diff options
| author | Francis Lavoie <[email protected]> | 2023-03-27 17:16:22 -0400 |
|---|---|---|
| committer | GitHub <[email protected]> | 2023-03-27 21:16:22 +0000 |
| commit | e16a886814d8cd43d545de38a4d6b98313fb31cb (patch) | |
| tree | aa0981ae0fe74b486b9a85c57968385aca5a349a /modules/caddytls/automation.go | |
| parent | dd86171d6723f6ebc0ddef39174b2c8d1f911f64 (diff) | |
| download | caddy-e16a886814d8cd43d545de38a4d6b98313fb31cb.tar.gz caddy-e16a886814d8cd43d545de38a4d6b98313fb31cb.zip | |
caddytls: Eval replacer on automation policy subjects (#5459)
Also renamed the field to SubjectsRaw, which can be considered a breaking change but I don't expect this to affect much.
Diffstat (limited to 'modules/caddytls/automation.go')
| -rw-r--r-- | modules/caddytls/automation.go | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 1cfb28c3e..58ffe4cb5 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -85,7 +85,7 @@ type AutomationConfig struct { // TLS app to properly provision a new policy. type AutomationPolicy struct { // Which subjects (hostnames or IP addresses) this policy applies to. - Subjects []string `json:"subjects,omitempty"` + SubjectsRaw []string `json:"subjects,omitempty"` // The modules that may issue certificates. Default: internal if all // subjects do not qualify for public certificates; othewise acme and @@ -147,12 +147,21 @@ type AutomationPolicy struct { Issuers []certmagic.Issuer `json:"-"` Managers []certmagic.Manager `json:"-"` - magic *certmagic.Config - storage certmagic.Storage + subjects []string + magic *certmagic.Config + storage certmagic.Storage } // Provision sets up ap and builds its underlying CertMagic config. func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { + // replace placeholders in subjects to allow environment variables + repl := caddy.NewReplacer() + subjects := make([]string, len(ap.SubjectsRaw)) + for i, sub := range ap.SubjectsRaw { + subjects[i] = repl.ReplaceAll(sub, "") + } + ap.subjects = subjects + // policy-specific storage implementation if ap.StorageRaw != nil { val, err := tlsApp.ctx.LoadModule(ap, "StorageRaw") @@ -289,6 +298,11 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { return nil } +// Subjects returns the list of subjects with all placeholders replaced. +func (ap *AutomationPolicy) Subjects() []string { + return ap.subjects +} + func (ap *AutomationPolicy) onlyInternalIssuer() bool { if len(ap.Issuers) != 1 { return false @@ -301,10 +315,10 @@ func (ap *AutomationPolicy) onlyInternalIssuer() bool { // or is the "default" policy (i.e. no subjects) which is unbounded. func (ap *AutomationPolicy) isWildcardOrDefault() bool { isWildcardOrDefault := false - if len(ap.Subjects) == 0 { + if len(ap.subjects) == 0 { isWildcardOrDefault = true } - for _, sub := range ap.Subjects { + for _, sub := range ap.subjects { if strings.HasPrefix(sub, "*") { isWildcardOrDefault = true break |