evenh · evenh · Apr 27, 2019 · Jan 25, 2019 · Feb 22, 2019 · Apr 26, 2019
diff --git a/.travis.yml b/.travis.yml
@@ -16,8 +16,8 @@ env:
   global:
     secure: RNLZ70wx1XKx4bj4SctarZVpHc++cgjmJGVvruNNLfEePdPJn19iiDGvGCLAnD554JNWlaL28FQFQFg0kOo7B1e7pJvUNOq7VEBtHOWS757Oi+avlPO5diR8g0Qcc1yZw73UJkr+XnRE/sUwdqay/NgbJAeV+Kseg79JfZnZRexjLWvGNj6GZMMo/7kzYUIcf6YaU9+kdp5lPBA2zqHLL2qOuxEp3+swYrMccnQ8tFO+BgrfvX+ger2n51csoU5AoRgBLhwhGkaGRk67ucaxR8QMtuVMYCKFQvbulRL4BgBhuyeAnp6DbSPP5169JRfcGJXnapH2dpfx1wEeuokIilLCFPmpKRNxxUt12vkIPFYNUhXbXu960oWAlAbUJ683jznVAm51k77ViFFq0gBUMoE/QG77QnPsExqrwd2sWes3qNZEzUyA4sCwhJDZ5k5BTxo0Q8n5vfKtCfZU/o7aD8QVStSVl/EwjJ9oz/Sqoz6LELWwTitx4QciPGU1MGvtXH/iQp4lDc3E7zxJRAWcOWwSPYE3pySxg2aBjNBGTXIghDkZMMqrdBUR4hPj2w3nv6QrskeJx8s7oMxCiwTOZzEQekkYDTqCOz2IEROCB9Ciqaf8hS2ihms5a8ncSWtfYCG1GPpUgot7djdMyqqhuGg+jowIZhhR3BPVgNRcHzI=
 
-after_success:
-  - bash <(curl -s https://codecov.io/bash)
+#after_success:
+#  - bash <(curl -s https://codecov.io/bash)
 
 # calls goreleaser
 deploy:

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# intercert [![Build Status](https://travis-ci.org/evenh/intercert.svg?branch=master)](https://travis-ci.org/evenh/intercert) [![Go Report Card](https://goreportcard.com/badge/github.com/evenh/intercert)](https://goreportcard.com/report/github.com/evenh/intercert) [![codecov](https://codecov.io/gh/evenh/intercert/branch/master/graph/badge.svg)](https://codecov.io/gh/evenh/intercert)
+# intercert [![Build Status](https://travis-ci.org/evenh/intercert.svg?branch=master)](https://travis-ci.org/evenh/intercert) [![Go Report Card](https://goreportcard.com/badge/github.com/evenh/intercert)](https://goreportcard.com/report/github.com/evenh/intercert)
 
 _Brings Let's Encrypt to LAN and other locked down environments._
 

diff --git a/api/api.pb.go b/api/api.pb.go
diff --git a/api/api.proto b/api/api.proto
@@ -27,9 +27,21 @@ message PingResponse {
     string msg = 2;
 }
 
+message CertificateRenewalNotificationRequest {
+    // A list of DNS names to monitor for renewals
+    repeated string dnsNames = 1;
+}
+
+// Response for a certificate that has been renewed on the server
+message RenewedCertificateEvent {
+    // Example: foo.bar.com
+    string dnsName = 1;
+}
+
 service CertificateIssuer {
     rpc IssueCert (CertificateRequest) returns (CertificateResponse) {
     }
     rpc Ping (PingRequest) returns (PingResponse) {
     }
+    rpc OnCertificateRenewal (CertificateRenewalNotificationRequest) returns (stream RenewedCertificateEvent) {}
 }
diff --git a/client/client.go b/client/client.go
@@ -30,7 +30,13 @@ func StartClient(config *config.ClientConfig, userAgent string) {
 	log.Infof("Configuring connection to %s for gRPC operations", config.GetDialAddr())
 
 	// Configure connection
-	conn, err := grpc.Dial(config.GetDialAddr(), grpc.WithInsecure(), grpc.WithUserAgent(userAgent+";")) // TODO: Not run insecure
+	// TODO: Not run insecure
+	conn, err := grpc.Dial(
+		config.GetDialAddr(),
+		grpc.WithBackoffConfig(grpc.DefaultBackoffConfig),
+		grpc.WithInsecure(),
+		grpc.WithUserAgent(userAgent+";"),
+	)
 
 	if err != nil {
 		log.Warnf("Could not configure connection to host: %v", err)
@@ -61,7 +67,7 @@ func StartClient(config *config.ClientConfig, userAgent string) {
 	}
 
 	// Set up scheduled tasks
-	tasks := configureTasks(config, certStorage)
+	tasks := configureTasks(client, config, certStorage)
 
 	// Handle termination
 	configureTermination(tasks)
@@ -105,20 +111,17 @@ func validateConfig(c *config.ClientConfig) error {
 		return errors.New("hostname was empty")
 	}
 
-	if c.RenewalThreshold > (24*time.Hour)*30 {
-		return errors.New("renewal threshold can't exceed 30 days")
-	}
-
 	return nil
 }
 
-func configureTasks(config *config.ClientConfig, storage *CertStorage) []Job {
+func configureTasks(client api.CertificateIssuerClient, config *config.ClientConfig, storage *CertStorage) []Job {
 	var tasks []Job
 
-	expiryCheck := *Register(findExpiredCerts(config.RenewalThreshold), "Expired certs watcher", config.ExpiryCheckAt, false)
-	desiredCheck := *Register(ensureCertsFromConfig(storage, config.Domains), "Ensure configured domains is present", 8*time.Hour, true)
+	pinger := *Register(pingServer(client), "Ping intercert host", 10*time.Minute, false)
+	renewalHandler := *Register(watchForEvents(config.Domains, client), "Watch for certificate renewal events", 0*time.Second, true)
+	desiredCheck := *Register(ensureCertsFromConfig(storage, config.Domains), "Ensure configured domains is present", 1*time.Hour, true)
 
-	tasks = append(tasks, expiryCheck, desiredCheck)
+	tasks = append(tasks, pinger, renewalHandler, desiredCheck)
 
 	return tasks
 }
diff --git a/client/scheduler.go b/client/scheduler.go
@@ -42,21 +42,23 @@ func (j *Job) start() {
 	}
 	j.firstRun = false
 
-	go func() {
-		for {
-			// Sleep for the predetermined time.
-			time.Sleep(j.delay)
-
-			select {
-			// Check for the 'stop' signal.
-			case <-j.stop:
-				return
-			// Execute the function.
-			default:
-				j.fn()
+	if j.delay > 0*time.Second {
+		go func() {
+			for {
+				// Sleep for the predetermined time.
+				time.Sleep(j.delay)
+
+				select {
+				// Check for the 'stop' signal.
+				case <-j.stop:
+					return
+				// Execute the function.
+				default:
+					j.fn()
+				}
 			}
-		}
-	}()
+		}()
+	}
 }
 
 // Register schedules a function for execution, to be invoked repeated with a delay of

diff --git a/client/storage.go b/client/storage.go
@@ -25,7 +25,7 @@ type CertStorage struct {
 // NewCertStorage constructs an instance of the CertStorage struct, with validation
 func NewCertStorage(storageDirectory string) *CertStorage {
 	if _, err := os.Stat(storageDirectory); os.IsNotExist(err) {
-		err = os.Mkdir(storageDirectory, 0777)
+		err = os.MkdirAll(storageDirectory, 0777)
 
 		if err != nil {
 			log.Warnf("Could not create directory for certs: %v", err)