diff options
author | Andrew Cady <d@jerkface.net> | 2016-04-10 17:03:09 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-04-10 17:03:15 -0400 |
commit | b059ac7e511c91a855d1bb56d0d7e2d2167d5d61 (patch) | |
tree | 6526dfda5c5d9a06b8329e7be9553858a41603bd | |
parent | 35fcdaac9e340014110837ccb2f8de4a5f653980 (diff) |
Add option "--dry-run" to command "update"
-rw-r--r-- | acme-certify.hs | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 14c4b70..3944e2a 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -91,7 +91,9 @@ data CertifyOpts = CertifyOpts { | |||
91 | data UpdateOpts = UpdateOpts { | 91 | data UpdateOpts = UpdateOpts { |
92 | updateConfigFile :: Maybe FilePath, | 92 | updateConfigFile :: Maybe FilePath, |
93 | updateHosts :: [String], | 93 | updateHosts :: [String], |
94 | updateStaging :: Bool | 94 | updateStaging :: Bool, |
95 | updateDryRun :: Bool, | ||
96 | updateDoPrivisionCheck :: Bool | ||
95 | } | 97 | } |
96 | 98 | ||
97 | instance Show HttpProvisioner where | 99 | instance Show HttpProvisioner where |
@@ -114,12 +116,24 @@ updateOpts = fmap Update $ | |||
114 | metavar "FILENAME" <> | 116 | metavar "FILENAME" <> |
115 | help "location of YAML configuration file")) | 117 | help "location of YAML configuration file")) |
116 | <*> many (argument str (metavar "HOSTS")) | 118 | <*> many (argument str (metavar "HOSTS")) |
119 | <*> stagingSwitch | ||
117 | <*> switch | 120 | <*> switch |
118 | (long "staging" <> help | 121 | (long "dry-run" <> help |
119 | (unwords | 122 | (unwords |
120 | [ "Use staging servers instead of live servers" | 123 | [ "Do not fetch any certificates; only tests" |
121 | , "(generated certificates will not be trusted!)" | 124 | , "configuration file and http provisioning" |
122 | ])) | 125 | ])) |
126 | <*> pure True | ||
127 | |||
128 | -- TODO: global options | ||
129 | stagingSwitch :: Parser Bool | ||
130 | stagingSwitch = | ||
131 | switch | ||
132 | (long "staging" <> help | ||
133 | (unwords | ||
134 | [ "Use staging servers instead of live servers" | ||
135 | , "(generated certificates will not be trusted!)" | ||
136 | ])) | ||
123 | 137 | ||
124 | certifyOpts :: Parser Command | 138 | certifyOpts :: Parser Command |
125 | certifyOpts = fmap Certify $ | 139 | certifyOpts = fmap Certify $ |
@@ -150,12 +164,7 @@ certifyOpts = fmap Certify $ | |||
150 | <*> optional (strOption (long "terms" <> metavar "URL" <> | 164 | <*> optional (strOption (long "terms" <> metavar "URL" <> |
151 | help "The terms param of the registration request")) | 165 | help "The terms param of the registration request")) |
152 | <*> switch (long "skip-dhparams" <> help "Don't generate DH params for combined cert") | 166 | <*> switch (long "skip-dhparams" <> help "Don't generate DH params for combined cert") |
153 | <*> switch | 167 | <*> stagingSwitch |
154 | (long "staging" <> help | ||
155 | (unwords | ||
156 | [ "Use staging servers instead of live servers" | ||
157 | , "(generated certificates will not be trusted!)" | ||
158 | ])) | ||
159 | <*> switch | 168 | <*> switch |
160 | (long "skip-provision-check" <> help | 169 | (long "skip-provision-check" <> help |
161 | (unwords | 170 | (unwords |
@@ -163,11 +172,6 @@ certifyOpts = fmap Certify $ | |||
163 | , "making ACME requests" | 172 | , "making ACME requests" |
164 | ])) | 173 | ])) |
165 | 174 | ||
166 | -- lookup' :: (Monad m, FromJSON a) => Config.Key -> Config -> m a | ||
167 | |||
168 | extractObject :: Config -> Object | ||
169 | extractObject (Config _ o) = o | ||
170 | |||
171 | runUpdate :: UpdateOpts -> IO () | 175 | runUpdate :: UpdateOpts -> IO () |
172 | runUpdate UpdateOpts { .. } = do | 176 | runUpdate UpdateOpts { .. } = do |
173 | issuerCert <- readX509 letsEncryptX1CrossSigned | 177 | issuerCert <- readX509 letsEncryptX1CrossSigned |
@@ -195,20 +199,27 @@ runUpdate UpdateOpts { .. } = do | |||
195 | 199 | ||
196 | let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3) | 200 | let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3) |
197 | 201 | ||
198 | when True $ | 202 | when updateDoPrivisionCheck $ |
199 | forM_ wantedCertSpecs $ \spec -> | 203 | forM_ wantedCertSpecs $ \spec -> |
200 | forM_ (csDomains spec) $ uncurry canProvision >=> | 204 | forM_ (csDomains spec) $ uncurry canProvision >=> |
201 | (`unless` error "Error: cannot provision files to web server") | 205 | (`unless` error "Error: cannot provision files to web server") |
202 | 206 | ||
207 | |||
203 | forM_ wantedCertSpecs $ \spec -> do | 208 | forM_ wantedCertSpecs $ \spec -> do |
204 | 209 | ||
205 | let terms = defaultTerms | 210 | let terms = defaultTerms |
206 | directoryUrl = if updateStaging then stagingDirectoryUrl else liveDirectoryUrl | 211 | directoryUrl = if updateStaging then stagingDirectoryUrl else liveDirectoryUrl |
207 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) | 212 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) |
208 | print =<< fetchCertificate directoryUrl terms email issuerCert spec | ||
209 | 213 | ||
214 | if updateDryRun | ||
215 | then putStrLn $ "Dry run; would have fetched certificate: " ++ show spec | ||
216 | else print =<< fetchCertificate directoryUrl terms email issuerCert spec | ||
210 | 217 | ||
211 | where | 218 | where |
219 | extractObject :: Config -> Object | ||
220 | extractObject (Config _ o) = o | ||
221 | |||
222 | wantUpdate :: String -> Bool | ||
212 | wantUpdate h = null updateHosts || isJust (find (== h) updateHosts) | 223 | wantUpdate h = null updateHosts || isJust (find (== h) updateHosts) |
213 | 224 | ||
214 | dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)] | 225 | dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)] |