From c127903127077ac4ed515a0ed28cfac6384e88f4 Mon Sep 17 00:00:00 2001
From: Benoit Garret <benoit.garret@gadz.org>
Date: Tue, 27 Apr 2021 16:03:40 +0200
Subject: [PATCH] Add Consul deploy hook

---
 deploy/consul.sh | 98 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 deploy/consul.sh

diff --git a/deploy/consul.sh b/deploy/consul.sh
new file mode 100644
index 00000000..97aad380
--- /dev/null
+++ b/deploy/consul.sh
@@ -0,0 +1,98 @@
+#!/usr/bin/env sh
+
+# Here is a script to deploy cert to hashicorp consul using curl
+# (https://www.consul.io/)
+#
+# it requires following environment variables:
+#
+# CONSUL_PREFIX - this contains the prefix path in consul
+# CONSUL_HTTP_ADDR - consul requires this to find your consul server
+#
+# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
+# to access the consul server
+
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+consul_deploy() {
+
+	_cdomain="$1"
+	_ckey="$2"
+	_ccert="$3"
+	_cca="$4"
+	_cfullchain="$5"
+
+	_debug _cdomain "$_cdomain"
+	_debug _ckey "$_ckey"
+	_debug _ccert "$_ccert"
+	_debug _cca "$_cca"
+	_debug _cfullchain "$_cfullchain"
+
+	# validate required env vars
+	_getdeployconf CONSUL_PREFIX
+	if [ -z "$CONSUL_PREFIX" ]; then
+		_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
+		return 1
+	fi
+	_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
+
+	_getdeployconf CONSUL_HTTP_ADDR
+	if [ -z "$CONSUL_HTTP_ADDR" ]; then
+		_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
+		return 1
+	fi
+	_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
+
+	CONSUL_CMD=$(command -v consul)
+
+	# force CLI, but the binary does not exist => error
+	if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
+		_err "Cannot find the consul binary!"
+		return 1
+	fi
+
+	# use the CLI first
+	if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
+		_info "Found consul binary, deploying with CLI"
+		consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
+	else
+		_info "Did not find consul binary, deploying with API"
+		consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
+	fi
+}
+
+consul_deploy_api() {
+	CONSUL_HTTP_ADDR="$1"
+	CONSUL_PREFIX="$2"
+	CONSUL_HTTP_TOKEN="$3"
+
+	URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
+	export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
+
+	if [ -n "$FABIO" ]; then
+		_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
+		_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
+	else
+		_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
+		_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
+		_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
+		_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
+	fi
+}
+
+consul_deploy_cli() {
+	CONSUL_CMD="$1"
+	CONSUL_PREFIX="$2"
+
+	if [ -n "$FABIO" ]; then
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
+	else
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
+		$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
+	fi
+}