASSWORD="" # required +# export DEPLOY_VMWAREUAG_HOST="" # required (comma seperated list) +# export DEPLOY_VMWAREUAG_PORT="9443" +# export DEPLOY_VMWAREUAG_SSL_VERIFY="yes" +# +# + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +vmwareuag_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + # Some defaults + DEPLOY_VMWAREUAG_USERNAME_DEFAULT="admin" + DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT="yes" + DEPLOY_VMWAREUAG_PORT_DEFAULT="9443" + + if [ -f "${DOMAIN_CONF}" ]; then + # shellcheck disable=SC1090 + . "${DOMAIN_CONF}" + fi + + _debug _cdomain "${_cdomain}" + _debug _ckey "${_ckey}" + _debug _ccert "${_ccert}" + _debug _cca "${_cca}" + _debug _cfullchain "${_cfullchain}" + + # USERNAME is optional. If not provided then assume "${DEPLOY_VMWAREUAG_USERNAME_DEFAULT}" + if [ -n "${DEPLOY_VMWAREUAG_USERNAME}" ]; then + Le_Deploy_vmwareuag_username="${DEPLOY_VMWAREUAG_USERNAME}" + _savedomainconf Le_Deploy_vmwareuag_username "${Le_Deploy_vmwareuag_username}" + elif [ -z "${Le_Deploy_vmwareuag_username}" ]; then + Le_Deploy_vmwareuag_username="${DEPLOY_VMWAREUAG_USERNAME_DEFAULT}" + fi + + # PASSWORD is required. + if [ -n "${DEPLOY_VMWAREUAG_PASSWORD}" ]; then + Le_Deploy_vmwareuag_password="${DEPLOY_VMWAREUAG_PASSWORD}" + _savedomainconf Le_Deploy_vmwareuag_password "${Le_Deploy_vmwareuag_password}" + elif [ -z "${Le_Deploy_vmwareuag_password}" ]; then + _err "DEPLOY_VMWAREUAG_PASSWORD is required" + return 1 + fi + + # HOST is required. + if [ -n "${DEPLOY_VMWAREUAG_HOST}" ]; then + Le_Deploy_vmwareuag_host="${DEPLOY_VMWAREUAG_HOST}" + _savedomainconf Le_Deploy_vmwareuag_host "${Le_Deploy_vmwareuag_host}" + elif [ -z "${Le_Deploy_vmwareuag_host}" ]; then + _err "DEPLOY_VMWAREUAG_HOST is required" + return 1 + fi + + # SSL_VERIFY is optional. If not provided then assume "${DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT}" + if [ -n "${DEPLOY_VMWAREUAG_SSL_VERIFY}" ]; then + Le_Deploy_vmwareuag_ssl_verify="${DEPLOY_VMWAREUAG_SSL_VERIFY}" + _savedomainconf Le_Deploy_vmwareuag_ssl_verify "${Le_Deploy_vmwareuag_ssl_verify}" + elif [ -z "${Le_Deploy_vmwareuag_ssl_verify}" ]; then + Le_Deploy_vmwareuag_ssl_verify="${DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT}" + fi + + # PORT is optional. If not provided then assume "${DEPLOY_VMWAREUAG_PORT_DEFAULT}" + if [ -n "${DEPLOY_VMWAREUAG_PORT}" ]; then + Le_Deploy_vmwareuag_port="${DEPLOY_VMWAREUAG_PORT}" + _savedomainconf Le_Deploy_vmwareuag_port "${Le_Deploy_vmwareuag_port}" + elif [ -z "${Le_Deploy_vmwareuag_port}" ]; then + Le_Deploy_vmwareuag_port="${DEPLOY_VMWAREUAG_PORT_DEFAULT}" + fi + + # Set variables for later use + _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" + _contenttype="Content-Type: application/json" + _privatekeypem="$(cat "${_ckey}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" + _certchainpem="$(cat "${_ccert}" "${_cca}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" + _port="${Le_Deploy_vmwareuag_port}" + _path="/rest/v1/config/certs/ssl/end_user" + + _debug _user "${_user}" + _debug _contenttype "${_contenttype}" + _debug _privatekeypem "${_privatekeypem}" + _debug _certchainpem "${_certchainpem}" + _debug _port "${_port}" + _debug _path "${_path}" + + # Create JSON request + _jsonreq=(_mktemp) + _debug _jsonreq "${_jsonreq}" + + printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}" > "${_jsonreq}" + _debug JSON "$(cat "${_jsonreq}")" + + # Send request via curl + if command -v curl; then + _info "Using curl" + if [ "${Le_Deploy_vmwareuag_ssl_verify}" = "yes" ]; then + _opts="" + else + _opts="-k" + fi + _oldifs=${IFS} + IFS=, + for _host in ${Le_Deploy_vmwareuag_host}; do + _url="https://${_host}:${_port}${_path}" + _debug _url "${_url}" + curl ${_opts} -X PUT -H "${_contenttype}" -d "@${_jsonreq}" -u "${_user}" "${_url}" + done + IFS=${_oldifs} + # Remove JSON request file + [ -f "${_jsonreq}" ] && rm -f "${_jsonreq}" + elif command -v wget; then + _info "Using wget" + _err "Not implemented" + # Remove JSON request file + [ -f "${_jsonreq}" ] && rm -f "${_jsonreq}" + return 1 + fi + return 0 +} From d0233d3fa41be4766ce0b38b04ad3cb57d8e0bc2 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Tue, 15 May 2018 14:17:03 +0800 Subject: [PATCH 2/7] shellcheck fixes --- deploy/vmwareuag.