acmaker 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 671733eab8da6884cd0621b3a7331d5c16e9c82b
+  data.tar.gz: 76f5acb657c6c994d8a1b8f1ca9d7f290d75344d
+SHA512:
+  metadata.gz: 61098882b32b2f9cac71876107e5c433c71ae7911fdbfbc3059f89ad1f660d328f6a51f7d9826c242ca3bd0f00d5d1782f510b38cbaeced377c40a64c9aacc86
+  data.tar.gz: 23a2bcab5c3b5007ac78f6de871c9ddb8f0afe2486671e741e0fd9560197418d121bee9893a76de9160c4c8343452f7d004cda99ad835bee376a2b6df7ec03c9

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+spec/aws_config.yml
+Certificatefile
+*.acm
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.1
+before_install: gem install bundler

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at horiyutwins@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in acmaker.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Yuta Horii
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,179 @@
+# Acmaker
+
+Acmaker is a tool to manage [AWS Certificate Manager](https://aws.amazon.com/jp/certificate-manager/)
+It defines the state of Certificate Manager using DSL, and updates Certificate Manager according to DSL.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'acmaker'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install acmaker
+
+## Usage
+
+```sh
+export AWS_ACCESS_KEY_ID='...'
+export AWS_SECRET_ACCESS_KEY='...'
+export AWS_REGION='...'
+acmaker -e -o Certificatefile # export Certificate Manager
+vi Certificatefile
+acmaker -a --dry-run
+acmaker -a            # Apply `Certificatefile` to Certificate Manager
+```
+
+## Help
+
+```
+Usage: acmaker [options]
+    -k, --access-key ACCESS_KEY
+    -s, --secret-key SECRET_KEY
+    -r, --region REGION
+        --profile PROFILE
+        --credentials-path PATH
+    -a, --apply
+    -f, --file FILE
+        --dry-run
+    -e, --export
+    -o, --output FILE
+        --split
+        --target REGEXP
+        --no-color
+        --debug
+        --request-concurrency N
+```
+
+## Certificatefile example
+
+```ruby
+require 'other/certificatefile'
+
+domain "yutadayo.jp" do
+  {:certificate_arn=>
+    "arn:aws:acm:ap-northeast-1:XXXXXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
+   :created_at=>"2017-01-01 12:00:00 +0900",
+   :domain_name=>"yutadayo.jp",
+   :domain_validation_options=>
+    [{:domain_name=>"yutadayo.jp",
+      :validation_domain=>"yutadayo.jp",
+      :validation_emails=>
+       ["administrator@yutadayo.jp",
+        "hostmaster@yutadayo.jp",
+        "webmaster@yutadayo.jp",
+        "info@fablic.co.jp",
+        "postmaster@yutadayo.jp",
+        "admin@yutadayo.jp"],
+      :validation_status=>"SUCCESS"},
+     {:domain_name=>"*.yutadayo.jp",
+      :validation_domain=>"yutadayo.jp",
+      :validation_emails=>
+       ["administrator@yutadayo.jp",
+        "hostmaster@yutadayo.jp",
+        "webmaster@yutadayo.jp",
+        "info@fablic.co.jp",
+        "postmaster@yutadayo.jp",
+        "admin@yutadayo.jp"],
+      :validation_status=>"SUCCESS"}],
+   :failure_reason=>nil,
+   :imported_at=>nil,
+   :in_use_by=>
+    ["arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:loadbalancer/XXXXXXXXXX",
+     "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:loadbalancer/app/XXXXXXXXXX/XXXXXXXXXX"],
+   :issued_at=>"2017-01-01 13:00:00 +0900",
+   :issuer=>"Amazon",
+   :key_algorithm=>"RSA-2048",
+   :not_after=>"2018-02-01 21:00:00 +0900",
+   :not_before=>"2017-01-01 09:00:00 +0900",
+   :renewal_summary=>{},
+   :revocation_reason=>nil,
+   :revoked_at=>nil,
+   :serial=>"XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX",
+   :signature_algorithm=>"SHA256WITHRSA",
+   :status=>"ISSUED",
+   :subject=>"CN=yutadayo.jp",
+   :subject_alternative_names=>["yutadayo.jp", "*.yutadayo.jp"],
+   :type=>"AMAZON_ISSUED"}
+end
+```
+
+## Create Certificate
+
+```
+$ cat Certificatefile
+
+domain "yutadayo.jp" do
+  {
+    :domain_name => "yutadayo.jp",
+    :subject_alternative_names => ["*.yutadayo.jp"],
+    :domain_validation_options => [
+      {
+        :domain_name => "yutadayo.jp",
+        :validation_domain => "yutadayo.jp",
+      },
+      {
+        :domain_name => "*.yutadayo.jp",
+        :validation_domain => "yutadayo.jp",
+      },
+    ],
+  }
+end
+
+$ acmaker -a
+```
+
+## Delete Certificate
+
+```
+$ cat Certificatefile
+
+domain "yutadayo.jp" do
+end
+
+$ acmaker -a
+```
+
+```
+$ cat Certificatefile
+
+domain "yutadayo.jp" do
+  {}
+end
+
+$ acmaker -a
+```
+
+```
+$ cat Certificatefile
+
+# comment out
+#domain "yutadayo.jp" do
+#  ...
+#end
+
+$ acmaker -a
+```
+
+## Test
+
+set your AWS arn and domain_name for [spec/aws_config.yml.sample](https://github.com/yutadayo/acmaker/blob/master/spec/aws_config.yml.sample) and rename to spec/aws_config.yml.
+
+## Similar tools
+
+- [Codenize.tools](https://codenize.tools/)
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/yutadayo/acmaker.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/acmaker.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'acmaker/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'acmaker'
+  spec.version       = Acmaker::VERSION
+  spec.authors       = ['Yuta Horii']
+  spec.email         = ['horiyutwins@gmail.com']
+
+  spec.summary       = 'Acmaker is a tool to manage AWS Certificate Manager (ACM).'
+  spec.description   = 'Acmaker is a tool to manage AWS Certificate Manager (ACM). It defines the state of ACM using DSL, and updates ACM according to DSL.'
+  spec.homepage      = 'https://github.com/yutadayo/acmaker'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+
+  spec.add_dependency 'aws-sdk', '~>2'
+  spec.add_dependency 'diffy'
+  spec.add_dependency 'parallel'
+  spec.add_dependency 'term-ansicolor'
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "acmaker"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/acmaker

