42 lines
1.4 KiB
Bash
42 lines
1.4 KiB
Bash
|
|
#!/bin/bash
|
||
|
|
# Shared TLS op-level hook methods — sourced by generated run-*.sh scripts.
|
||
|
|
# Requires TLS_HOOK_* env vars exported by env-<name> (see tls-hook section in env-*.j2).
|
||
|
|
# Depends on _lib_* functions from gateway-tls.sh (sourced here as fallback).
|
||
|
|
|
||
|
|
# shellcheck source=gateway-tls.sh
|
||
|
|
[ -f "${SCRIPT_DIR}/lib/gateway-tls.sh" ] && source "${SCRIPT_DIR}/lib/gateway-tls.sh"
|
||
|
|
|
||
|
|
_method_create-cf-secret() {
|
||
|
|
[ -f "${SCRIPT_DIR}/_credentials.env" ] && set -a \
|
||
|
|
&& source "${SCRIPT_DIR}/_credentials.env" && set +a
|
||
|
|
if [ -z "${TLS_HOOK_CF_SECRET_NAME:-}" ]; then
|
||
|
|
echo " [error] TLS_HOOK_CF_SECRET_NAME not set — missing tls-hook vars in env file" >&2
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
local env_key="CF_TOKEN_$(echo "${TLS_HOOK_CF_SECRET_NAME}" \
|
||
|
|
| tr '[:lower:]' '[:upper:]' | tr '-' '_')"
|
||
|
|
local cf_token="${!env_key:-}"
|
||
|
|
if [ -z "$cf_token" ]; then
|
||
|
|
echo " [error] CF token not found — expected env var: ${env_key}" >&2
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
_lib_create_cf_secret "${TLS_HOOK_CF_SECRET_NAME}" "$cf_token"
|
||
|
|
}
|
||
|
|
|
||
|
|
_method_patch-gateway-https() {
|
||
|
|
_lib_gateway_patch_https \
|
||
|
|
"${TLS_HOOK_GATEWAY_NAME:-libre-wuji}" \
|
||
|
|
"${TLS_HOOK_GATEWAY_NS:-kube-system}" \
|
||
|
|
"${TLS_HOOK_LISTENER_NAME}" \
|
||
|
|
"${TLS_HOOK_DOMAIN}" \
|
||
|
|
"${TLS_HOOK_TLS_SECRET}" \
|
||
|
|
"${TLS_HOOK_NAMESPACE}"
|
||
|
|
}
|
||
|
|
|
||
|
|
_method_remove-gateway-https() {
|
||
|
|
_lib_gateway_remove_https \
|
||
|
|
"${TLS_HOOK_GATEWAY_NAME:-libre-wuji}" \
|
||
|
|
"${TLS_HOOK_GATEWAY_NS:-kube-system}" \
|
||
|
|
"${TLS_HOOK_LISTENER_NAME}"
|
||
|
|
}
|