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index 7cc9ab5b..1ed2183e 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -83,6 +83,7 @@ vmwareuag_deploy() { # Set variables for later use _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" _contenttype="Content-Type: application/json" + # shellcheck disable=SC2002 _privatekeypem="$(cat "${_ckey}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" _certchainpem="$(cat "${_ccert}" "${_cca}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" _port="${Le_Deploy_vmwareuag_port}" @@ -96,10 +97,10 @@ vmwareuag_deploy() { _debug _path "${_path}" # Create JSON request - _jsonreq=(_mktemp) + _jsonreq=$(_mktemp) _debug _jsonreq "${_jsonreq}" - printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}" > "${_jsonreq}" + printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}" >"${_jsonreq}" _debug JSON "$(cat "${_jsonreq}")" # Send request via curl From 5766ca55c774751439b65e79ccde2500c221689f Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Tue, 15 May 2018 14:37:27 +0800 Subject: [PATCH 3/7] Whitespace --- deploy/vmwareuag.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index 1ed2183e..bf16aeb7 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -99,7 +99,7 @@ vmwareuag_deploy() { # Create JSON request _jsonreq=$(_mktemp) _debug _jsonreq "${_jsonreq}" - + printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}" >"${_jsonreq}" _debug JSON "$(cat "${_jsonreq}")" From 31e3cd678bd79ac96a37a922bd932773e1894778 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Tue, 15 May 2018 22:40:23 +0800 Subject: [PATCH 4/7] Use fullchain rather than cat of cer and ca --- deploy/vmwareuag.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index bf16aeb7..2f246a83 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -83,9 +83,8 @@ vmwareuag_deploy() { # Set variables for later use _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" _contenttype="Content-Type: application/json" - # shellcheck disable=SC2002 - _privatekeypem="$(cat "${_ckey}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" - _certchainpem="$(cat "${_ccert}" "${_cca}" | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}')" + _privatekeypem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_ckey}")" + _certchainpem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_cfullchain}")" _port="${Le_Deploy_vmwareuag_port}" _path="/rest/v1/config/certs/ssl/end_user" From 11acf4633d66f723f12f00eee0bc4a075806feff Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Fri, 7 Jun 2019 12:47:35 +0800 Subject: [PATCH 5/7] Using _post instead of curl directly --- deploy/vmwareuag.sh | 82 ++++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 54 deletions(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index 2f246a83..89d32307 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -5,10 +5,9 @@ # The following variables can be exported: # # export DEPLOY_VMWAREUAG_USERNAME="admin" -# export DEPLOY_VMWAREUAG_PASSWORD="" # required -# export DEPLOY_VMWAREUAG_HOST="" # required (comma seperated list) -# export DEPLOY_VMWAREUAG_PORT="9443" -# export DEPLOY_VMWAREUAG_SSL_VERIFY="yes" +# export DEPLOY_VMWAREUAG_PASSWORD="" - required +# export DEPLOY_VMWAREUAG_HOST="" - required (space seperated list) host:port +# export DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - defaults to insecure # # @@ -24,8 +23,7 @@ vmwareuag_deploy() { # Some defaults DEPLOY_VMWAREUAG_USERNAME_DEFAULT="admin" - DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT="yes" - DEPLOY_VMWAREUAG_PORT_DEFAULT="9443" + DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" if [ -f "${DOMAIN_CONF}" ]; then # shellcheck disable=SC1090 @@ -64,68 +62,44 @@ vmwareuag_deploy() { return 1 fi - # SSL_VERIFY is optional. If not provided then assume "${DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT}" - if [ -n "${DEPLOY_VMWAREUAG_SSL_VERIFY}" ]; then - Le_Deploy_vmwareuag_ssl_verify="${DEPLOY_VMWAREUAG_SSL_VERIFY}" - _savedomainconf Le_Deploy_vmwareuag_ssl_verify "${Le_Deploy_vmwareuag_ssl_verify}" - elif [ -z "${Le_Deploy_vmwareuag_ssl_verify}" ]; then - Le_Deploy_vmwareuag_ssl_verify="${DEPLOY_VMWAREUAG_SSL_VERIFY_DEFAULT}" - fi - - # PORT is optional. If not provided then assume "${DEPLOY_VMWAREUAG_PORT_DEFAULT}" - if [ -n "${DEPLOY_VMWAREUAG_PORT}" ]; then - Le_Deploy_vmwareuag_port="${DEPLOY_VMWAREUAG_PORT}" - _savedomainconf Le_Deploy_vmwareuag_port "${Le_Deploy_vmwareuag_port}" - elif [ -z "${Le_Deploy_vmwareuag_port}" ]; then - Le_Deploy_vmwareuag_port="${DEPLOY_VMWAREUAG_PORT_DEFAULT}" + # HTTPS_INSECURE is optional. If not provided then assume "${DEPLOY_VMWAREUAG_HTTPS_INSECURE_DEFAULT}" + if [ -n "${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" ]; then + Le_Deploy_vmwareuag_https_insecure="${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" + _savedomainconf Le_Deploy_vmwareuag_https_insecure "${Le_Deploy_vmwareuag_https_insecure}" + elif [ -z "${Le_Deploy_vmwareuag_https_insecure}" ]; then + Le_Deploy_vmwareuag_https_insecure="${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" fi # Set variables for later use _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" - _contenttype="Content-Type: application/json" _privatekeypem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_ckey}")" _certchainpem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_cfullchain}")" - _port="${Le_Deploy_vmwareuag_port}" _path="/rest/v1/config/certs/ssl/end_user" _debug _user "${_user}" - _debug _contenttype "${_contenttype}" _debug _privatekeypem "${_privatekeypem}" _debug _certchainpem "${_certchainpem}" - _debug _port "${_port}" _debug _path "${_path}" # Create JSON request - _jsonreq=$(_mktemp) - _debug _jsonreq "${_jsonreq}" - - printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}" >"${_jsonreq}" - _debug JSON "$(cat "${_jsonreq}")" - - # Send request via curl - if command -v curl; then - _info "Using curl" - if [ "${Le_Deploy_vmwareuag_ssl_verify}" = "yes" ]; then - _opts="" - else - _opts="-k" - fi - _oldifs=${IFS} - IFS=, - for _host in ${Le_Deploy_vmwareuag_host}; do - _url="https://${_host}:${_port}${_path}" - _debug _url "${_url}" - curl ${_opts} -X PUT -H "${_contenttype}" -d "@${_jsonreq}" -u "${_user}" "${_url}" - done - IFS=${_oldifs} - # Remove JSON request file - [ -f "${_jsonreq}" ] && rm -f "${_jsonreq}" - elif command -v wget; then - _info "Using wget" - _err "Not implemented" - # Remove JSON request file - [ -f "${_jsonreq}" ] && rm -f "${_jsonreq}" - return 1 + _jsonreq="$(printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}")" + _debug JSON "${_jsonreq}" + + # dont verify certs if config set + _old_HTTPS_INSECURE="${HTTPS_INSECURE}" + if [ "${Le_Deploy_vmwareuag_https_insecure}" = "1" ]; then + HTTPS_INSECURE="1" fi + + # do post against UAG host(s) + for _host in ${Le_Deploy_vmwareuag_host}; do + _url="https://${_host}${_path}" + _debug _url "${_url}" + _post "${_jsonreq}" "${_url}" "" "PUT" "application/json" + done + + # reset