Provision sets up ap and builds its underlying CertMagic config.
(tlsApp *TLS)
| 180 | |
| 181 | // Provision sets up ap and builds its underlying CertMagic config. |
| 182 | func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { |
| 183 | // replace placeholders in subjects to allow environment variables |
| 184 | repl := caddy.NewReplacer() |
| 185 | subjects := make([]string, len(ap.SubjectsRaw)) |
| 186 | for i, sub := range ap.SubjectsRaw { |
| 187 | sub = repl.ReplaceAll(sub, "") |
| 188 | subASCII, err := idna.ToASCII(sub) |
| 189 | if err != nil { |
| 190 | return fmt.Errorf("could not convert automation policy subject '%s' to punycode: %v", sub, err) |
| 191 | } |
| 192 | subjects[i] = subASCII |
| 193 | } |
| 194 | ap.subjects = subjects |
| 195 | |
| 196 | // policy-specific storage implementation |
| 197 | if ap.StorageRaw != nil { |
| 198 | val, err := tlsApp.ctx.LoadModule(ap, "StorageRaw") |
| 199 | if err != nil { |
| 200 | return fmt.Errorf("loading TLS storage module: %v", err) |
| 201 | } |
| 202 | cmStorage, err := val.(caddy.StorageConverter).CertMagicStorage() |
| 203 | if err != nil { |
| 204 | return fmt.Errorf("creating TLS storage configuration: %v", err) |
| 205 | } |
| 206 | ap.storage = cmStorage |
| 207 | } |
| 208 | |
| 209 | // we don't store loaded modules directly in the certmagic config since |
| 210 | // policy provisioning may happen more than once (during auto-HTTPS) and |
| 211 | // loading a module clears its config bytes; thus, load the module and |
| 212 | // store them on the policy before putting it on the config |
| 213 | |
| 214 | // load and provision any cert manager modules |
| 215 | if ap.ManagersRaw != nil { |
| 216 | ap.hadExplicitManagers = true |
| 217 | vals, err := tlsApp.ctx.LoadModule(ap, "ManagersRaw") |
| 218 | if err != nil { |
| 219 | return fmt.Errorf("loading external certificate manager modules: %v", err) |
| 220 | } |
| 221 | for _, getCertVal := range vals.([]any) { |
| 222 | ap.Managers = append(ap.Managers, getCertVal.(certmagic.Manager)) |
| 223 | } |
| 224 | } |
| 225 | |
| 226 | // load and provision any explicitly-configured issuer modules |
| 227 | if ap.IssuersRaw != nil { |
| 228 | val, err := tlsApp.ctx.LoadModule(ap, "IssuersRaw") |
| 229 | if err != nil { |
| 230 | return fmt.Errorf("loading TLS automation management module: %s", err) |
| 231 | } |
| 232 | for _, issVal := range val.([]any) { |
| 233 | ap.Issuers = append(ap.Issuers, issVal.(certmagic.Issuer)) |
| 234 | } |
| 235 | } |
| 236 | |
| 237 | issuers := ap.Issuers |
| 238 | if len(issuers) == 0 && !ap.implicitTailscaleManagersOnly() { |
| 239 | var err error |
no test coverage detected