Notify client about renewals

evenh · Apr 27, 2019 · a2926c6 · a2926c6
1 parent d1f7123
commit a2926c6
Show file tree

Hide file tree

Showing 6 changed files with 267 additions and 34 deletions.
diff --git a/api/api.pb.go b/api/api.pb.go
diff --git a/api/api.proto b/api/api.proto
@@ -27,9 +27,21 @@ message PingResponse {
     string msg = 2;
 }
 
+message CertificateRenewalNotificationRequest {
+    // A list of DNS names to monitor for renewals
+    repeated string dnsNames = 1;
+}
+
+// Response for a certificate that has been renewed on the server
+message RenewedCertificateEvent {
+    // Example: foo.bar.com
+    string dnsName = 1;
+}
+
 service CertificateIssuer {
     rpc IssueCert (CertificateRequest) returns (CertificateResponse) {
     }
     rpc Ping (PingRequest) returns (PingResponse) {
     }
+    rpc OnCertificateRenewal (CertificateRenewalNotificationRequest) returns (stream RenewedCertificateEvent) {}
 }
diff --git a/client/client.go b/client/client.go
@@ -118,9 +118,10 @@ func configureTasks(client api.CertificateIssuerClient, config *config.ClientCon
 	var tasks []Job
 
 	pinger := *Register(pingServer(client), "Ping intercert host", 10*time.Minute, false)
+	renewalHandler := *Register(watchForEvents(config.Domains, client), "Watch for certificate renewal events", 0 * time.Second, true)
 	desiredCheck := *Register(ensureCertsFromConfig(storage, config.Domains), "Ensure configured domains is present", 1*time.Hour, true)
 
-	tasks = append(tasks, pinger, desiredCheck)
+	tasks = append(tasks, pinger, renewalHandler, desiredCheck)
 
 	return tasks
 }
diff --git a/client/scheduler.go b/client/scheduler.go
@@ -42,21 +42,23 @@ func (j *Job) start() {
 	}
 	j.firstRun = false
 
-	go func() {
-		for {
-			// Sleep for the predetermined time.
-			time.Sleep(j.delay)
-
-			select {
-			// Check for the 'stop' signal.
-			case <-j.stop:
-				return
-			// Execute the function.
-			default:
-				j.fn()
+	if j.delay > 0 * time.Second {
+		go func() {
+			for {
+				// Sleep for the predetermined time.
+				time.Sleep(j.delay)
+
+				select {
+				// Check for the 'stop' signal.
+				case <-j.stop:
+					return
+				// Execute the function.
+				default:
+					j.fn()
+				}
 			}
-		}
-	}()
+		}()
+	}
 }
 
 // Register schedules a function for execution, to be invoked repeated with a delay of

diff --git a/client/tasks.go b/client/tasks.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"github.com/evenh/intercert/api"
 	"github.com/go-acme/lego/log"
+	"io"
+	"os"
 )
 
 func pingServer(client api.CertificateIssuerClient) func() {
@@ -16,6 +18,40 @@ func pingServer(client api.CertificateIssuerClient) func() {
 	}
 }
 
+func watchForEvents(domains []string, client api.CertificateIssuerClient) func() {
+	return func() {
+		renewalStream, err := client.OnCertificateRenewal(context.Background(), &api.CertificateRenewalNotificationRequest{
+			DnsNames: domains,
+		})
+
+		if err != nil {
+			log.Fatalf("Could not subscribe to renewal events: %v", err)
+			os.Exit(1)
+		}
+
+		log.Infof("Listening for certificate renewal events")
+
+		go func() {
+			for {
+				in, err := renewalStream.Recv()
+
+				if err == io.EOF {
+					break
+				}
+
+				if err != nil {
+					log.Warnf("Got error while listening for renewal events: %v", err)
+				}
+
+				log.Infof("Got notice from server that certificate for %s has been renewed. Queuing up re-fetch!", in.DnsName)
+				job := NewCertReq(in.DnsName, true)
+				job.Submit()
+			}
+		}()
+
+	}
+}
+
 // Check that every cert from the config is present in the file system
 func ensureCertsFromConfig(storage *CertStorage, wantedDomains []string) func() {
 	return func() {