HTTP_INSECURE + HTTPS_INSECURE="${_old_HTTPS_INSECURE}" + return 0 } From 3b4e2a0bf5c9566600ede094363277f45dc93ec7 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Fri, 7 Jun 2019 17:19:00 +0800 Subject: [PATCH 6/7] Updates based on feedback --- deploy/vmwareuag.sh | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index 89d32307..b1a75a30 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -2,12 +2,12 @@ # Script for acme.sh to deploy certificates to a VMware UAG appliance # -# The following variables can be exported: +# The following variables can be used: # -# export DEPLOY_VMWAREUAG_USERNAME="admin" +# export DEPLOY_VMWAREUAG_USERNAME="admin" - optional # export DEPLOY_VMWAREUAG_PASSWORD="" - required -# export DEPLOY_VMWAREUAG_HOST="" - required (space seperated list) host:port -# export DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - defaults to insecure +# export DEPLOY_VMWAREUAG_HOST="" - required - host:port - comma seperated list +# export DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - optional - defaults to insecure # # @@ -25,11 +25,6 @@ vmwareuag_deploy() { DEPLOY_VMWAREUAG_USERNAME_DEFAULT="admin" DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - if [ -f "${DOMAIN_CONF}" ]; then - # shellcheck disable=SC1090 - . "${DOMAIN_CONF}" - fi - _debug _cdomain "${_cdomain}" _debug _ckey "${_ckey}" _debug _ccert "${_ccert}" @@ -72,8 +67,10 @@ vmwareuag_deploy() { # Set variables for later use _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" - _privatekeypem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_ckey}")" - _certchainpem="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <"${_cfullchain}")" + # convert key and fullchain into "single line pem" for JSON request + _privatekeypem="$(tr '\n' '\000' <"${_ckey}" | sed 's/\x0/\\n/g')" + _certchainpem="$(tr '\n' '\000' <"${_cfullchain}" | sed 's/\x0/\\n/g')" + # api path _path="/rest/v1/config/certs/ssl/end_user" _debug _user "${_user}" @@ -83,23 +80,20 @@ vmwareuag_deploy() { # Create JSON request _jsonreq="$(printf '{ "privateKeyPem": "%s", "certChainPem": "%s" }' "${_privatekeypem}" "${_certchainpem}")" - _debug JSON "${_jsonreq}" + _debug _jsonreq "${_jsonreq}" # dont verify certs if config set - _old_HTTPS_INSECURE="${HTTPS_INSECURE}" if [ "${Le_Deploy_vmwareuag_https_insecure}" = "1" ]; then + # shellcheck disable=SC2034 HTTPS_INSECURE="1" fi # do post against UAG host(s) - for _host in ${Le_Deploy_vmwareuag_host}; do + for _host in $(echo "${Le_Deploy_vmwareuag_host}" | tr ',' ' '); do _url="https://${_host}${_path}" _debug _url "${_url}" _post "${_jsonreq}" "${_url}" "" "PUT" "application/json" done - # reset HTTP_INSECURE - HTTPS_INSECURE="${_old_HTTPS_INSECURE}" - return 0 } From 346809b7e172eab7a4d4bf6e69c099600bc23673 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Mon, 10 Jun 2019 08:13:11 +0800 Subject: [PATCH 7/7] Use _getdeployconf and _savedeployconf --- deploy/vmwareuag.sh | 52 ++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/deploy/vmwareuag.sh b/deploy/vmwareuag.sh index b1a75a30..d1cc0478 100644 --- a/deploy/vmwareuag.sh +++ b/deploy/vmwareuag.sh @@ -4,10 +4,10 @@ # # The following variables can be used: # -# export DEPLOY_VMWAREUAG_USERNAME="admin" - optional -# export DEPLOY_VMWAREUAG_PASSWORD="" - required -# export DEPLOY_VMWAREUAG_HOST="" - required - host:port - comma seperated list -# export DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - optional - defaults to insecure +# DEPLOY_VMWAREUAG_USERNAME="admin" - optional +# DEPLOY_VMWAREUAG_PASSWORD="" - required +# DEPLOY_VMWAREUAG_HOST="" - required - host:port - comma seperated +# DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" - optional - defaults to insecure # # @@ -23,7 +23,7 @@ vmwareuag_deploy() { # Some defaults DEPLOY_VMWAREUAG_USERNAME_DEFAULT="admin" - DEPLOY_VMWAREUAG_HTTPS_INSECURE="1" + DEPLOY_VMWAREUAG_HTTPS_INSECURE_DEFAULT="1" _debug _cdomain "${_cdomain}" _debug _ckey "${_ckey}" @@ -32,41 +32,41 @@ vmwareuag_deploy() { _debug _cfullchain "${_cfullchain}" # USERNAME is optional. If not provided then assume "${DEPLOY_VMWAREUAG_USERNAME_DEFAULT}" - if [ -n "${DEPLOY_VMWAREUAG_USERNAME}" ]; then - Le_Deploy_vmwareuag_username="${DEPLOY_VMWAREUAG_USERNAME}" - _savedomainconf Le_Deploy_vmwareuag_username "${Le_Deploy_vmwareuag_username}" - elif [ -z "${Le_Deploy_vmwareuag_username}" ]; then - Le_Deploy_vmwareuag_username="${DEPLOY_VMWAREUAG_USERNAME_DEFAULT}" + _getdeployconf DEPLOY_VMWAREUAG_USERNAME + _debug2 DEPLOY_VMWAREUAG_USERNAME "${DEPLOY_VMWAREUAG_USERNAME}" + if [ -z "${DEPLOY_VMWAREUAG_USERNAME}" ]; then + DEPLOY_VMWAREUAG_USERNAME="${DEPLOY_VMWAREUAG_USERNAME_DEFAULT}" fi + _savedeployconf DEPLOY_VMWAREUAG_USERNAME # PASSWORD is required. - if [ -n "${DEPLOY_VMWAREUAG_PASSWORD}" ]; then - Le_Deploy_vmwareuag_password="${DEPLOY_VMWAREUAG_PASSWORD}" - _savedomainconf Le_Deploy_vmwareuag_password "${Le_Deploy_vmwareuag_password}" - elif [ -z "${Le_Deploy_vmwareuag_password}" ]; then + _getdeployconf DEPLOY_VMWAREUAG_PASSWORD + _debug2 DEPLOY_VMWAREUAG_PASSWORD "${DEPLOY_VMWAREUAG_PASSWORD}" + if [ -z "${DEPLOY_VMWAREUAG_PASSWORD}" ]; then _err "DEPLOY_VMWAREUAG_PASSWORD is required" return 1 fi + _savedeployconf DEPLOY_VMWAREUAG_PASSWORD # HOST is required. - if [ -n "${DEPLOY_VMWAREUAG_HOST}" ]; then - Le_Deploy_vmwareuag_host="${DEPLOY_VMWAREUAG_HOST}" - _savedomainconf Le_Deploy_vmwareuag_host "${Le_Deploy_vmwareuag_host}" - elif [ -z "${Le_Deploy_vmwareuag_host}" ]; then + _getdeployconf DEPLOY_VMWAREUAG_HOST + _debug2 DEPLOY_VMWAREUAG_HOST "${DEPLOY_VMWAREUAG_HOST}" + if [ -z "${DEPLOY_VMWAREUAG_HOST}" ]; then _err "DEPLOY_VMWAREUAG_HOST is required" return 1 fi + _savedeployconf DEPLOY_VMWAREUAG_HOST # HTTPS_INSECURE is optional. If not provided then assume "${DEPLOY_VMWAREUAG_HTTPS_INSECURE_DEFAULT}" - if [ -n "${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" ]; then - Le_Deploy_vmwareuag_https_insecure="${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" - _savedomainconf Le_Deploy_vmwareuag_https_insecure "${Le_Deploy_vmwareuag_https_insecure}" - elif [ -z "${Le_Deploy_vmwareuag_https_insecure}" ]; then - Le_Deploy_vmwareuag_https_insecure="${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" + _getdeployconf DEPLOY_VMWAREUAG_HTTPS_INSECURE + _debug2 DEPLOY_VMWAREUAG_HTTPS_INSECURE "${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" + if [ -z "${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" ]; then + DEPLOY_VMWAREUAG_HTTPS_INSECURE="${DEPLOY_VMWAREUAG_HTTPS_INSECURE_DEFAULT}" fi + _savedeployconf DEPLOY_VMWAREUAG_HTTPS_INSECURE # Set variables for later use - _user="${Le_Deploy_vmwareuag_username}:${Le_Deploy_vmwareuag_password}" + _user="${DEPLOY_VMWAREUAG_USERNAME}:${DEPLOY_VMWAREUAG_PASSWORD}" # convert key and fullchain into "single line pem" for JSON request _privatekeypem="$(tr '\n' '\000' <"${_ckey}" | sed 's/\x0/\\n/g')" _certchainpem="$(tr '\n' '\000' <"${_cfullchain}" | sed 's/\x0/\\n/g')" @@ -83,13 +83,13 @@ vmwareuag_deploy() { _debug _jsonreq "${_jsonreq}" # dont verify certs if config set - if [ "${Le_Deploy_vmwareuag_https_insecure}" = "1" ]; then + if [ "${DEPLOY_VMWAREUAG_HTTPS_INSECURE}" = "1" ]; then # shellcheck disable=SC2034 HTTPS_INSECURE="1" fi # do post against UAG host(s) - for _host in $(echo "${Le_Deploy_vmwareuag_host}" | tr ',' ' '); do + for _host in $(echo "${DEPLOY_VMWAREUAG_HOST}" | tr ',' ' '); do _url="https://${_host}${_path}" _debug _url "${_url}" _post "${_jsonreq}" "${_url}" "" "PUT" "application/json"