netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

security/acme-client: add ability to rerun automations, closes #1962

Browse Source
This commit is contained in:
Frank Wall
2020-08-12 16:40:41 +02:00
parent 9f8e5d263d
commit 54d70a667f
4 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php
+21 -1
View File
@@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2017-2019 Frank Wall
* Copyright (C) 2017-2020 Frank Wall
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
@@ -154,4 +154,24 @@ class CertificatesController extends ApiMutableModelControllerBase
}
return $result;
}
/**
* rerun automation for the certificate by uuid
* @param $uuid item unique id
* @return array status
*/
public function automationAction($uuid)
{
$result = array("result" => "failed");
$mdlAcme = new AcmeClient();
if ($uuid != null) {
$node = $mdlAcme->getNodeByReference('certificates.certificate.' . $uuid);
if ($node != null) {
$cert_id = $node->id;
$backend = new Backend();
$response = $backend->configdRun("acmeclient run-automation {$cert_id}");
}
}
return $result;
}
}
security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
+23 -1
View File
@@ -2,7 +2,7 @@
(Partially duplicates code from opnsense_bootgrid_plugin.js.)
Copyright (C) 2017 Frank Wall
Copyright (C) 2017-2020 Frank Wall
Copyright (C) 2015 Deciso B.V.
OPNsense® is Copyright © 2014-2015 by Deciso B.V.
All rights reserved.
@@ -48,6 +48,7 @@ POSSIBILITY OF SUCH DAMAGE.
sign:'/api/acmeclient/certificates/sign/',
revoke:'/api/acmeclient/certificates/revoke/',
removekey:'/api/acmeclient/certificates/removekey/',
automation:'/api/acmeclient/certificates/automation/',
};
var gridopt = {
@@ -61,6 +62,7 @@ POSSIBILITY OF SUCH DAMAGE.
return "<button type=\"button\" class=\"btn btn-xs btn-default command-edit\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-pencil\"></span></button> " +
"<button type=\"button\" class=\"btn btn-xs btn-default command-copy\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-clone\"></span></button>" +
"<button type=\"button\" class=\"btn btn-xs btn-default command-sign\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-repeat\"></span></button>" +
"<button type=\"button\" class=\"btn btn-xs btn-default command-automation\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-paper-plane\"></span></button>" +
"<button type=\"button\" class=\"btn btn-xs btn-default command-revoke\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-power-off\"></span></button>" +
"<button type=\"button\" class=\"btn btn-xs btn-default command-removekey\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-history\"></span></button>" +
"<button type=\"button\" class=\"btn btn-xs btn-default command-delete\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-trash-o\"></span></button>";
@@ -377,6 +379,26 @@ POSSIBILITY OF SUCH DAMAGE.
}
});
// run automation
// TODO: this should block other acme.sh actions
grid_certificates.find(".command-automation").on("click", function(e)
{
if (gridParams['automation'] != undefined) {
var uuid=$(this).data("row-id");
stdDialogConfirm('{{ lang._('Confirmation Required') }}',
'{{ lang._('Rerun all automations for the selected certificate?') }}',
'{{ lang._('Yes') }}', '{{ lang._('Cancel') }}', function() {
ajaxCall(url=gridParams['automation'] + uuid,
sendData={},callback=function(data,status){
// reload grid after sign
$("#"+gridId).bootgrid("reload");
});
});
} else {
console.log("[grid] action automation missing")
}
});
});
// Hide options that are irrelevant in this context.
security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+18 -1
View File
@@ -2,7 +2,7 @@
<?php
/*
* Copyright (C) 2017-2019 Frank Wall
* Copyright (C) 2017-2020 Frank Wall
* Copyright (C) 2015 Deciso B.V.
* Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
* Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
@@ -96,6 +96,10 @@ switch ($options["a"]) {
$result = cert_action_validator($options["c"]);
echo json_encode(array('status' => $result));
break;
case 'automation':
$result = cert_action_validator($options["c"]);
echo json_encode(array('status' => $result));
break;
default:
echo "ERROR: invalid argument specified\n";
log_error("invalid argument specified");
@@ -219,6 +223,19 @@ function cert_action_validator($opt_cert_id)
}
}
// Only run certificate automation
if ($options["a"] == "automation") {
// Check if the cert was successul issued
if (!empty((string)$certObj->statusCode) and (string)$certObj->statusCode == '200') {
log_error("AcmeClient: ready to run automation for certificate: " . (string)$certObj->name);
$restart_certs[] = $certObj;
} else {
log_error("AcmeClient: failed to run automation, certificate status not OK: " . (string)$certObj->name);
return(1);
}
break; // Stop after first match.
}
// Make sure we found the configured validation method
if ($ref_found == true) {
// Was a revocation requested?
security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf
+6
View File
@@ -71,6 +71,12 @@ parameters:
type:script
message:signing or renewing a certificate
[run-automation]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php -a automation -c
parameters:%s
type:script
message:running automations for a certificate
[cron-auto-renew]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php -a sign -A -C
parameters: