|
|
@@ -31,14 +31,15 @@ kong_deploy() {
|
|
|
_debug _cca "$_cca"
|
|
|
_debug _cfullchain "$_cfullchain"
|
|
|
|
|
|
- #Get uuid linked to the domain
|
|
|
- uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
|
|
- if [ -z "$uuid" ]; then
|
|
|
- _err "Unable to get Kong uuid for domain $_cdomain"
|
|
|
- _err "Make sure that KONG_URL is correctly configured"
|
|
|
- _err "Make sure that a Kong api request_host match the domain"
|
|
|
- _err "Kong url: $KONG_URL"
|
|
|
- return 1
|
|
|
+ #Get ssl_uuid linked to the domain
|
|
|
+ ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
|
|
+ if [ -z "$ssl_uuid" ]; then
|
|
|
+ _debug "Unable to get Kong ssl_uuid for domain $_cdomain"
|
|
|
+ _debug "Make sure that KONG_URL is correctly configured"
|
|
|
+ _debug "Make sure that a Kong certificate match the sni"
|
|
|
+ _debug "Kong url: $KONG_URL"
|
|
|
+ _info "No existing certificate, creating..."
|
|
|
+ #return 1
|
|
|
fi
|
|
|
#Save kong url if it's succesful (First run case)
|
|
|
_saveaccountconf KONG_URL "$KONG_URL"
|
|
|
@@ -48,12 +49,15 @@ kong_deploy() {
|
|
|
#Set Header
|
|
|
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
|
|
#Generate data for request (Multipart/form-data with mixed content)
|
|
|
- #set name to ssl
|
|
|
- content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
|
|
|
+ content="--$delim${nl}"
|
|
|
+ if [ -z "$ssl_uuid" ]; then
|
|
|
+ #set sni to domain
|
|
|
+ content="$content{nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
|
|
|
+ fi
|
|
|
#add key
|
|
|
- content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
|
|
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
|
|
#Add cert
|
|
|
- content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
|
|
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
|
|
#Close multipart
|
|
|
content="$content${nl}--$delim--${nl}"
|
|
|
#Convert CRLF
|
|
|
@@ -61,17 +65,16 @@ kong_deploy() {
|
|
|
#DEBUG
|
|
|
_debug header "$_H1"
|
|
|
_debug content "$content"
|
|
|
- #Check if ssl plugins is aready enabled (if not => POST else => PATCH)
|
|
|
- ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
|
|
- _debug ssl_uuid "$ssl_uuid"
|
|
|
+ #Check if sslcreated (if not => POST else => PATCH)
|
|
|
+
|
|
|
if [ -z "$ssl_uuid" ]; then
|
|
|
#Post certificate to Kong
|
|
|
- response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
|
|
|
+ response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
|
|
|
else
|
|
|
#patch
|
|
|
- response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
|
|
+ response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
|
|
|
fi
|
|
|
- if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
|
|
+ if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
|
|
|
_err "An error occurred with cert upload. Check response:"
|
|
|
_err "$response"
|
|
|
return 1
|
thecantero