Add ACME support for lba commands

tokengeek · tokengeek · commit de5cd09e5967 · 2024-12-11T14:02:32.000Z
Passing a list of comma separated domains to either `lbs create` or `lbs
update` will request that domains are provisioned from Let's Encrypt.

For this to work a `https` (not `tcp`) listener needs to be available on
port 443 otherwise the request will be rejected.

    brightbox lbs create --acme-domains domain.example --listeners 443:443:https:5000 srv-12345

Domains and their status are listed under the `lbs show` command output.
diff --git a/lib/brightbox-cli/commands/lbs/create.rb b/lib/brightbox-cli/commands/lbs/create.rb
@@ -44,6 +44,9 @@ module Brightbox
       c.default_value "3"
       c.flag [:d, "hc-down"]
 
+      c.desc "ACME domains"
+      c.flag ["acme_domains"]
+
       c.desc "Filepath to the SSL certificate file to use."
       c.flag ["ssl-cert"]
 
@@ -82,6 +85,10 @@ module Brightbox
           options[:b] = options[:b].to_i
         end
 
+        if options["acme_domains"]
+          options["acme_domains"] = options["acme_domains"].split(",")
+        end
+
         hc_arg_lookup = {
           :k => :port,
           :y => :type,
@@ -118,6 +125,7 @@ module Brightbox
         msg = "Creating a new load balancer"
         info msg
         lb = LoadBalancer.create(
+          domains: options["acme_domains"],
           buffer_size: options[:b],
           certificate_pem: ssl_cert,
           certificate_private_key: ssl_key,
diff --git a/lib/brightbox-cli/commands/lbs/show.rb b/lib/brightbox-cli/commands/lbs/show.rb
@@ -16,6 +16,7 @@ module Brightbox
             created_at
             deleted_at
             policy
+            acme_domains
             ssl_minimum_version
             ssl_issuer
             ssl_subject
diff --git a/lib/brightbox-cli/commands/lbs/update.rb b/lib/brightbox-cli/commands/lbs/update.rb
@@ -37,6 +37,9 @@ module Brightbox
       c.desc "Healthcheck threshold down. Number of failed healthchecks for the node to be considered down."
       c.flag [:d, "hc-down"]
 
+      c.desc "ACME domains"
+      c.flag ["acme_domains"]
+
       c.desc "Filepath to the SSL certificate file to use."
       c.flag ["ssl-cert"]
 
@@ -132,6 +135,10 @@ module Brightbox
           lbopts[:ssl_minimum_version] = options["ssl-min-ver"]
         end
 
+        if options["acme_domains"]
+          lbopts[:domains] = options["acme_domains"].split(",")
+        end
+
         lbopts.nilify_blanks
 
         lb = LoadBalancer.find lb_id
diff --git a/lib/brightbox-cli/load_balancers.rb b/lib/brightbox-cli/load_balancers.rb
@@ -9,13 +9,26 @@ def self.create(options)
       new(conn.load_balancers.create(options))
     end
 
+    def acme_domains
+      if attributes["acme"]
+        attributes["acme"]["domains"].map do |domain|
+          [domain["identifier"], domain["status"]].join(":")
+        end.join(",")
+      else
+        []
+      end
+    rescue StandardError
+      []
+    end
+
     def attributes
       fog_model.attributes
     end
 
     def to_row
       attributes.merge(
         :locked => locked?,
+        :acme_domains => acme_domains,
         :ssl_minimum_version => ssl_minimum_version,
         :ssl_issuer => certificate_issuer,
         :ssl_subject => certificate_subject,
diff --git a/spec/commands/lbs/create_spec.rb b/spec/commands/lbs/create_spec.rb
@@ -169,5 +169,46 @@
         expect(stdout).to include("lba-12345")
       end
     end
+
+    context "--acme-domains=example.com" do
+      let(:argv) { ["lbs", "create", "--acme-domains", "example.com", "--listeners", "443:443:https:5000", "lba-12345"] }
+      let(:json_response) do
+        <<~EOS
+        {
+          "id":"lba-12345",
+          "acme": {
+            "domains": [
+              {
+                "identifier": "example.com",
+                "last_message": null,
+                "status": "pending"
+              }
+            ]
+          },
+          "certificate": null,
+          "listeners": [
+            {
+              "in": 443,
+              "out": 443,
+              "protocol": "https",
+              "proxy_protocol": null,
+              "timeout": 5000
+            }
+          ]
+        }
+        EOS
+      end
+
+      before do
+        stub_request(:post, "http://api.brightbox.localhost/1.0/load_balancers?account_id=acc-12345")
+          .with(body: hash_including(domains: ["example.com"]))
+          .to_return(:status => 202, :body => json_response)
+      end
+
+      it "includes acme_certificate_domain in response" do
+        expect(stderr).to eq("Creating a new load balancer\n")
+        expect(stdout).to include("lba-12345")
+      end
+    end
   end
 end
diff --git a/spec/commands/lbs/show_spec.rb b/spec/commands/lbs/show_spec.rb
@@ -58,6 +58,18 @@
           "name":"app-lb1",
           "status":"active",
           "created_at":"2012-03-05T12:00:00Z",
+          "acme": {
+            "domains": [
+              {
+                "identifier": "domain.test",
+                "status": "verified"
+              },
+              {
+                "identifier": "domain2.test",
+                "status": "verified"
+              }
+            ]
+          },
           "nodes":[
             {
               "id":"srv-12345",
@@ -81,6 +93,7 @@
           expect(stdout).to include("name: app-lb1")
           expect(stdout).to include("created_at: 2012-03-05T12:00Z")
           expect(stdout).to include("nodes: srv-12345")
+          expect(stdout).to include("acme_domains: domain.test:verified,domain2.test:verified")
         end
       end
     end
diff --git a/spec/commands/lbs/update_spec.rb b/spec/commands/lbs/update_spec.rb
@@ -99,5 +99,49 @@
         expect(stdout).to include("lba-kl432")
       end
     end
+
+    context "--acme-domains=example.com" do
+      let(:argv) { ["lbs", "update", "--acme-domains", "example.com", "--listeners", "443:443:https:5000", "lba-12345"] }
+      let(:json_response) do
+        <<~EOS
+        {
+          "id":"lba-12345",
+          "acme": {
+            "domains": [
+              {
+                "identifier": "example.com",
+                "last_message": null,
+                "status": "pending"
+              }
+            ]
+          },
+          "certificate": null,
+          "listeners": [
+            {
+              "in": 443,
+              "out": 443,
+              "protocol": "https",
+              "proxy_protocol": null,
+              "timeout": 5000
+            }
+          ]
+        }
+        EOS
+      end
+
+      before do
+        stub_request(:get, "http://api.brightbox.localhost/1.0/load_balancers/lba-12345?account_id=acc-12345")
+          .to_return(:status => 200, :body => '{"id":"lba-12345"}')
+
+        stub_request(:put, "http://api.brightbox.localhost/1.0/load_balancers/lba-12345?account_id=acc-12345")
+          .with(body: hash_including(domains: ["example.com"]))
+          .to_return(:status => 202, :body => json_response)
+      end
+
+      it "includes acme_certificate_domain in response" do
+        expect(stderr).to eq("Updating load balancer lba-12345\n")
+        expect(stdout).to include("lba-12345")
+      end
+    end
   end
 end
