Merge pull request #32 from danzilio/cron_success_cmd

Closes #18: merging @mheistermann's changes

CHANGELOG.md

@@ -2,6 +2,7 @@
 All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased][unreleased]
+- Ability to run commands after a successful cronjob-based renewal with the `cron_success_command` parameter.
 
 ## [1.0.0] - 2016-02-22
 ## Added

Gemfile

@@ -9,7 +9,7 @@ group :test do
   gem 'puppetlabs_spec_helper'
   gem 'metadata-json-lint'
   unless ENV['PUPPET_VERSION'] == '~> 3.4.0'
-    gem 'puppet-strings', git: 'git://github.com/puppetlabs/puppetlabs-strings.git'
+    gem 'puppet-strings'
   end
   gem 'puppet-lint-absolute_classname-check'
   gem 'puppet-lint-alias-check'

README.md

@@ -89,6 +89,17 @@ letsencrypt::certonly { 'foo':
 }
 ```
 
+To automatically renew a certificate, you can pass the `manage_cron` parameter.
+You can optionally add a shell command to be run on success using the `cron_success_command` parameter.
+
+```puppet
+letsencrypt::certonly { 'foo':
+  domains => ['foo.example.com', 'bar.example.com'],
+  manage_cron => true,
+  cron_success_command => '/bin/systemctl reload nginx.service',
+}
+```
+
 ## Development
 
 1. Fork it

manifests/certonly.pp

@@ -24,15 +24,19 @@
 # [*manage_cron*]
 #   Boolean indicating whether or not to schedule cron job for renewal.
 #   Runs daily but only renews if near expiration, e.g. within 10 days.
+# [*cron_success_command*]
+#   String representation of a command that should be run if the renewal command
+#   succeeds.
 #
 define letsencrypt::certonly (
-  $domains             = [$title],
-  $plugin              = 'standalone',
-  $webroot_paths       = undef,
-  $letsencrypt_command = $letsencrypt::command,
-  $additional_args     = undef,
-  $environment         = [],
-  $manage_cron         = false,
+  $domains              = [$title],
+  $plugin               = 'standalone',
+  $webroot_paths        = undef,
+  $letsencrypt_command  = $letsencrypt::command,
+  $additional_args      = undef,
+  $environment          = [],
+  $manage_cron          = false,
+  $cron_success_command = undef,
 ) {
   validate_array($domains)
   validate_re($plugin, ['^apache$', '^standalone$', '^webroot$'])
@@ -66,10 +70,15 @@
 
   if $manage_cron {
     $renewcommand = "${command_start}--keep-until-expiring ${command_domains}${command_end}"
+    if $cron_success_command {
+      $cron_cmd = "${renewcommand} && (${cron_success_command})"
+    } else {
+      $cron_cmd = $renewcommand
+    }
     $cron_hour = fqdn_rand(24, $title) # 0 - 23, seed is title plus fqdn
     $cron_minute = fqdn_rand(60, $title ) # 0 - 59, seed is title plus fqdn
     cron { "letsencrypt renew cron ${title}":
-      command     => $renewcommand,
+      command     => $cron_cmd,
       environment => concat([ $venv_path_var ], $environment),
       user        => root,
       hour        => $cron_hour,

spec/defines/letsencrypt_certonly_spec.rb

@@ -59,6 +59,14 @@
         it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command 'letsencrypt --agree-tos certonly -a apache --keep-until-expiring -d foo.example.com' }
       end
 
+      context 'with custom plugin and manage cron and cron_success_command' do
+        let(:title) { 'foo.example.com' }
+        let(:params) { { plugin: 'apache',
+                         manage_cron: true,
+                         cron_success_command: "echo success" } }
+        it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command 'letsencrypt --agree-tos certonly -a apache --keep-until-expiring -d foo.example.com && (echo success)' }
+      end
+
       context 'with invalid plugin' do
         let(:title) { 'foo.example.com' }
         let(:params) { { plugin: 'bad' } }