@@ -0,0 +1,169 @@
+#!/usr/bin/env ruby
+$: << File.expand_path('../../lib', __FILE__)
+
+require 'acmaker'
+require 'optparse'
+
+Version = Acmaker::VERSION
+
+DEFAULT_FILENAME = 'Certificatefile'
+
+MAGIC_COMMENT = <<-EOS
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+EOS
+
+def parse_options(argv)
+  options = {
+    file: DEFAULT_FILENAME,
+    output: '-',
+    dry_run: false,
+    color: true,
+    request_concurrency: 8,
+    aws: {},
+  }
+
+  opt = OptionParser.new
+  opt.on('-k', '--access-key ACCESS_KEY') {|v| options[:aws][:access_key_id]     = v }
+  opt.on('-s', '--secret-key SECRET_KEY') {|v| options[:aws][:secret_access_key] = v }
+  opt.on('-r', '--region REGION')         {|v| options[:aws][:region]            = v }
+
+  opt.on('', '--profile PROFILE') do |v|
+    options[:aws][:credentials] ||= {}
+    options[:aws][:credentials][:profile_name] = v
+  end
+
+  opt.on('', '--credentials-path PATH') do |v|
+    options[:aws][:credentials] ||= {}
+    options[:aws][:credentials][:path] = v
+  end
+
+  opt.on('-a', '--apply')         {    options[:mode]    = :apply        }
+  opt.on('-f', '--file FILE')     {|v| options[:file]    = v             }
+  opt.on(''  , '--dry-run')       {    options[:dry_run] = true          }
+  opt.on('-e', '--export')        {    options[:mode]    = :export       }
+  opt.on('-o', '--output FILE')   {|v| options[:output]  = v             }
+  opt.on(''  , '--split')         {    options[:split]   = :true         }
+  opt.on(''  , '--target REGEXP') {|v| options[:target]  = Regexp.new(v) }
+  opt.on(''  , '--no-color')      {    options[:color]   = false         }
+  opt.on(''  , '--debug')         {    options[:debug]   = true          }
+
+  opt.on(''  , '--request-concurrency N', Integer) do |v|
+    options[:request_concurrency] = v
+  end
+
+  opt.parse!(argv)
+
+  unless options[:mode]
+    puts opt.help
+    exit 1
+  end
+
+  if options[:aws][:credentials]
+    credentials = Aws::SharedCredentials.new(options[:aws][:credentials])
+    options[:aws][:credentials] = credentials
+  end
+
+  Aws.config.update(options[:aws])
+  String.colorize = options[:color]
+
+  if options[:debug]
+    Acmaker::Logger.instance.debug(options[:debug])
+
+    Aws.config.update(
+      :http_wire_trace => true,
+      :logger => Acmaker::Logger.instance
+    )
+  end
+
+  options
+rescue => e
+  $stderr.puts("[ERROR] #{e.message}")
+  exit 1
+end
+
+def main(argv)
+  options = parse_options(argv)
+  client = Acmaker::Client.new(options)
+  logger = Acmaker::Logger.instance
+
+  case options[:mode]
+  when :export
+    exported = client.export
+    output = options[:output]
+
+    if options[:split]
+      logger.info('Export Certificate Manager')
+
+      output = DEFAULT_FILENAME if output == '-'
+      dir = File.dirname(output)
+      FileUtils.mkdir_p(dir)
+      requires = []
+
+      exported.each do |domain_name, certificate|
+        next unless certificate
+
+        filename = "#{domain_name}.acm"
+        requires << filename
+        acm_file = File.join(dir, filename)
+
+        logger.info("  write `#{acm_file}`")
+
+        dsl = Acmaker::DSL.convert({domain_name => certificate}, options)
+
+        open(acm_file, 'wb') do |f|
+          f.puts MAGIC_COMMENT
+          f.puts dsl
+        end
+      end
+
+      logger.info("  write `#{output}`")
+
+      open(output, 'wb') do |f|
+        f.puts MAGIC_COMMENT
+
+        requires.each do |acm_file|
+          f.puts "require '#{acm_file}'"
+        end
+      end
+    else
+      dsl = Acmaker::DSL.convert(exported, options)
+
+      if output == '-'
+        logger.info('# Export Certificate Manager')
+        puts dsl
+      else
+        logger.info("Export Certificate Manager to `#{output}`")
+        open(output, 'wb') do |f|
+          f.puts MAGIC_COMMENT
+          f.puts dsl
+        end
+      end
+    end
+  when :apply
+    file = options[:file]
+
+    unless File.exist?(file)
+      raise "No Certificatefile found (looking for: #{file})"
+    end
+
+    message = "Apply `#{file}` to Certificate Manager"
+    message << ' (dry-run)' if options[:dry_run]
+    logger.info(message)
+
+    updated = client.apply(file)
+
+    logger.info('No change'.intense_blue) unless updated
+  else
+    raise "Unknown mode: #{options[:mode]}"
+  end
+rescue => e
+  if options[:debug]
+    raise e
+  else
+    $stderr.puts("[ERROR] #{e.message}".red)
+    exit 1
+  end
+end
+
+main(ARGV)

data/lib/acmaker.rb

@@ -0,0 +1,20 @@
+require 'logger'
+require 'singleton'
+require 'aws-sdk'
+require 'diffy'
+require 'parallel'
+require 'pp'
+require 'term/ansicolor'
+
+require 'acmaker/logger'
+require 'acmaker/utils'
+require 'acmaker/ext/string_ext'
+
+require 'acmaker/version'
+
+require 'acmaker/client'
+require 'acmaker/driver'
+require 'acmaker/dsl'
+require 'acmaker/dsl/context'
+require 'acmaker/dsl/converter'
+require 'acmaker/exporter'

data/lib/acmaker/client.rb

@@ -0,0 +1,81 @@
+module Acmaker
+  class Client
+    include Acmaker::Logger::Helper
+    include Acmaker::Utils::Helper
+
+    def initialize(options = {})
+      @options = options
+      @client = @options[:client] || Aws::ACM::Client.new
+      @driver = Acmaker::Driver.new(@client, @options)
+      @exporter = Acmaker::Exporter.new(@client, @options)
+    end
+
+    def export
+      @exporter.export
+    end
+
+    def apply(file)
+      walk(file)
+    end
+
+    private
+
+    def walk(file)
+      expected = load_file(file)
+      actual = @exporter.export
+      updated = walk_domains(expected, actual)
+
+      @options[:dry_run] ? false : updated
+    end
+
+    def walk_domains(expected, actual)
+      updated = false
+
+      expected.each do |domain_name, expected_certificate|
+        next unless matched?(domain_name)
+
+        actual_certificate = actual.delete(domain_name)
+
+        if actual_certificate
+          updated = walk_certificate(domain_name, expected_certificate, actual_certificate) || updated
+        elsif expected_certificate
+          @driver.create_certificate(domain_name, expected_certificate)
+          updated = true
+        end
+      end
+
+      actual.each do |domain_name, actual_certificate|
+        @driver.delete_certificate(domain_name, actual_certificate[:certificate_arn])
+        updated = true
+      end
+
+      updated
+    end
+
+    def walk_certificate(domain_name, expected_certificate, actual_certificate)
+      if expected_certificate.nil? || expected_certificate.empty?
+        @driver.delete_certificate(domain_name, actual_certificate[:certificate_arn])
+        return true
+      end
+
+      if expected_certificate != actual_certificate
+        log(:info, diff(actual_certificate, expected_certificate, color: @options[:color]), color: false)
+        log(:warn, "Domain `#{domain_name}`: certificate can not be changed", color: :yellow)
+      end
+
+      false
+    end
+
+    def load_file(file)
+      if file.is_a?(String)
+        open(file) do |f|
+          Acmaker::DSL.parse(f.read, file)
+        end
+      elsif file.respond_to?(:read)
+        Acmaker::DSL.parse(file.read, file.path)
+      else
+        raise TypeError, "can't convert #{file} into File"
+      end
+    end
+  end
+end

data/lib/acmaker/driver.rb

@@ -0,0 +1,28 @@
+module Acmaker
+  class Driver
+    include Acmaker::Logger::Helper
+    include Acmaker::Utils::Helper
+
+    def initialize(client, options = {})
+      @client = client
+      @options = options
+    end
+
+    def create_certificate(domain_name, expected_certificate)
+      log(:info, "Create Domain `#{domain_name}` Certificate", color: :cyan)
+
+      unless @options[:dry_run]
+        resp = @client.request_certificate(expected_certificate)
+        log(:info, "Certificate arn `#{resp.certificate_arn}` has been created", color: :cyan)
+      end
+    end
+
+    def delete_certificate(domain_name, certificate_arn)
+      log(:info, "Delete Domain `#{domain_name}` Certificate", color: :red)
+
+      unless @options[:dry_run]
+        @client.delete_certificate(certificate_arn: certificate_arn)
+      end
+    end
+  end
+end

data/lib/acmaker/dsl.rb

@@ -0,0 +1,13 @@
+module Acmaker
+  module DSL
+    class << self
+      def convert(exported, options = {})
+        Acmaker::DSL::Converter.convert(exported, options)
+      end
+
+      def parse(dsl, path, options = {})
+        Acmaker::DSL::Context.eval(dsl, path, options).result
+      end
+    end
+  end
+end

data/lib/acmaker/dsl/context.rb

@@ -0,0 +1,42 @@
+module Acmaker
+  module DSL
+    class Context
+      def self.eval(dsl, path, options = {})
+        new(path, options) do
+          eval(dsl, binding, path)
+        end
+      end
+
+      attr_reader :result
+
+      def initialize(path, options = {}, &block)
+        @path = path
+        @options = options
+        @result = {}
+        instance_eval(&block)
+      end
+
+      private
+
+      def require(file)
+        acmfile = file =~ %r{\A/} ? file : File.expand_path(File.join(File.dirname(@path), file))
+
+        if File.exist?(acmfile)
+          instance_eval(File.read(acmfile), acmfile)
+        elsif File.exist?(acmfile + '.rb')
+          instance_eval(File.read(acmfile + '.rb'), acmfile + '.rb')
+        else
+          Kernel.require(file)
+        end
+      end
+
+      def domain(name)
+        name = name.to_s
+
+        raise "Domain #{name} is already defined" if @result[name]
+
+        @result[name] = yield
+      end
+    end
+  end
+end

data/lib/acmaker/dsl/converter.rb

@@ -0,0 +1,41 @@
+module Acmaker
+  module DSL
+    class Converter
+      include Acmaker::Utils::Helper
+
+      class << self
+        def convert(exported, options = {})
+          new(exported, options).convert
+        end
+      end
+
+      def initialize(exported, options)
+        @exported = exported
+        @options = options
+      end
+
+      def convert
+        certificates = []
+
+        @exported.each do |domain_name, certificate|
+          next if !certificate || !matched?(domain_name)
+          certificates << output_certificate(domain_name, certificate)
+        end
+
+        certificates.join("\n")
+      end
+
+      private
+
+      def output_certificate(domain_name, certificate)
+        certificate = certificate.pretty_inspect.gsub(/^/, '  ').strip
+
+        <<-EOS
+domain #{domain_name.inspect} do
+  #{certificate}
+end
+        EOS
+      end
+    end
+  end
+end

data/lib/acmaker/exporter.rb

@@ -0,0 +1,96 @@
+module Acmaker
+  class Exporter
+    include Acmaker::Utils::Helper
+
+    def initialize(client, options = {})
+      @client = client
+      @options = options
+    end
+
+    def export
+      export_certificates
+    end
+
+    private
+
+    def export_certificates
+      result = {}
+      certificates = list_certificates
+      concurrency = @options[:request_concurrency]
+
+      Parallel.each(certificates, in_threads: concurrency) do |certificate|
+        domain_name = certificate.domain_name
+        next unless matched?(domain_name)
+        result[domain_name] = export_domain_certificate(certificate)
+      end
+
+      result
+    end
+
+    def export_domain_certificate(certificate)
+      arn = certificate.certificate_arn
+      resp = @client.describe_certificate(certificate_arn: arn)
+
+      {
+        certificate_arn: resp.certificate.certificate_arn,
+        created_at: resp.certificate.created_at&.to_s,
+        domain_name: resp.certificate.domain_name,
+        domain_validation_options: export_domain_validation_options(resp.certificate.domain_validation_options),
+        failure_reason: resp.certificate.failure_reason,
+        imported_at: resp.certificate.imported_at&.to_s,
+        in_use_by: resp.certificate.in_use_by,
+        issued_at: resp.certificate.issued_at&.to_s,
+        issuer: resp.certificate.issuer,
+        key_algorithm: resp.certificate.key_algorithm,
+        not_after: resp.certificate.not_after&.to_s,
+        not_before: resp.certificate.not_before&.to_s,
+        renewal_summary: export_renewal_summary(resp.certificate.renewal_summary),
+        revocation_reason: resp.certificate.revocation_reason,
+        revoked_at: resp.certificate.revoked_at,
+        serial: resp.certificate.serial,
+        signature_algorithm: resp.certificate.signature_algorithm,
+        status: resp.certificate.status,
+        subject: resp.certificate.subject,
+        subject_alternative_names: resp.certificate.subject_alternative_names,
+        type: resp.certificate.type,
+      }
+    rescue Aws::ACM::Errors::ResourceNotFoundException
+      nil
+    end
+
+    def export_domain_validation_options(options)
+      options.each_with_object([]) do |option, arr|
+        arr << {
+          domain_name: option.domain_name,
+          validation_domain: option.validation_domain,
+          validation_emails: option.validation_emails,
+          validation_status: option.validation_status,
+        }
+      end
+    end
+
+    def export_renewal_summary(summary)
+      return {} if summary.nil?
+      {
+        renewal_summary: {
+          renewal_status: summary.renewal_status,
+          domain_validation_options: export_domain_validation_options(summary.domain_validation_options),
+        }
+      }
+    end
+
+    def list_certificates
+      certificates = []
+      next_token = nil
+
+      loop do
+        resp = @client.list_certificates(next_token: next_token)
+        certificates.concat(resp.certificate_summary_list)
+        next_token = resp.next_token
+        break unless next_token
+      end
+
+      certificates
+    end
+  end
+end

data/lib/acmaker/ext/string_ext.rb

@@ -0,0 +1,28 @@
+module Acmaker::Ext
+  module StringExt
+    module ClassMethods
+      def colorize=(value)
+        @colorize = value
+      end
+
+      def colorize
+        @colorize
+      end
+    end # ClassMethods
+
+    Term::ANSIColor::Attribute.named_attributes.each do |attribute|
+      class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+        def #{attribute.name}
+          if String.colorize
+            Term::ANSIColor.send(#{attribute.name.inspect}, self)
+          else
+            self
+          end
+        end
+      EOS
+    end
+  end
+end
+
+String.include(Acmaker::Ext::StringExt)
+String.extend(Acmaker::Ext::StringExt::ClassMethods)

data/lib/acmaker/logger.rb

@@ -0,0 +1,30 @@
+module Acmaker
+  class Logger < ::Logger
+    include Singleton
+
+    def initialize
+      super($stdout)
+
+      self.formatter = proc do |_severity, _datetime, _progname, msg|
+        "#{msg}\n"
+      end
+
+      self.level = Logger::INFO
+    end
+
+    def debug(value)
+      self.level = value ? Logger::DEBUG : Logger::INFO
+    end
+
+    module Helper
+      def log(level, message, log_options = {})
+        global_option = @options || {}
+        message = "[#{level.to_s.upcase}] #{message}" unless level == :info
+        message << ' (dry-run)' if global_option[:dry_run]
+        message = message.send(log_options[:color]) if log_options[:color]
+        logger = global_option[:logger] || Acmaker::Logger.instance
+        logger.send(level, message)
+      end
+    end
+  end
+end

data/lib/acmaker/utils.rb

@@ -0,0 +1,25 @@
+module Acmaker
+  module Utils
+    module Helper
+      def matched?(name)
+        if @options[:target]
+          @options[:target] =~ name
+        else
+          true
+        end
+      end
+
+      def diff(obj1, obj2, options = {})
+        diffy = Diffy::Diff.new(
+          obj1.pretty_inspect,
+          obj2.pretty_inspect,
+          diff: '-u'
+        )
+
+        out = diffy.to_s(options[:color] ? :color : :text).gsub(/\s+\z/m, '')
+        out.gsub!(/^/, options[:indent]) if options[:indent]
+        out
+      end
+    end
+  end
+end

data/lib/acmaker/version.rb

@@ -0,0 +1,3 @@
+module Acmaker
+  VERSION = '0.1.0'.freeze
+end

metadata

@@ -0,0 +1,167 @@
+--- !ruby/object:Gem::Specification
+name: acmaker
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yuta Horii
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-06-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: diffy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: term-ansicolor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Acmaker is a tool to manage AWS Certificate Manager (ACM). It defines
+  the state of ACM using DSL, and updates ACM according to DSL.
+email:
+- horiyutwins@gmail.com
+executables:
+- acmaker
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- acmaker.gemspec
+- bin/console
+- bin/setup
+- exe/acmaker
+- lib/acmaker.rb
+- lib/acmaker/client.rb
+- lib/acmaker/driver.rb
+- lib/acmaker/dsl.rb
+- lib/acmaker/dsl/context.rb
+- lib/acmaker/dsl/converter.rb
+- lib/acmaker/exporter.rb
+- lib/acmaker/ext/string_ext.rb
+- lib/acmaker/logger.rb
+- lib/acmaker/utils.rb
+- lib/acmaker/version.rb
+homepage: https://github.com/yutadayo/acmaker
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Acmaker is a tool to manage AWS Certificate Manager (ACM).
+test_files: []