Merge pull request #94 from adferrand/avoild-wilcard-in-lineages

Avoild wilcard in lineages

CHANGELOG.md

@@ -1,6 +1,9 @@
 # Changelog
 
 ## master - CURRENT
+### Modified
+* Ensure a certificate name does not have wildcard characters when migrating from legacy config
+  (eg. `example.com` for domains `[*.example.com`, `example.com]` instead of `*.example.com`).
 
 ## 3.1.4 - 30/03/2020
 ### Modified

src/dnsrobocert/core/config.py

@@ -1,13 +1,14 @@
 import logging
 import os
-import re
 from typing import Any, Dict, Optional, Set
 
 import coloredlogs
 import jsonschema
 import pkg_resources
 import yaml
 
+from dnsrobocert.core import utils
+
 LOGGER = logging.getLogger(__name__)
 coloredlogs.install(logger=LOGGER)
 
@@ -96,7 +97,7 @@ def get_lineage(certificate_config: Dict[str, Any]) -> str:
     lineage = (
         certificate_config.get("name")
         if certificate_config.get("name")
-        else re.sub(r"^\*\.", "", certificate_config.get("domains", [None])[0])
+        else utils.normalize_lineage(certificate_config.get("domains", [None])[0])
     )
     if not lineage:
         raise ValueError(

src/dnsrobocert/core/legacy.py

@@ -10,6 +10,8 @@
 import yaml
 from lexicon import config, parser
 
+from dnsrobocert.core import utils
+
 LEGACY_CONFIGURATION_PATH = "/etc/letsencrypt/domains.conf"
 LOGGER = logging.getLogger(__name__)
 coloredlogs.install(logger=LOGGER)
@@ -257,7 +259,7 @@ def _extract_certificates(envs: Dict[str, str], profile: str) -> List[Dict[str,
 
             if domains:
                 certificate: Dict[str, Any] = {
-                    "name": domains[0],
+                    "name": utils.normalize_lineage(domains[0]),
                     "domains": domains,
                     "profile": profile,
                 }

src/dnsrobocert/core/utils.py

@@ -1,6 +1,7 @@
 import hashlib
 import logging
 import os
+import re
 import subprocess
 import sys
 from typing import Any, Dict, List
@@ -100,7 +101,7 @@ def configure_certbot_workspace(
     fix_permissions(certificate_permissions, archive_path)
 
 
-def digest(path):
+def digest(path: str):
     if not os.path.exists(path):
         return None
 
@@ -110,3 +111,7 @@ def digest(path):
     md5 = hashlib.md5()
     md5.update(config_data)
     return md5.digest()
+
+
+def normalize_lineage(domain: str):
+    return re.sub(r"^\*\.", "", domain)

test/unit_tests/legacy_test.py

@@ -35,6 +35,7 @@ def test_legacy_migration(tmp_path, monkeypatch):
         f.write(
             """\
 test1.sub.example.com test2.sub.example.com autorestart-containers=container1,container2 autocmd-containers=container3:cmd3 arg3,container4:cmd4 arg4a arg4b
+*.sub.example.com sub.example.com
 """
         )
 
@@ -102,6 +103,15 @@ def test_legacy_migration(tmp_path, monkeypatch):
     export: true
     passphrase: PASSPHRASE
   profile: ovh
+- deploy_hook: ./deploy.sh
+  domains:
+  - '*.sub.example.com'
+  - sub.example.com
+  name: sub.example.com
+  pfx:
+    export: true
+    passphrase: PASSPHRASE
+  profile: ovh
 profiles:
 - delegated_subdomain: sub.example.com
   max_checks: 3