From 113dc17c33c6cf77212e656e44589b5b3deab93d Mon Sep 17 00:00:00 2001
From: Pawel Martuszewski <pawel.martuszewski@gmail.com>
Date: Sun, 19 Feb 2017 19:55:04 +0000
Subject: [PATCH] Added marathon API access token key support #6 #10

---
 README.md    |  1 +
 post_cert.py | 12 ++++++++----
 run.sh       |  4 ++--
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c14df78..e866d70 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ Clone (or manually copy) this repo, and modify the [letsencrypt-dcos.json](letse
  - The list of hostnames (must be FQDNs) for which you want to generate SSL certs (in `HAPROXY_0_VHOST`)
  - An admin email address for your certificate (in `LETSENCRYPT_EMAIL`)
  - The Marathon API endpoint (in `MARATHON_URL`)
+ - The Marathon API access token (in `MARATHON_AUTH_TOKEN`)
  - The Marathon-lb app ID (in `MARATHON_LB_ID`)
  - Ensure you have **at least 2 or more** public agents in your DC/OS cluster, and that marathon-lb is scaled out to more than 1 public agent. Deploying this app requires this since it entails restarting marathon-lb.
 
diff --git a/post_cert.py b/post_cert.py
index c3d1f6f..d99d295 100755
--- a/post_cert.py
+++ b/post_cert.py
@@ -6,14 +6,18 @@
 import requests
 import time
 
-url = os.environ.get('MARATHON_URL')
+base_url = os.environ.get('MARATHON_URL')
+
 marathon_lb_id = os.environ.get('MARATHON_LB_ID')
 marathon_lb_cert_env = \
     os.environ.get('MARATHON_LB_CERT_ENV', 'HAPROXY_SSL_CERT')
 
 print("Retrieving current marathon-lb cert")
 sys.stdout.flush()
-r = requests.get(url + '/v2/apps/' + marathon_lb_id)
+
+headers = {'Authorization': 'token=' + os.environ.get('MARATHON_AUTH_TOKEN')}
+marathon_lb_url = base_url + '/v2/apps/' + marathon_lb_id
+r = requests.get(marathon_lb_url, headers=headers)
 mlb = r.json()
 env = mlb['app']['env']
 cert = ''
@@ -29,7 +33,7 @@
     print("Deploying marathon-lb with new cert")
     sys.stdout.flush()
     headers = {'Content-Type': 'application/json'}
-    r = requests.put(url + '/v2/apps/' + marathon_lb_id,
+    r = requests.put(marathon_lb_url,
                      headers=headers,
                      data=json.dumps({
                          'id': marathon_lb_id,
@@ -43,7 +47,7 @@
         time.sleep(5)
         print("Waiting for deployment to complete")
         sys.stdout.flush()
-        r = requests.get(url + '/v2/deployments')
+        r = requests.get(base_url + '/v2/deployments')
         deployments = r.json()
         deployment_exists = False
         for deployment in deployments:
diff --git a/run.sh b/run.sh
index 5746411..d3c67c7 100755
--- a/run.sh
+++ b/run.sh
@@ -4,8 +4,8 @@ set -e
 # Wait to settle
 sleep 15
 
-# Get our SSL domains from the Marathon app label
-#SSL_DOMAINS=${SSL_DOMAINS}
+# Get our SSL domains from env variable
+SSL_DOMAINS=${SSL_DOMAINS}
 
 IFS=',' read -ra ADDR <<< "$SSL_DOMAINS"
 DOMAIN_ARGS=""