diff --git a/files/geant_acme_uploader.py b/files/geant_acme_uploader.py index d44fe7bc672dff5a63b4867104d661e487d279ec..30d97374f08cfb9e63afa98f0830dd85bd17190e 100755 --- a/files/geant_acme_uploader.py +++ b/files/geant_acme_uploader.py @@ -130,7 +130,7 @@ if __name__ == "__main__": ARGS = docopt(__doc__) DOMAIN = ARGS['--domain'] if ARGS['--wildcard']: - CLIENT = 'common' + CLIENT = ['common'] WILDCARD = 'wildcard_' else: CLIENT = ARGS['--client'] @@ -166,36 +166,38 @@ if __name__ == "__main__": print('could not access {}: giving up...'.format(KEYPATH)) os.sys.exit(1) - # upload certificates to Redis - for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']: - certpath = os.path.join(BASEDIR, DOMAIN, certname) - with open(certpath, 'r') as certfile: - certdata_local = certfile.read() - domain_underscored = DOMAIN.replace('.', '_') - certname_renamed = certname.replace( - 'cert.pem', 'pem').replace('.', '_') - redis_full_path = '{}:redis_{}_{}'.format( - CLIENT, domain_underscored, certname_renamed) - certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path) - - if certdata_local != certdata_upstream: - print('uploading to Redis: {}'.format(redis_full_path)) - redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_local) + + for CLIENT_ITEM in CLIENT: + # upload certificates to Redis + for certname in ['cert.pem', 'chain.pem', 'fullchain.pem']: + certpath = os.path.join(BASEDIR, DOMAIN, certname) + with open(certpath, 'r') as certfile: + certdata_local = certfile.read() + domain_underscored = DOMAIN.replace('.', '_') + certname_renamed = certname.replace( + 'cert.pem', 'pem').replace('.', '_') + redis_full_path = '{}:redis_{}_{}'.format( + CLIENT_ITEM, domain_underscored, certname_renamed) + certdata_upstream = redis_download(REDIS_HOST, REDIS_TOKEN, redis_full_path) + + if certdata_local != certdata_upstream: + print('uploading to Redis: {}'.format(redis_full_path)) + redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, certdata_local) + else: + print('redis key {} did not change: skipping'.format(redis_full_path)) + + # upload key to Vault + with open(KEYPATH, 'r') as keyfile: + KEYDATA_LOCAL = keyfile.read() + DOMAIN_UNDERSCORED = DOMAIN.replace('.', '_') + VAULT_FULL_PATH = 'puppet/{}/vault_{}{}_key'.format( + CLIENT_ITEM, WILDCARD, DOMAIN_UNDERSCORED) + KEYDATA_UPSTREAM = vault_dowload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH) + + if KEYDATA_LOCAL != KEYDATA_UPSTREAM: + print('uploading to Vault: {}'.format(VAULT_FULL_PATH)) + vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, KEYDATA_LOCAL) else: - print('redis key {} did not change: skipping'.format(redis_full_path)) - - # upload key to Vault - with open(KEYPATH, 'r') as keyfile: - KEYDATA_LOCAL = keyfile.read() - DOMAIN_UNDERSCORED = DOMAIN.replace('.', '_') - VAULT_FULL_PATH = 'puppet/{}/vault_{}{}_key'.format( - CLIENT, WILDCARD, DOMAIN_UNDERSCORED) - KEYDATA_UPSTREAM = vault_dowload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH) - - if KEYDATA_LOCAL != KEYDATA_UPSTREAM: - print('uploading to Vault: {}'.format(VAULT_FULL_PATH)) - vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, KEYDATA_LOCAL) - else: - print('vault key {} did not change: skipping'.format(VAULT_FULL_PATH)) + print('vault key {} did not change: skipping'.format(VAULT_FULL_PATH)) redis_save(REDIS_HOST, REDIS_TOKEN)