Not all certificates are managed for services- there are scenarios where it's desirable to invoke some freeform shell when a cert renewals. Simple example for kubernetes static pods- touching the manifest definition to trigger a reload of the pod. While a systemd oneshot unit could be written, that's a pain in the ass and cumbersome for what is at it's core a literal touch somepath.
To support this new svcmgr the existing implementations had to be refactored a fair bit; they were collapsed into one stub implementation specifically.
Finally, the command svcmgr also exposes various CERTMGR_* environment variables to the shell code it's executing- this is intended to allow for whatever is being invoked to have enough information to be able to make decisions on it's own.
Not all certificates are managed for services- there are scenarios where it's desirable to invoke some freeform shell when a cert renewals. Simple example for kubernetes static pods- touching the manifest definition to trigger a reload of the pod. While a systemd oneshot unit could be written, that's a pain in the ass and cumbersome for what is at it's core a literal
touch somepath.To support this new svcmgr the existing implementations had to be refactored a fair bit; they were collapsed into one stub implementation specifically.
Finally, the command svcmgr also exposes various CERTMGR_* environment variables to the shell code it's executing- this is intended to allow for whatever is being invoked to have enough information to be able to make decisions on it's own.