docker-mailserver/target/scripts/helpers
Brennan Kinney 1b1877f025
refactor: letsencrypt implicit location discovery (#2525)
* chore: Extract letsencrypt logic into methods

This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important).

As these methods should now return a string value, the `return 1` after a panic is now dropped.

* chore: Update comments

The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block.

* refactor: Defer most logic to helper/ssl.sh

The loop is no longer required, extraction is delegated to `_setup_ssl` now.

For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff.

`check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not.

Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`.

* fix: Correctly match wildcard results

Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`,  which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query.

Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result.

Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert.

* tests(letsencrypt): Enable remaining tests

These will now pass. Adjusted comments accordingly.

Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards).

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 22:52:50 +12:00
..
accounts.sh scripts: new log (#2493) 2022-03-21 07:07:52 +01:00
aliases.sh scripts: new log (#2493) 2022-03-21 07:07:52 +01:00
dns.sh Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
error.sh scripts: refactoring & miscellaneous small changes (#2499) 2022-03-26 10:17:08 +01:00
index.sh Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
lock.sh scripts: refactored scripts located under target/bin/ (#2500) 2022-03-26 09:30:09 +01:00
log.sh log/scripts: introduce proper log level fallback and env getter function (#2506) 2022-04-05 17:10:01 +02:00
network.sh Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
postfix.sh Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
relay.sh scripts: new log (#2493) 2022-03-21 07:07:52 +01:00
sasl.sh Rename config examples directory (#2438) 2022-03-02 22:54:14 +00:00
ssl.sh refactor: letsencrypt implicit location discovery (#2525) 2022-04-18 22:52:50 +12:00
utils.sh log/scripts: introduce proper log level fallback and env getter function (#2506) 2022-04-05 17:10:01 +02:00