summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2016-04-10 17:03:09 -0400
committerAndrew Cady <d@jerkface.net>2016-04-10 17:03:15 -0400
commitb059ac7e511c91a855d1bb56d0d7e2d2167d5d61 (patch)
tree6526dfda5c5d9a06b8329e7be9553858a41603bd
parent35fcdaac9e340014110837ccb2f8de4a5f653980 (diff)
Add option "--dry-run" to command "update"
Diffstat
-rw-r--r--acme-certify.hs45
1 files changed, 28 insertions, 17 deletions
diff --git a/acme-certify.hs b/acme-certify.hs
index 14c4b70..3944e2a 100644
--- a/acme-certify.hs
+++ b/acme-certify.hs
@@ -91,7 +91,9 @@ data CertifyOpts = CertifyOpts {
91data UpdateOpts = UpdateOpts { 91data UpdateOpts = UpdateOpts {
92 updateConfigFile :: Maybe FilePath, 92 updateConfigFile :: Maybe FilePath,
93 updateHosts :: [String], 93 updateHosts :: [String],
94 updateStaging :: Bool 94 updateStaging :: Bool,
95 updateDryRun :: Bool,
96 updateDoPrivisionCheck :: Bool
95} 97}
96 98
97instance Show HttpProvisioner where 99instance Show HttpProvisioner where
@@ -114,12 +116,24 @@ updateOpts = fmap Update $
114 metavar "FILENAME" <> 116 metavar "FILENAME" <>
115 help "location of YAML configuration file")) 117 help "location of YAML configuration file"))
116 <*> many (argument str (metavar "HOSTS")) 118 <*> many (argument str (metavar "HOSTS"))
119 <*> stagingSwitch
117 <*> switch 120 <*> switch
118 (long "staging" <> help 121 (long "dry-run" <> help
119 (unwords 122 (unwords
120 [ "Use staging servers instead of live servers" 123 [ "Do not fetch any certificates; only tests"
121 , "(generated certificates will not be trusted!)" 124 , "configuration file and http provisioning"
122 ])) 125 ]))
126 <*> pure True
127
128-- TODO: global options
129stagingSwitch :: Parser Bool
130stagingSwitch =
131 switch
132 (long "staging" <> help
133 (unwords
134 [ "Use staging servers instead of live servers"
135 , "(generated certificates will not be trusted!)"
136 ]))
123 137
124certifyOpts :: Parser Command 138certifyOpts :: Parser Command
125certifyOpts = fmap Certify $ 139certifyOpts = fmap Certify $
@@ -150,12 +164,7 @@ certifyOpts = fmap Certify $
150 <*> optional (strOption (long "terms" <> metavar "URL" <> 164 <*> optional (strOption (long "terms" <> metavar "URL" <>
151 help "The terms param of the registration request")) 165 help "The terms param of the registration request"))
152 <*> switch (long "skip-dhparams" <> help "Don't generate DH params for combined cert") 166 <*> switch (long "skip-dhparams" <> help "Don't generate DH params for combined cert")
153 <*> switch 167 <*> stagingSwitch
154 (long "staging" <> help
155 (unwords
156 [ "Use staging servers instead of live servers"
157 , "(generated certificates will not be trusted!)"
158 ]))
159 <*> switch 168 <*> switch
160 (long "skip-provision-check" <> help 169 (long "skip-provision-check" <> help
161 (unwords 170 (unwords
@@ -163,11 +172,6 @@ certifyOpts = fmap Certify $
163 , "making ACME requests" 172 , "making ACME requests"
164 ])) 173 ]))
165 174
166-- lookup' :: (Monad m, FromJSON a) => Config.Key -> Config -> m a
167
168extractObject :: Config -> Object
169extractObject (Config _ o) = o
170
171runUpdate :: UpdateOpts -> IO () 175runUpdate :: UpdateOpts -> IO ()
172runUpdate UpdateOpts { .. } = do 176runUpdate UpdateOpts { .. } = do
173 issuerCert <- readX509 letsEncryptX1CrossSigned 177 issuerCert <- readX509 letsEncryptX1CrossSigned
@@ -195,20 +199,27 @@ runUpdate UpdateOpts { .. } = do
195 199
196 let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3) 200 let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3)
197 201
198 when True $ 202 when updateDoPrivisionCheck $
199 forM_ wantedCertSpecs $ \spec -> 203 forM_ wantedCertSpecs $ \spec ->
200 forM_ (csDomains spec) $ uncurry canProvision >=> 204 forM_ (csDomains spec) $ uncurry canProvision >=>
201 (`unless` error "Error: cannot provision files to web server") 205 (`unless` error "Error: cannot provision files to web server")
202 206
207
203 forM_ wantedCertSpecs $ \spec -> do 208 forM_ wantedCertSpecs $ \spec -> do
204 209
205 let terms = defaultTerms 210 let terms = defaultTerms
206 directoryUrl = if updateStaging then stagingDirectoryUrl else liveDirectoryUrl 211 directoryUrl = if updateStaging then stagingDirectoryUrl else liveDirectoryUrl
207 email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) 212 email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
208 print =<< fetchCertificate directoryUrl terms email issuerCert spec
209 213
214 if updateDryRun
215 then putStrLn $ "Dry run; would have fetched certificate: " ++ show spec
216 else print =<< fetchCertificate directoryUrl terms email issuerCert spec
210 217
211 where 218 where
219 extractObject :: Config -> Object
220 extractObject (Config _ o) = o
221
222 wantUpdate :: String -> Bool
212 wantUpdate h = null updateHosts || isJust (find (== h) updateHosts) 223 wantUpdate h = null updateHosts || isJust (find (== h) updateHosts)
213 224
214 dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)] 225 dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)]
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 18:57:05 +0000