feat: introduce tls_file_mapper

frappe · Aug 20, 2024 · 926b82b · 926b82b
1 parent 7a6f0b2
commit 926b82b
Show file tree

Hide file tree

Showing 10 changed files with 33 additions and 0 deletions.
diff --git a/press/playbooks/roles/agent/tasks/main.yml b/press/playbooks/roles/agent/tasks/main.yml
@@ -138,6 +138,13 @@
     content: '{{ certificate_intermediate_chain }}'
     dest: /home/frappe/agent/tls/chain.pem
 
+- name: Setup TLS Mapper
+  become: yes
+  become_user: frappe
+  copy:
+    content: '{{ certificate_file_mapper }}'
+    dest: /home/frappe/agent/tls/tls_file_mapper.json
+
 - name: Setup Agent NGINX
   become: yes
   become_user: frappe

diff --git a/press/press/doctype/analytics_server/analytics_server.py b/press/press/doctype/analytics_server/analytics_server.py
@@ -94,6 +94,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/database_server/database_server.py b/press/press/doctype/database_server/database_server.py
@@ -376,6 +376,7 @@ def _setup_server(self):
 					"certificate_private_key": config.certificate.private_key,
 					"certificate_full_chain": config.certificate.full_chain,
 					"certificate_intermediate_chain": config.certificate.intermediate_chain,
+					"certificate_file_mapper": config.certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/log_server/log_server.py b/press/press/doctype/log_server/log_server.py
@@ -73,6 +73,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/monitor_server/monitor_server.py b/press/press/doctype/monitor_server/monitor_server.py
@@ -119,6 +119,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/proxy_server/proxy_server.py b/press/press/doctype/proxy_server/proxy_server.py
@@ -163,6 +163,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 					"press_url": frappe.utils.get_url(),
 				},
 			)

diff --git a/press/press/doctype/registry_server/registry_server.py b/press/press/doctype/registry_server/registry_server.py
@@ -80,6 +80,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/server/server.py b/press/press/doctype/server/server.py
@@ -1340,6 +1340,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()

diff --git a/press/press/doctype/tls_certificate/tls_certificate.py b/press/press/doctype/tls_certificate/tls_certificate.py
@@ -257,6 +257,24 @@ def _trigger_callbacks(self):
 			self.trigger_server_tls_setup_callback()
 			self._update_secondary_wildcard_domains()
 
+	@property
+	def tls_file_mapper(self):
+		if self.intermediate_chain:
+			return """
+			{
+				"ssl_certificate": "fullchain.pem",
+				"ssl_certificate_key": "privkey.pem",
+				"ssl_trusted_certificate": "chain.pem"
+			}
+			"""
+		else:
+			return """
+			{
+				"ssl_certificate": "cert.pem",
+				"ssl_certificate_key": "privkey.pem"
+			}
+			"""
+
 
 get_permission_query_conditions = get_permission_query_conditions_for_doctype(
 	"TLS Certificate"

diff --git a/press/press/doctype/trace_server/trace_server.py b/press/press/doctype/trace_server/trace_server.py
@@ -94,6 +94,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()