diff --git a/docs/development/plugin-triggers.md b/docs/development/plugin-triggers.md index dc2399ace..5538a7d3b 100644 --- a/docs/development/plugin-triggers.md +++ b/docs/development/plugin-triggers.md @@ -411,6 +411,42 @@ elif [[ "$KEY_TYPE" == "key" ]]; then fi ``` +### `certs-remove` + +- Description: Removes the SSL cert/key pair from an app and fires the `post-certs-remove` and `post-domains-update` triggers. Fails if no app-specific SSL endpoint is defined. +- Invoked by: +- Arguments: `$APP` +- Example: + +```shell +#!/usr/bin/env bash +# Removes the SSL endpoint for an app + +set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x + +APP="$1" + +dokku certs:remove "$APP" +``` + +### `certs-set` + +- Description: Installs an SSL cert/key pair onto an app and fires the `post-certs-update` and `post-domains-update` triggers. `$CRT_FILE` and `$KEY_FILE` must be paths to readable PEM-encoded files. +- Invoked by: +- Arguments: `$APP $CRT_FILE $KEY_FILE` +- Example: + +```shell +#!/usr/bin/env bash +# Installs a cert/key pair for an app + +set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x + +APP="$1"; CRT_FILE="$2"; KEY_FILE="$3" + +dokku certs:add "$APP" "$CRT_FILE" "$KEY_FILE" +``` + ### `check-deploy` - Description: Allows you to run checks on a deploy before Dokku allows the container to handle requests. diff --git a/plugins/certs/certs-remove b/plugins/certs/certs-remove new file mode 100755 index 000000000..69eec4452 --- /dev/null +++ b/plugins/certs/certs-remove @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions" +source "$PLUGIN_AVAILABLE_PATH/certs/internal-functions" +set -eo pipefail +[[ $DOKKU_TRACE ]] && set -x + +trigger-certs-certs-remove() { + declare desc="removes the SSL cert/key pair from an app" + declare trigger="certs-remove" + declare APP="$1" + + verify_app_name "$APP" + fn-certs-remove "$APP" +} + +trigger-certs-certs-remove "$@" diff --git a/plugins/certs/certs-set b/plugins/certs/certs-set new file mode 100755 index 000000000..a63684b30 --- /dev/null +++ b/plugins/certs/certs-set @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions" +source "$PLUGIN_AVAILABLE_PATH/certs/internal-functions" +set -eo pipefail +[[ $DOKKU_TRACE ]] && set -x + +trigger-certs-certs-set() { + declare desc="installs an SSL cert/key pair onto an app" + declare trigger="certs-set" + declare APP="$1" CRT_FILE="$2" KEY_FILE="$3" + + verify_app_name "$APP" + fn-certs-set "$APP" "$CRT_FILE" "$KEY_FILE" +} + +trigger-certs-certs-set "$@" diff --git a/plugins/certs/internal-functions b/plugins/certs/internal-functions index a81bd92f2..2686c0a0c 100755 --- a/plugins/certs/internal-functions +++ b/plugins/certs/internal-functions @@ -4,6 +4,48 @@ source "$PLUGIN_AVAILABLE_PATH/certs/functions" set -eo pipefail [[ $DOKKU_TRACE ]] && set -x +fn-certs-set() { + declare desc="installs an SSL cert/key pair onto an app" + declare APP="$1" CRT_FILE="$2" KEY_FILE="$3" + local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls" + + if [[ -z "$CRT_FILE" ]] || [[ -z "$KEY_FILE" ]]; then + dokku_log_fail "Both CRT and KEY file paths are required" + fi + + if [[ ! -r "$CRT_FILE" ]]; then + dokku_log_fail "CRT file specified not found, please check file paths" + fi + + if [[ ! -r "$KEY_FILE" ]]; then + dokku_log_fail "KEY file specified not found, please check file paths" + fi + + mkdir -p "$APP_SSL_PATH" + rm -f "$APP_SSL_PATH/server.crt" "$APP_SSL_PATH/server.key" + cp "$CRT_FILE" "$APP_SSL_PATH/server.crt" + cp "$KEY_FILE" "$APP_SSL_PATH/server.key" + chmod 750 "$APP_SSL_PATH" + chmod 640 "$APP_SSL_PATH/server.crt" "$APP_SSL_PATH/server.key" + plugn trigger post-certs-update "$APP" + plugn trigger post-domains-update "$APP" +} + +fn-certs-remove() { + declare desc="removes the SSL cert/key pair from an app" + declare APP="$1" + local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls" + + if [[ ! -d "$APP_SSL_PATH" ]]; then + dokku_log_fail "An app-specific SSL endpoint is not defined" + fi + + dokku_log_info1 "Removing SSL endpoint from $APP" + rm -rf "$APP_SSL_PATH" + plugn trigger post-certs-remove "$APP" + plugn trigger post-domains-update "$APP" +} + cmd-certs-report() { declare desc="displays an ssl report for one or more apps" declare cmd="certs:report" diff --git a/plugins/certs/subcommands/add b/plugins/certs/subcommands/add index c6baddc1d..d95f215dc 100755 --- a/plugins/certs/subcommands/add +++ b/plugins/certs/subcommands/add @@ -3,6 +3,7 @@ set -eo pipefail [[ $DOKKU_TRACE ]] && set -x source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions" source "$PLUGIN_AVAILABLE_PATH/certs/functions" +source "$PLUGIN_AVAILABLE_PATH/certs/internal-functions" is_tar_import() { declare desc="determines if we have STDIN open in an attempt to detect a streamed tar import" @@ -35,7 +36,6 @@ cmd-certs-set() { declare APP="$1" CRT_FILE="$2" KEY_FILE="$3" verify_app_name "$APP" - local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls" if is_file_import "$CRT_FILE" "$KEY_FILE"; then # importing from file @@ -53,7 +53,7 @@ cmd-certs-set() { elif [[ $CRT_FILE_COUNT -gt 1 ]]; then dokku_log_fail "Tar archive contains more than one .crt file" else - local CRT_FILE=$CRT_FILE_SEARCH + CRT_FILE=$CRT_FILE_SEARCH fi local KEY_FILE_SEARCH=$(find . -not -path '*/\.*' -type f | grep ".key$") @@ -63,20 +63,13 @@ cmd-certs-set() { elif [[ $KEY_FILE_COUNT -gt 1 ]]; then dokku_log_fail "Tar archive contains more than one .key file" else - local KEY_FILE=$KEY_FILE_SEARCH + KEY_FILE=$KEY_FILE_SEARCH fi else dokku_log_fail "Tar archive containing server.crt and server.key expected on stdin" fi - mkdir -p "$APP_SSL_PATH" - rm -f "$APP_SSL_PATH/server.crt" "$APP_SSL_PATH/server.key" - cp "$CRT_FILE" "$APP_SSL_PATH/server.crt" - cp "$KEY_FILE" "$APP_SSL_PATH/server.key" - chmod 750 "$APP_SSL_PATH" - chmod 640 "$APP_SSL_PATH/server.crt" "$APP_SSL_PATH/server.key" - plugn trigger post-certs-update "$APP" - plugn trigger post-domains-update "$APP" + fn-certs-set "$APP" "$CRT_FILE" "$KEY_FILE" } cmd-certs-set "$@" diff --git a/plugins/certs/subcommands/remove b/plugins/certs/subcommands/remove index 87e419b72..ac5a4cbce 100755 --- a/plugins/certs/subcommands/remove +++ b/plugins/certs/subcommands/remove @@ -2,6 +2,7 @@ set -eo pipefail [[ $DOKKU_TRACE ]] && set -x source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions" +source "$PLUGIN_AVAILABLE_PATH/certs/internal-functions" cmd-certs-remove() { declare desc="removes SSL cert/key from specified app" @@ -10,16 +11,7 @@ cmd-certs-remove() { declare APP="$1" verify_app_name "$APP" - local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls" - - if [[ -d "$APP_SSL_PATH" ]]; then - dokku_log_info1 "Removing SSL endpoint from $APP" - rm -rf "$APP_SSL_PATH" - plugn trigger post-certs-remove "$APP" - plugn trigger post-domains-update "$APP" - else - dokku_log_fail "An app-specific SSL endpoint is not defined" - fi + fn-certs-remove "$APP" } cmd-certs-remove "$@" diff --git a/tests/unit/certs.bats b/tests/unit/certs.bats index d5897ffbb..2a3c8cc49 100644 --- a/tests/unit/certs.bats +++ b/tests/unit/certs.bats @@ -165,6 +165,44 @@ teardown() { assert_success } +@test "(certs) certs-set plugin trigger" { + run_plugn_trigger certs-set "$TEST_APP" "$BATS_TMPDIR/tls/server.crt" "$BATS_TMPDIR/tls/server.key" + echo "output: $output" + echo "status: $status" + assert_success + [[ -f "$DOKKU_ROOT/$TEST_APP/tls/server.crt" ]] + [[ -f "$DOKKU_ROOT/$TEST_APP/tls/server.key" ]] +} + +@test "(certs) certs-set plugin trigger missing key file" { + run_plugn_trigger certs-set "$TEST_APP" "$BATS_TMPDIR/tls/server.crt" "/nonexistent/server.key" + echo "output: $output" + echo "status: $status" + assert_failure + assert_output_contains "KEY file specified not found" +} + +@test "(certs) certs-remove plugin trigger" { + run /bin/bash -c "dokku certs:add $TEST_APP $BATS_TMPDIR/tls/server.crt $BATS_TMPDIR/tls/server.key" + echo "output: $output" + echo "status: $status" + assert_success + + run_plugn_trigger certs-remove "$TEST_APP" + echo "output: $output" + echo "status: $status" + assert_success + [[ ! -d "$DOKKU_ROOT/$TEST_APP/tls" ]] +} + +@test "(certs) certs-remove plugin trigger without endpoint" { + run_plugn_trigger certs-remove "$TEST_APP" + echo "output: $output" + echo "status: $status" + assert_failure + assert_output_contains "An app-specific SSL endpoint is not defined" +} + @test "(certs) certs:show" { run /bin/bash -c "dokku certs:show fake-app-name 2>&1" echo "output: $output" diff --git a/tests/unit/test_helper.bash b/tests/unit/test_helper.bash index 0424c2a43..fb35b626a 100644 --- a/tests/unit/test_helper.bash +++ b/tests/unit/test_helper.bash @@ -228,7 +228,7 @@ destroy_key() { rm -f /tmp/testkey* &>/dev/null || true } -# Run a plugn trigger with the env vars plugn needs, capturing $output/$status via bats `run`. +# Run a plugn trigger via `dokku plugin:trigger`, capturing $output/$status via bats `run`. # Optional VAR=VAL pairs before are forwarded as extra env vars on the bash command line. # Usage: run_plugn_trigger [VAR=VAL ...] run_plugn_trigger() { @@ -239,7 +239,7 @@ run_plugn_trigger() { done local TRIGGER="$1" shift - run /bin/bash -c "PLUGIN_PATH=$PLUGIN_PATH PLUGIN_CORE_AVAILABLE_PATH=$PLUGIN_CORE_AVAILABLE_PATH DOKKU_LIB_ROOT=$DOKKU_LIB_ROOT${extra_env} plugn trigger $TRIGGER $* < /dev/null" + run /bin/bash -c "${extra_env} dokku plugin:trigger $TRIGGER $* < /dev/null" } # Run a single plugin's trigger script directly so other plugins' handlers do not fire.