mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-05-11 05:55:12 +00:00
Abstraction for Certificate Storage (+ vault storage) (#406)
* new abstraction around storage * re-work completely to fit new acme package pre-solving paradigm * vault storage plugin * add some vendor * delete old vendor pinning mechanism
This commit is contained in:
@ -37,6 +37,8 @@ type GetCertsArgs struct {
|
||||
Email string
|
||||
AgreeTOS bool
|
||||
Verbose bool
|
||||
Vault bool
|
||||
VaultPath string
|
||||
|
||||
IgnoredProviders string
|
||||
}
|
||||
@ -80,6 +82,17 @@ func (args *GetCertsArgs) flags() []cli.Flag {
|
||||
Destination: &args.AgreeTOS,
|
||||
Usage: `Must provide this to agree to Let's Encrypt terms of service`,
|
||||
})
|
||||
flags = append(flags, cli.BoolFlag{
|
||||
Name: "vault",
|
||||
Destination: &args.Vault,
|
||||
Usage: `Store certificates as secrets in hashicorp vault instead of on disk.`,
|
||||
})
|
||||
flags = append(flags, cli.StringFlag{
|
||||
Name: "vaultPath",
|
||||
Destination: &args.VaultPath,
|
||||
Value: "/secret/certs",
|
||||
Usage: `Path in vault to store certificates`,
|
||||
})
|
||||
flags = append(flags, cli.StringFlag{
|
||||
Name: "skip",
|
||||
Destination: &args.IgnoredProviders,
|
||||
@ -140,13 +153,21 @@ func GetCerts(args GetCertsArgs) error {
|
||||
if err = validateCertificateList(certList, cfg); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
acmeServer := args.ACMEServer
|
||||
if acmeServer == "live" {
|
||||
acmeServer = acme.LetsEncryptLive
|
||||
} else if acmeServer == "staging" {
|
||||
acmeServer = acme.LetsEncryptStage
|
||||
}
|
||||
client, err := acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
|
||||
|
||||
var client acme.Client
|
||||
|
||||
if args.Vault {
|
||||
client, err = acme.NewVault(cfg, args.VaultPath, args.Email, acmeServer)
|
||||
} else {
|
||||
client, err = acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
Reference in New Issue
Block a user