fredrick/dynamic-infra-tooling
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add cert resolve command and improve discovery logic

Browse source
This commit is contained in:
Fredrick Amnehagen 2026-02-05 21:04:08 +01:00
parent 6d2dde9a60
commit 069441d3eb
3 changed files with 118 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

98
infra_cli/main.py
View file

@ -9,6 +9,7 @@ from .cloudflare import CloudflareManager
from .database import DatabaseManager
from .cert import CertificateManager
import sys
import os
@click.group()
@click.option('--config', help='Path to config file')
@ -21,30 +22,45 @@ def cli(ctx, config):
click.echo(f"Error: {e}", err=True)
sys.exit(1)
@cli.group()
def cert():
"""Manage SSL/TLS Certificates"""
pass
@cert.command(name='list')
@cli.command()
@click.option('--domain', help='Public domain to remove from HAProxy and DNS')
@click.option('--mac', help='MAC address to remove from DHCP')
@click.option('--vmid', type=int, help='LXC VMID to destroy')
@click.option('--node', help='Proxmox node for the VMID')
@click.option('--port-name', help='Router port forward section name to delete')
@click.pass_obj
def cert_list(config):
mgr = CertificateManager(config)
click.echo(mgr.list_certs())
def decommission(config, domain, mac, vmid, node, port_name):
"""Orchestrated removal of a service from all infrastructure layers"""
if domain:
click.echo(f"Removing Ingress/DNS for {domain}...")
try:
IngressManager(config).remove(domain)
DNSManager(config).remove_dns(domain)
except Exception as e:
click.echo(f"Warning: Ingress/DNS cleanup failed: {e}")
@cert.command(name='status')
@click.pass_obj
def cert_status(config):
mgr = CertificateManager(config)
click.echo(f"Main Certificate Expiry: {mgr.check_expiry()}")
if mac:
click.echo(f"Removing DHCP reservation for {mac}...")
try:
DNSManager(config).remove_host(mac)
except Exception as e:
click.echo(f"Warning: DHCP cleanup failed: {e}")
@cert.command(name='renew')
@click.option('--force', is_flag=True, help='Force full SAN discovery and renewal')
@click.pass_obj
def cert_renew(config, force):
mgr = CertificateManager(config)
click.echo("Running dynamic SAN manager...")
click.echo(mgr.renew(force))
if port_name:
click.echo(f"Removing Router Port Forward {port_name}...")
try:
RouterManager(config).remove_forward(port_name)
except Exception as e:
click.echo(f"Warning: Router cleanup failed: {e}")
if vmid:
click.echo(f"Destroying LXC {vmid} on {node or 'default node'}...")
try:
ProxmoxManager(config, node).delete_lxc(vmid)
except Exception as e:
click.echo(f"Warning: Proxmox cleanup failed: {e}")
click.echo("Decommission process complete.")
@cli.group()
def db():
@ -332,8 +348,46 @@ def router_list(config):
for rule in mgr.list():
click.echo(f"[{rule['section']}] {rule['name']}: {rule['proto']} {rule['port']} -> {rule['dest']}")
@cli.group()
def cert():
"""Manage SSL/TLS Certificates"""
pass
@cert.command(name='list')
@click.pass_obj
def cert_list(config):
mgr = CertificateManager(config)
click.echo(mgr.list_certs())
@cert.command(name='status')
@click.pass_obj
def cert_status(config):
mgr = CertificateManager(config)
click.echo(f"Main Certificate Expiry: {mgr.check_expiry()}")
@cert.command(name='renew')
@click.option('--force', is_flag=True, help='Force full SAN discovery and renewal')
@click.pass_obj
def cert_renew(config, force):
mgr = CertificateManager(config)
click.echo("Running dynamic SAN manager...")
click.echo(mgr.renew(force))
@cert.command(name='resolve')
@click.argument('domain')
@click.pass_obj
def cert_resolve(config, domain):
"""Find the certificate file covering a specific domain"""
mgr = CertificateManager(config)
cert_file = mgr.resolve_cert_for_domain(domain)
if cert_file:
click.echo(cert_file)
else:
click.echo(f"Error: No certificate found covering {domain}", err=True)
sys.exit(1)
def main():
cli(obj={})
if __name__ == "__main__":
main()
main()