From 926b82b2d5258c764231ecdaea87b8153e8f499b Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Tue, 20 Aug 2024 15:12:19 +0530
Subject: [PATCH] feat: introduce tls_file_mapper

---
 press/playbooks/roles/agent/tasks/main.yml     |  7 +++++++
 .../analytics_server/analytics_server.py       |  1 +
 .../doctype/database_server/database_server.py |  1 +
 press/press/doctype/log_server/log_server.py   |  1 +
 .../doctype/monitor_server/monitor_server.py   |  1 +
 .../press/doctype/proxy_server/proxy_server.py |  1 +
 .../doctype/registry_server/registry_server.py |  1 +
 press/press/doctype/server/server.py           |  1 +
 .../doctype/tls_certificate/tls_certificate.py | 18 ++++++++++++++++++
 .../press/doctype/trace_server/trace_server.py |  1 +
 10 files changed, 33 insertions(+)

diff --git a/press/playbooks/roles/agent/tasks/main.yml b/press/playbooks/roles/agent/tasks/main.yml
index 54af16600bd..5f60163336b 100644
--- a/press/playbooks/roles/agent/tasks/main.yml
+++ b/press/playbooks/roles/agent/tasks/main.yml
@@ -138,6 +138,13 @@
     content: '{{ certificate_intermediate_chain }}'
     dest: /home/frappe/agent/tls/chain.pem
 
+- name: Setup TLS Mapper
+  become: yes
+  become_user: frappe
+  copy:
+    content: '{{ certificate_file_mapper }}'
+    dest: /home/frappe/agent/tls/tls_file_mapper.json
+
 - name: Setup Agent NGINX
   become: yes
   become_user: frappe
diff --git a/press/press/doctype/analytics_server/analytics_server.py b/press/press/doctype/analytics_server/analytics_server.py
index 5e438bb671f..6d51de23be4 100644
--- a/press/press/doctype/analytics_server/analytics_server.py
+++ b/press/press/doctype/analytics_server/analytics_server.py
@@ -94,6 +94,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/database_server/database_server.py b/press/press/doctype/database_server/database_server.py
index ece8aff2fa0..6018a484c5c 100644
--- a/press/press/doctype/database_server/database_server.py
+++ b/press/press/doctype/database_server/database_server.py
@@ -376,6 +376,7 @@ def _setup_server(self):
 					"certificate_private_key": config.certificate.private_key,
 					"certificate_full_chain": config.certificate.full_chain,
 					"certificate_intermediate_chain": config.certificate.intermediate_chain,
+					"certificate_file_mapper": config.certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/log_server/log_server.py b/press/press/doctype/log_server/log_server.py
index 13b1b4c703c..ee536b64756 100644
--- a/press/press/doctype/log_server/log_server.py
+++ b/press/press/doctype/log_server/log_server.py
@@ -73,6 +73,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/monitor_server/monitor_server.py b/press/press/doctype/monitor_server/monitor_server.py
index 69927bb7d3a..056213e9f69 100644
--- a/press/press/doctype/monitor_server/monitor_server.py
+++ b/press/press/doctype/monitor_server/monitor_server.py
@@ -119,6 +119,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/proxy_server/proxy_server.py b/press/press/doctype/proxy_server/proxy_server.py
index da2c4ce2c81..7193b22b2eb 100644
--- a/press/press/doctype/proxy_server/proxy_server.py
+++ b/press/press/doctype/proxy_server/proxy_server.py
@@ -163,6 +163,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 					"press_url": frappe.utils.get_url(),
 				},
 			)
diff --git a/press/press/doctype/registry_server/registry_server.py b/press/press/doctype/registry_server/registry_server.py
index 13bc5f4fb25..585e797d3b4 100644
--- a/press/press/doctype/registry_server/registry_server.py
+++ b/press/press/doctype/registry_server/registry_server.py
@@ -80,6 +80,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/server/server.py b/press/press/doctype/server/server.py
index 6d1cb6a1d7c..1634cd4bfc5 100644
--- a/press/press/doctype/server/server.py
+++ b/press/press/doctype/server/server.py
@@ -1340,6 +1340,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()
diff --git a/press/press/doctype/tls_certificate/tls_certificate.py b/press/press/doctype/tls_certificate/tls_certificate.py
index 1ad174dc2b8..b9929b0c086 100644
--- a/press/press/doctype/tls_certificate/tls_certificate.py
+++ b/press/press/doctype/tls_certificate/tls_certificate.py
@@ -257,6 +257,24 @@ def _trigger_callbacks(self):
 			self.trigger_server_tls_setup_callback()
 			self._update_secondary_wildcard_domains()
 
+	@property
+	def tls_file_mapper(self):
+		if self.intermediate_chain:
+			return """
+			{
+				"ssl_certificate": "fullchain.pem",
+				"ssl_certificate_key": "privkey.pem",
+				"ssl_trusted_certificate": "chain.pem"
+			}
+			"""
+		else:
+			return """
+			{
+				"ssl_certificate": "cert.pem",
+				"ssl_certificate_key": "privkey.pem"
+			}
+			"""
+
 
 get_permission_query_conditions = get_permission_query_conditions_for_doctype(
 	"TLS Certificate"
diff --git a/press/press/doctype/trace_server/trace_server.py b/press/press/doctype/trace_server/trace_server.py
index 740e27b6170..2c3902dffc3 100644
--- a/press/press/doctype/trace_server/trace_server.py
+++ b/press/press/doctype/trace_server/trace_server.py
@@ -94,6 +94,7 @@ def _setup_server(self):
 					"certificate_private_key": certificate.private_key,
 					"certificate_full_chain": certificate.full_chain,
 					"certificate_intermediate_chain": certificate.intermediate_chain,
+					"certificate_file_mapper": certificate.tls_file_mapper,
 				},
 			)
 			play = ansible.run()