Page MenuHomeDevCentral

Plugin to deploy certificates to an additional path
Changes PlannedPublic

Authored by Sandlayth on Dec 2 2016, 22:13.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 19:32
Unknown Object (File)
Wed, Nov 20, 15:24
Unknown Object (File)
Tue, Nov 19, 11:57
Unknown Object (File)
Tue, Nov 19, 11:56
Unknown Object (File)
Tue, Nov 19, 11:56
Unknown Object (File)
Tue, Nov 19, 11:56
Unknown Object (File)
Tue, Nov 19, 11:50
Unknown Object (File)
Tue, Nov 19, 11:46

Details

Reviewers
dereckson
Summary

Plugin to deploy certificates to an additionnal path

Test Plan

certbot-auto certonly --standalone -d mumble.nasqueron.org

Diff Detail

Lint
No Lint Coverage
Unit
No Test Coverage
Branch
master
Build Status
Buildable 1127
Build 1342: arc lint + arc unit

Event Timeline

Sandlayth retitled this revision from to Plugin to deploy certificates to an additionnal path.
Sandlayth updated this object.
Sandlayth edited the test plan for this revision. (Show Details)
Sandlayth added a reviewer: dereckson.
Sandlayth added subscribers: dereckson, Sandlayth.
plugin.py
2 ↗(On Diff #1861)

So we want to use it for Mumble, but also for the mailserver lxc container.

It's applicable to every jail/container/chroot/constrained environment where a symlink isn't possible.

5 ↗(On Diff #1861)

We're in November/December.

7 ↗(On Diff #1861)

I'd list Certbot, the Let's encrypt client here.

26 ↗(On Diff #1861)

We implement the interface.

So describe here briefly our implementation goals.

The description do that very well by the way.

44 ↗(On Diff #1861)

We probably need to check here we've in the config the target directory, if not we should raise MisconfigurationError.

As we won't use the others, we can avoid to document them.

61 ↗(On Diff #1861)

Implement this.

89 ↗(On Diff #1861)

The logger object can be used here to explain what we are doing.

logger.info("Copying certificate files")

92 ↗(On Diff #1861)

Here we should instead raise a PluginError.

By the way, plugins shouldn't print anything directly to stdout, instead they should use the logger interface.

115 ↗(On Diff #1861)

that's more_info I think.

Enhancements are a way to "improve" the target situation (for example edit config files to declare the certificate). We don't do that here.

161 ↗(On Diff #1861)

Ah yes, okay okay, a different implementation for Mumble and the mailserver is perhaps needed if we want to do this :p

168 ↗(On Diff #1861)

raise PluginError instead

Dividing plugin into services

Raising requiered errors (PluginError, MisconfigurationError), and
correcting some typos

Missing a word in the string returned by more_info()

certCopyPlugin.py
38

Is the target folder enough?

Services configuration files expect sometimes other patterns to name certificates, for example private.pem and public.pem files.

Probably better to let in the configuration set the final name.

Also useful not to have to modify servers config for 0001 Let's encrypt certificates names.

dereckson retitled this revision from Plugin to deploy certificates to an additionnal path to Plugin to deploy certificates to an additional path.May 22 2022, 21:37