Skip to content

refactor: Use domains' setname as --cert-name option#76

Merged
myii merged 1 commit intosaltstack-formulas:masterfrom
kiniou:use-domains-setname-as-cert-name-option
Aug 26, 2020
Merged

refactor: Use domains' setname as --cert-name option#76
myii merged 1 commit intosaltstack-formulas:masterfrom
kiniou:use-domains-setname-as-cert-name-option

Conversation

@kiniou
Copy link

@kiniou kiniou commented Aug 14, 2020

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

Yes.
The setname was not used before and the certificate path will not be the same.
The most obvious change that needs to be done is changing the pillar to match the first domain in a domain sets like the following:

letsencrypt:
  domains:
    foo.example.com:
      - foo.example.com

Related issues and/or pull requests

Describe the changes you're proposing

Certbot has the ability to name a certificate with the --cert-name option.

This allows us for instance to refers to this same setname to other
configuration and then further automate virtualhost creation in nginx or apache.

Pillar / config required to test the proposed changes

Here is an example that should write the certificates into /etc/letsencrypt/live/foo/ path:

letsencrypt:
  domains:
    foo:
      - foo.example.com

You might need to change the .example.com with something real if tested against a real ACME server (I've tested this change locally with a local pebble server).

Debug log showing how the proposed changes work

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@kiniou kiniou requested a review from javierbertoli as a code owner August 14, 2020 20:18
@pull-assistant
Copy link

pull-assistant bot commented Aug 14, 2020
edited
Loading

Score: 1.00

Best reviewed: commit by commit

Optimal code review plan

     refactor: use domains' setname as --cert-name option

Powered by Pull Assistant. Last update 68fb247 ... 68fb247. Read the comment docs.

@kiniou kiniou force-pushed the use-domains-setname-as-cert-name-option branch from 8dc3102 to c9b7db4 Compare August 14, 2020 20:20
@myii
Copy link

myii commented Aug 18, 2020

Does this PR introduce a BREAKING CHANGE?

Yes.
The setname was not used before and the certificate path will not be the same.
The most obvious change that needs to be done is changing the pillar to match the first domain in a domain sets like the following:

letsencrypt:
  domains:
    foo.example.com:
      - foo.example.com

@kiniou Thanks for this PR. Hopefully, @javierbertoli will get a chance to review it soon. Don't worry about this just yet but if this PR is approved, we would require the commit to be amended so that the breaking change is applied by semantic-release. See the section here for more details:

In terms of the content, I'm sure you could use pretty much what you've already provided in the section I've quoted.

@myii myii mentioned this pull request Aug 18, 2020
Closed
19 tasks
@kiniou
Copy link
Author

kiniou commented Aug 21, 2020

Hi @myii 👋

I've completely missed to read the CONTRIBUTING document and i would like to express my apologies. 😅

I'm actually using this change in my fork and i'm not in a hurry waiting for a proper review. 😉

Plus, this PR can be a place to discuss if we can transform this breaking change into some opt-in feature flag or by using a deprecation path otherwise.

javierbertoli
javierbertoli approved these changes Aug 24, 2020
View reviewed changes
Copy link
Member

@javierbertoli javierbertoli left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great addition, @kiniou, thanks!

As we're using semantic versioning, I'm perfectly OK with this PR changing the behavior (for good) of the formula and flag it.

myii
myii suggested changes Aug 24, 2020
View reviewed changes
Copy link

@myii myii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review, @javierbertoli.

Just using this Request changes as a placeholder to remind ourselves that the BREAKING CHANGE message needs to be added to the commit message before this is merged.

@kiniou
refactor: use domains' setname as --cert-name option
68fb247 
Certbot has the ability to name a certificate with the --cert-name option.

This allows us for instance to refers to this same setname to other
configuration and then further automate virtualhost creation in nginx or apache.

BREAKING CHANGE: Since this domains' setname was not used, the path was named
after the first domain in the domains set. In order to keep using this workflow,
you need to rename the setname with the first domain in the list like the
following:
```
letsencrypt:
  domains:
    foo.example.com:
      - foo.example.com
```
@kiniou kiniou force-pushed the use-domains-setname-as-cert-name-option branch from c9b7db4 to 68fb247 Compare August 26, 2020 07:54
@kiniou
Copy link
Author

kiniou commented Aug 26, 2020

Hi @myii and @javierbertoli and thanks for the review 😊.

I took a shoot at adding a BREAKING CHANGE paragraph. I'm just not sure if it will work with this kind of formatting (i.e code block).

@myii myii merged commit aef0136 into saltstack-formulas:master Aug 26, 2020
@myii
Copy link

myii commented Aug 26, 2020

I took a shoot at adding a BREAKING CHANGE paragraph. I'm just not sure if it will work with this kind of formatting (i.e code block).

Let's merge it and see...! Thanks for the contribution, @kiniou!

@saltstack-formulas-travis
Copy link

saltstack-formulas-travis commented Aug 26, 2020

🎉 This PR is included in version 2.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@myii
Copy link

myii commented Aug 26, 2020

@kiniou The code block came through fine!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javierbertoli javierbertoli javierbertoli approved these changes

+1 more reviewer

@myii myii myii approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kiniou @myii @saltstack-formulas-travis @javierbertoli