fixed readme section

2a96a501 · Max Adamo · 17fd31bf · 2a96a501 · 2a96a501 · 2a96a501
Unverified Commit 2a96a501 authored 2 years ago by Max Adamo
--- a/README.md
+++ b/README.md
@@ -43,8 +43,8 @@ Options:
  --vault-token=VAULTTOKEN                      Vault access token
  --cert-name=CERTNAME                          Certificate name
  --team-name=TEAMNAME                          Team name: swd, it, ne, ti,...
+  --type=TYPE                                   Type, EV or OV
  --days=DAYS                                   Days before expiration [default: 30]
-  --type=TYPE                                   Type, EV or OV [default: EV]
  --cert-destination=CERTDESTINATION            Cert Destination [default: /etc/ssl/certs/<cert-name>.crt]
  --fullchain-destination=FULLCHAINDESTINATION  Full Chain Destination[default: /etc/ssl/certs/<cert-name>_fullchain.crt]
  --key-destination=KEYDESTINATION              Key Destination [default: /etc/ssl/private/<cert-name>.key]

--- a/acme-downloader.sh
+++ b/acme-downloader.sh
@@ -87,8 +87,8 @@ usage() {
    echo "    --vault-token (Vault access token)"
    echo "    --cert-name (Certificate name)"
    echo "    --team-name (Team name: swd, it, neteng, nmaas ...)"
+    echo "    --type (OV or EV)"
    echo "    --days [OPTIONAL check days before expiration. Default: 30)"
-    echo "    --type [OPTIONAL. OV or EV. Default: EV]"
    echo "    --cert-destination [OPTIONAL Default: ${CERT_BASE}/<cert-name>.crt]"
    echo "    --fullchain-destination [OPTIONAL Default: ${CERT_BASE}/<cert-name>_fullchain.crt]"
    echo "    --key-destination [OPTIONAL Default: ${KEY_BASE}/<cert-name>.key]"
@@ -189,17 +189,21 @@ if [[ -n $UPDATE ]]; then
    clean_up $UPDATE_STATUS
 fi

-if [[ -z $REDIS_TOKEN ]] || [[ -z $VAULT_TOKEN ]] || [[ -z $CERT_NAME ]] || [[ -z $TEAM_NAME ]]; then
-    echo -e "\n--redis-token, --vault-token, --cert-name and --team-name are mandatory\n"
+if [[ -z $REDIS_TOKEN ]] || [[ -z $VAULT_TOKEN ]] || [[ -z $CERT_NAME ]] || [[ -z $TEAM_NAME ]] || [[ -z $TYPE ]]; then
+    echo -e "\n--redis-token, --vault-token, --cert-name, --team-name and --type are mandatory\n"
    usage
 fi

-TYPE=$(echo $TYPE | tr '[:lower:]' '[:upper:]')
-[[ -z $TYPE ]] && TYPE="EV" # let's default to EV type
+# [[ -z $TYPE ]] && TYPE="EV" # let's default to EV type
 if [[ $TYPE != "EV" ]] && [[ $TYPE != "OV" ]]; then
    echo "type must be either EV, ev, OV, ov"
    usage
 fi
+
+type=$(echo $TYPE | tr '[:upper:]' '[:lower:]')
+TYPE=$(echo $TYPE | tr '[:lower:]' '[:upper:]')
+PROVIDER="sectigo_${type}"
+
 if [[ -z $WILDCARD ]]; then
    MODIFIED_CERT_NAME=$CERT_NAME
 else
@@ -222,23 +226,25 @@ if openssl x509 -checkend $MINUTES -noout -in $FULLCHAIN_DESTINATION &>/dev/null
 fi

 # download certificates and delete the last empty line if it exists and remove the first line from Webdis
+CERTNAME_PREFIX="${PROVIDER}_${UNDERSCORED_CERT_NAME}"
+WILDCARD_CERTNAME_PREFIX="${PROVIDER}_wildcard_${UNDERSCORED_CERT_NAME}"
+
 if [[ -z $WILDCARD ]]; then
-    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${UNDERSCORED_CERT_NAME}_pem.txt >$TMP_CERT
-    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${UNDERSCORED_CERT_NAME}_fullchain_pem.txt >$TMP_FULLCHAIN
-    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${UNDERSCORED_CERT_NAME}_chain_pem.txt >$TMP_CA
-    curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/${CERT_NAME}/vault_${UNDERSCORED_CERT_NAME}_key | jq -j .data.value >$TMP_KEY
+    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${CERTNAME_PREFIX}_pem.txt >$TMP_CERT
+    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${CERTNAME_PREFIX}_fullchain_pem.txt >$TMP_FULLCHAIN
+    curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${CERTNAME_PREFIX}_chain_pem.txt >$TMP_CA
+    curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/${CERT_NAME}/vault_${CERTNAME_PREFIX}_key | jq -j .data.value >$TMP_KEY
 else
-    if [[ "$TEAM_NAME" == "puppet" ]]; then
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_pem.txt >$TMP_CERT
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_fullchain_pem.txt >$TMP_FULLCHAIN
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_chain_pem.txt >$TMP_CA
-        curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/common/vault_sectigo_ov_wildcard_${UNDERSCORED_CERT_NAME}_key | jq -j .data.value >$TMP_KEY
+    if [[ "$TEAM_NAME" == "puppet" ]]; then  # TLD Wildcard
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_${WILDCARD_CERTNAME_PREFIX}_pem.txt >$TMP_CERT
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_${WILDCARD_CERTNAME_PREFIX}_fullchain_pem.txt >$TMP_FULLCHAIN
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:common:redis_${WILDCARD_CERTNAME_PREFIX}_chain_pem.txt >$TMP_CA
+        curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/common/vault_${WILDCARD_CERTNAME_PREFIX}_key | jq -j .data.value >$TMP_KEY
    else
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_pem.txt >$TMP_CERT
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_fullchain_pem.txt >$TMP_FULLCHAIN
-        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_sectigo_ov_${UNDERSCORED_CERT_NAME}_chain_pem.txt >$TMP_CA
-        curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/${CERT_NAME}/vault_sectigo_ov_wildcard_${UNDERSCORED_CERT_NAME}_key | jq -j .data.value >$TMP_KEY
-        echo "curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${CERT_NAME}/${TEAM_NAME}/vault_sectigo_ov_wildcard_${UNDERSCORED_CERT_NAME}_key"
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${WILDCARD_CERTNAME_PREFIX}_pem.txt >$TMP_CERT
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${WILDCARD_CERTNAME_PREFIX}_fullchain_pem.txt >$TMP_FULLCHAIN
+        curl -s -u redis:$REDIS_TOKEN ${REDIS_URL}/${TEAM_NAME}:${CERT_NAME}:redis_${WILDCARD_CERTNAME_PREFIX}_chain_pem.txt >$TMP_CA
+        curl -s -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_URL}/${TEAM_NAME}/${CERT_NAME}/vault_${WILDCARD_CERTNAME_PREFIX}_key | jq -j .data.value >$TMP_KEY
    fi
 fi


--- a/build-bash.sh
+++ b/build-bash.sh
@@ -2,6 +2,17 @@
 #
 # upload a copy of the script with version number and buildtime
 #
+# == Example
+#
+# git checkout master  # make your changes ...
+# git commit "my new change"
+# git push
+# git tag v1.2.3
+# git pushall-tags
+#
+# And DO NOT RUN THIS SCRIPT. Just push and the CI will
+# take care of running the script and uploading the artifact
+#
 if [ "$#" -gt 0 ]; then
    PROG_VERSION=$1
 else