mirror of
https://github.com/go-acme/lego.git
synced 2025-07-16 20:04:18 +02:00
feat: add hook-timeout to run and renew commands (#2389)
Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
This commit is contained in:
bossm8
GitHub
@ -25,6 +25,7 @@ const (
|
|||||||
flgARIWaitToRenewDuration = "ari-wait-to-renew-duration"
|
flgARIWaitToRenewDuration = "ari-wait-to-renew-duration"
|
||||||
flgReuseKey = "reuse-key"
|
flgReuseKey = "reuse-key"
|
||||||
flgRenewHook = "renew-hook"
|
flgRenewHook = "renew-hook"
|
||||||
|
flgRenewHookTimeout = "renew-hook-timeout"
|
||||||
flgNoRandomSleep = "no-random-sleep"
|
flgNoRandomSleep = "no-random-sleep"
|
||||||
flgForceCertDomains = "force-cert-domains"
|
flgForceCertDomains = "force-cert-domains"
|
||||||
)
|
)
|
||||||
@ -109,6 +110,11 @@ func createRenew() *cli.Command {
|
|||||||
Name: flgRenewHook,
|
Name: flgRenewHook,
|
||||||
Usage: "Define a hook. The hook is executed only when the certificates are effectively renewed.",
|
Usage: "Define a hook. The hook is executed only when the certificates are effectively renewed.",
|
||||||
},
|
},
|
||||||
|
&cli.DurationFlag{
|
||||||
|
Name: flgRenewHookTimeout,
|
||||||
|
Usage: "Define the timeout for the hook execution.",
|
||||||
|
Value: 2 * time.Minute,
|
||||||
|
},
|
||||||
&cli.BoolFlag{
|
&cli.BoolFlag{
|
||||||
Name: flgNoRandomSleep,
|
Name: flgNoRandomSleep,
|
||||||
Usage: "Do not add a random sleep before the renewal." +
|
Usage: "Do not add a random sleep before the renewal." +
|
||||||
@ -254,7 +260,7 @@ func renewForDomains(ctx *cli.Context, account *Account, keyType certcrypto.KeyT
|
|||||||
|
|
||||||
addPathToMetadata(meta, domain, certRes, certsStorage)
|
addPathToMetadata(meta, domain, certRes, certsStorage)
|
||||||
|
|
||||||
return launchHook(ctx.String(flgRenewHook), meta)
|
return launchHook(ctx.String(flgRenewHook), ctx.Duration(flgRenewHookTimeout), meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
func renewForCSR(ctx *cli.Context, account *Account, keyType certcrypto.KeyType, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
|
func renewForCSR(ctx *cli.Context, account *Account, keyType certcrypto.KeyType, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
|
||||||
@ -337,7 +343,7 @@ func renewForCSR(ctx *cli.Context, account *Account, keyType certcrypto.KeyType,
|
|||||||
|
|
||||||
addPathToMetadata(meta, domain, certRes, certsStorage)
|
addPathToMetadata(meta, domain, certRes, certsStorage)
|
||||||
|
|
||||||
return launchHook(ctx.String(flgRenewHook), meta)
|
return launchHook(ctx.String(flgRenewHook), ctx.Duration(flgRenewHookTimeout), meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
func needRenewal(x509Cert *x509.Certificate, domain string, days int) bool {
|
func needRenewal(x509Cert *x509.Certificate, domain string, days int) bool {
|
||||||
|
|||||||
@ -23,6 +23,7 @@ const (
|
|||||||
flgPreferredChain = "preferred-chain"
|
flgPreferredChain = "preferred-chain"
|
||||||
flgAlwaysDeactivateAuthorizations = "always-deactivate-authorizations"
|
flgAlwaysDeactivateAuthorizations = "always-deactivate-authorizations"
|
||||||
flgRunHook = "run-hook"
|
flgRunHook = "run-hook"
|
||||||
|
flgRunHookTimeout = "run-hook-timeout"
|
||||||
)
|
)
|
||||||
|
|
||||||
func createRun() *cli.Command {
|
func createRun() *cli.Command {
|
||||||
@ -75,6 +76,11 @@ func createRun() *cli.Command {
|
|||||||
Name: flgRunHook,
|
Name: flgRunHook,
|
||||||
Usage: "Define a hook. The hook is executed when the certificates are effectively created.",
|
Usage: "Define a hook. The hook is executed when the certificates are effectively created.",
|
||||||
},
|
},
|
||||||
|
&cli.DurationFlag{
|
||||||
|
Name: flgRunHookTimeout,
|
||||||
|
Usage: "Define the timeout for the hook execution.",
|
||||||
|
Value: 2 * time.Minute,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -129,7 +135,7 @@ func run(ctx *cli.Context) error {
|
|||||||
|
|
||||||
addPathToMetadata(meta, cert.Domain, cert, certsStorage)
|
addPathToMetadata(meta, cert.Domain, cert, certsStorage)
|
||||||
|
|
||||||
return launchHook(ctx.String(flgRunHook), meta)
|
return launchHook(ctx.String(flgRunHook), ctx.Duration(flgRunHookTimeout), meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleTOS(ctx *cli.Context, client *lego.Client) bool {
|
func handleTOS(ctx *cli.Context, client *lego.Client) bool {
|
||||||
|
|||||||
@ -10,12 +10,12 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func launchHook(hook string, meta map[string]string) error {
|
func launchHook(hook string, timeout time.Duration, meta map[string]string) error {
|
||||||
if hook == "" {
|
if hook == "" {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
ctxCmd, cancel := context.WithTimeout(context.Background(), 120*time.Second)
|
ctxCmd, cancel := context.WithTimeout(context.Background(), timeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
parts := strings.Fields(hook)
|
parts := strings.Fields(hook)
|
||||||
|
|||||||
@ -74,6 +74,7 @@ OPTIONS:
|
|||||||
--preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
|
--preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
|
||||||
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful.
|
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful.
|
||||||
--run-hook value Define a hook. The hook is executed when the certificates are effectively created.
|
--run-hook value Define a hook. The hook is executed when the certificates are effectively created.
|
||||||
|
--run-hook-timeout value Define the timeout for the hook execution. (default: 2m0s)
|
||||||
--help, -h show help
|
--help, -h show help
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@ -98,6 +99,7 @@ OPTIONS:
|
|||||||
--preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
|
--preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
|
||||||
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful.
|
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful.
|
||||||
--renew-hook value Define a hook. The hook is executed only when the certificates are effectively renewed.
|
--renew-hook value Define a hook. The hook is executed only when the certificates are effectively renewed.
|
||||||
|
--renew-hook-timeout value Define the timeout for the hook execution. (default: 2m0s)
|
||||||
--no-random-sleep Do not add a random sleep before the renewal. We do not recommend using this flag if you are doing your renewals in an automated way. (default: false)
|
--no-random-sleep Do not add a random sleep before the renewal. We do not recommend using this flag if you are doing your renewals in an automated way. (default: false)
|
||||||
--force-cert-domains Check and ensure that the cert's domain list matches those passed in the domains argument. (default: false)
|
--force-cert-domains Check and ensure that the cert's domain list matches those passed in the domains argument. (default: false)
|
||||||
--help, -h show help
|
--help, -h show help
|
||||||
|
|||||||
Reference in New Issue
Block a user