MCPcopy
hub / github.com/caddyserver/caddy / createAutomationPolicies

Method createAutomationPolicies

modules/caddyhttp/autohttps.go:597–813  ·  view source on GitHub ↗

createAutomationPolicies ensures that automated certificates for this app are managed properly. This adds up to two automation policies: one for the public names, and one for the internal names. If a catch-all automation policy exists, it will be shallow-copied and used as the base for the new ones

(ctx caddy.Context, internalNames, tailscaleNames []string)

Source from the content-addressed store, hash-verified

595// base for the new ones (this is important for preserving behavior the
596// user intends to be "defaults").
597func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames, tailscaleNames []string) error {
598 // before we begin, loop through the existing automation policies
599 // and, for any ACMEIssuers we find, make sure they're filled in
600 // with default values that might be specified in our HTTP app; also
601 // look for a base (or "catch-all" / default) automation policy,
602 // which we're going to essentially require, to make sure it has
603 // those defaults, too
604 var basePolicy *caddytls.AutomationPolicy
605 var foundBasePolicy bool
606 if app.tlsApp.Automation == nil {
607 // we will expect this to not be nil from now on
608 app.tlsApp.Automation = new(caddytls.AutomationConfig)
609 }
610 for _, ap := range app.tlsApp.Automation.Policies {
611 // on-demand policies can have the tailscale manager added implicitly
612 // if there's no explicit manager configured -- for convenience
613 if ap.OnDemand && len(ap.Managers) == 0 {
614 var ts caddytls.Tailscale
615 if err := ts.Provision(ctx); err != nil {
616 return err
617 }
618 ap.Managers = []certmagic.Manager{ts}
619
620 // must reprovision the automation policy so that the underlying
621 // CertMagic config knows about the updated Managers
622 if err := ap.Provision(app.tlsApp); err != nil {
623 return fmt.Errorf("re-provisioning automation policy: %v", err)
624 }
625 }
626
627 // set up default issuer -- honestly, this is only
628 // really necessary because the HTTP app is opinionated
629 // and has settings which could be inferred as new
630 // defaults for the ACMEIssuer in the TLS app (such as
631 // what the HTTP and HTTPS ports are)
632 if ap.Issuers == nil {
633 var err error
634 ap.Issuers, err = caddytls.DefaultIssuersProvisioned(ctx)
635 if err != nil {
636 return err
637 }
638 }
639 for _, iss := range ap.Issuers {
640 if acmeIssuer, ok := iss.(acmeCapable); ok {
641 err := app.fillInACMEIssuer(acmeIssuer.GetACMEIssuer())
642 if err != nil {
643 return err
644 }
645 }
646 }
647
648 // while we're here, is this the catch-all/base policy?
649 if !foundBasePolicy && len(ap.SubjectsRaw) == 0 {
650 basePolicy = ap
651 foundBasePolicy = true
652 }
653 }
654

Callers 1

automaticHTTPSPhase1Method · 0.95

Implementers 6

fooModuleadmin_test.go
PKImodules/caddypki/pki.go
TLSmodules/caddytls/tls.go
Filesystemsmodules/caddyfs/filesystem.go
Appmodules/caddyhttp/app.go
Appmodules/caddyevents/app.go

Calls 10

ProvisionMethod · 0.95
fillInACMEIssuerMethod · 0.95
ProvisionMethod · 0.95
IsProvisionedMethod · 0.80
RebuildCertMagicMethod · 0.80
AddAutomationPolicyMethod · 0.80
ProvisionMethod · 0.65
GetACMEIssuerMethod · 0.65
ValidateMethod · 0.65

Tested by

no test coverage detected