Skip to content

Commit 94a1633

Browse files
NeilpangNeilpang
authored
Merge pull request #6630 from spin-acompany/feat-panos-filename
Add custom certname for panos
2 parents d2539c3 + 46a2608 commit 94a1633

File tree

1 file changed

+20
-3
lines changed

1 file changed

+20
-3
lines changed

deploy/panos.sh

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
# export PANOS_TEMPLATE="" # Template Name of panorama managed devices
1717
# export PANOS_TEMPLATE_STACK="" # set a Template Stack if certificate should also be pushed automatically
1818
# export PANOS_VSYS="Shared" # name of the vsys to import the certificate
19+
# export PANOS_CERTNAME="" # use a custom certificate name to work around Panorama's 31-character limit
1920
#
2021
# The script will automatically generate a new API key if
2122
# no key is found, or if a saved key has expired or is invalid.
@@ -89,7 +90,7 @@ deployer() {
8990
if [ "$type" = 'cert' ]; then
9091
panos_url="${panos_url}?type=import"
9192
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
92-
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
93+
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
9394
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
9495
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
9596
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
@@ -103,11 +104,11 @@ deployer() {
103104
if [ "$type" = 'key' ]; then
104105
panos_url="${panos_url}?type=import"
105106
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
106-
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
107+
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
107108
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
108109
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
109110
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
110-
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
111+
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_panos_certname.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
111112
if [ "$_panos_template" ]; then
112113
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
113114
fi
@@ -242,13 +243,23 @@ panos_deploy() {
242243
_getdeployconf PANOS_VSYS
243244
fi
244245

246+
# PANOS_CERTNAME
247+
if [ "$PANOS_CERTNAME" ]; then
248+
_debug "Detected ENV variable PANOS_CERTNAME. Saving to file."
249+
_savedeployconf PANOS_CERTNAME "$PANOS_CERTNAME" 1
250+
else
251+
_debug "Attempting to load variable PANOS_CERTNAME from file."
252+
_getdeployconf PANOS_CERTNAME
253+
fi
254+
245255
#Store variables
246256
_panos_host=$PANOS_HOST
247257
_panos_user=$PANOS_USER
248258
_panos_pass=$PANOS_PASS
249259
_panos_template=$PANOS_TEMPLATE
250260
_panos_template_stack=$PANOS_TEMPLATE_STACK
251261
_panos_vsys=$PANOS_VSYS
262+
_panos_certname=$PANOS_CERTNAME
252263

253264
#Test API Key if found. If the key is invalid, the variable _panos_key will be unset.
254265
if [ "$_panos_host" ] && [ "$_panos_key" ]; then
@@ -267,6 +278,12 @@ panos_deploy() {
267278
_err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
268279
return 1
269280
else
281+
# Use certificate name based on the first domain on the certificate if no custom certificate name is set
282+
if [ -z "$_panos_certname" ]; then
283+
_panos_certname="$_cdomain"
284+
_savedeployconf PANOS_CERTNAME "$_panos_certname" 1
285+
fi
286+
270287
# Generate a new API key if no valid API key is found
271288
if [ -z "$_panos_key" ]; then
272289
_debug "**** Generating new PANOS API KEY ****"

0 commit comments

Comments
 (0)