Add manual support for manual plugin by providing auth and cleanup ho…

…ok paths
leeclemens · Dec 22, 2023 · 16007e3 · 16007e3
1 parent 0a88399
commit 16007e3
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/salt/modules/acme.py b/salt/modules/acme.py
@@ -132,6 +132,8 @@ def cert(
     http_01_address=None,
     dns_plugin=None,
     dns_plugin_credentials=None,
+    manual_auth_hook=None,
+    manual_cleanup_hook=None,
 ):
     """
     Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.
@@ -168,6 +170,8 @@ def cert(
         the specified DNS plugin
     :param dns_plugin_propagate_seconds: Number of seconds to wait for DNS propogations
         before asking ACME servers to verify the DNS record. (default 10)
+    :param manual_auth_hook: Path to the manual authentication hook script.
+    :param manual_cleanup_hook: Path to the manual cleanup or post-authentication hook script.
     :rtype: dict
     :return: Dictionary with 'result' True/False/None, 'comment' and certificate's
         expiry date ('not_after')
@@ -221,6 +225,11 @@ def cert(
                 "result": False,
                 "comment": f"DNS plugin '{dns_plugin}' is not supported",
             }
+    elif manual_auth_hook:
+        cmd.append("--manual")
+        cmd.append(f"--manual-auth-hook '{manual_auth_hook}'")
+        if manual_cleanup_hook:
+            cmd.append(f"--manual-cleanup-hook '{manual_cleanup_hook}'")
     else:
         cmd.append("--authenticator standalone")
 

diff --git a/salt/states/acme.py b/salt/states/acme.py
@@ -61,6 +61,8 @@ def cert(
     http_01_address=None,
     dns_plugin=None,
     dns_plugin_credentials=None,
+    manual_auth_hook=None,
+    manual_cleanup_hook=None,
 ):
     """
     Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.
@@ -91,6 +93,8 @@ def cert(
     :param https_01_address: The address the server listens to during http-01 challenge.
     :param dns_plugin: Name of a DNS plugin to use (currently only 'cloudflare')
     :param dns_plugin_credentials: Path to the credentials file if required by the specified DNS plugin
+    :param manual_auth_hook: Path to the authentication hook script.
+    :param manual_cleanup_hook: Path to the cleanup or post-authentication hook script.
     """
 
     if certname is None:
@@ -138,6 +142,8 @@ def cert(
                 http_01_address=http_01_address,
                 dns_plugin=dns_plugin,
                 dns_plugin_credentials=dns_plugin_credentials,
+                manual_auth_hook=manual_auth_hook,
+                manual_cleanup_hook=manual_cleanup_hook,
             )
             ret["result"] = res["result"]
             ret["comment"].append(res["comment"])