From b8482cf51c2154ccffc2357b73ee5eb4c65a1240 Mon Sep 17 00:00:00 2001 From: erik Date: Wed, 12 Oct 2022 09:58:56 +0200 Subject: [PATCH] [Skip-Ci] WIP Add generalized cert gen --- src/main/cljc/dda/c4k_website/website.cljc | 22 +++++++------------ src/main/resources/website/certificate.yaml | 16 ++++++++++++++ .../resources/website/single-certificate.yaml | 4 ++-- valid-config.edn | 2 +- 4 files changed, 27 insertions(+), 17 deletions(-) create mode 100644 src/main/resources/website/certificate.yaml diff --git a/src/main/cljc/dda/c4k_website/website.cljc b/src/main/cljc/dda/c4k_website/website.cljc index f8f3b7f..76f444b 100644 --- a/src/main/cljc/dda/c4k_website/website.cljc +++ b/src/main/cljc/dda/c4k_website/website.cljc @@ -42,12 +42,12 @@ (st/replace fqdn #"\." "-")) (defn generate-service-name - [name] - (str (unique-name-from-fqdn name) "-service")) + [uname] + (str (unique-name-from-fqdn uname) "-service")) (defn generate-cert-name - [name] - (str (unique-name-from-fqdn name) "-cert")) + [uname] + (str (unique-name-from-fqdn uname) "-cert")) ; ToDo: Move to common? (defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq? @@ -165,17 +165,11 @@ (defn generate-website-certificate [config] - (let [{:keys [uname fqdns issuer] - :or {issuer "staging"}} config - fqdn (first fqdns) - spec-dnsNames [:spec :dnsNames] - letsencrypt-issuer (name issuer) - cert-name (generate-cert-name uname)] + (let [{:keys [fqdns]} config + spec-dnsNames [:spec :dnsNames]] (-> - (yaml/load-as-edn "website/certificate.yaml") - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name) - (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) + (generate-common-certificate config) + (assoc-in spec-dnsNames fqdns)))) (defn-spec generate-single-certificate pred/map-or-seq? [config config?] diff --git a/src/main/resources/website/certificate.yaml b/src/main/resources/website/certificate.yaml new file mode 100644 index 0000000..5f60906 --- /dev/null +++ b/src/main/resources/website/certificate.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: CERTNAME + namespace: default +spec: + secretName: CERTNAME + commonName: FQDN + duration: 2160h # 90d + renewBefore: 360h # 15d + dnsNames: + - FQDN + issuerRef: + name: staging + kind: ClusterIssuer + \ No newline at end of file diff --git a/src/main/resources/website/single-certificate.yaml b/src/main/resources/website/single-certificate.yaml index 4495833..5f60906 100644 --- a/src/main/resources/website/single-certificate.yaml +++ b/src/main/resources/website/single-certificate.yaml @@ -1,10 +1,10 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: NAME-cert + name: CERTNAME namespace: default spec: - secretName: NAME-cert + secretName: CERTNAME commonName: FQDN duration: 2160h # 90d renewBefore: 360h # 15d diff --git a/valid-config.edn b/valid-config.edn index 905e23b..f27fc00 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -7,7 +7,7 @@ {:issuer "staging" :websites - [{:name "meissa.io" + [{:uname "meissa.io" :fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de" "www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"] :gitea-host "repo.prod.meissa.de"