acmesmith-google-cloud-storage 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f75b4b821a87ef27b6f518fd08dd893dfaeb37c6
+  data.tar.gz: 0df9612218e5379c3818a643355d89e3e4eb2fb4
+SHA512:
+  metadata.gz: 71a2f9904d29d58f0a61ae921b042139600700aeeae721a3b15b022f70ac48c31e6402d5820742c452576b30adb459dc4c7a4c283e34d4d73b83d60070bbd0e8
+  data.tar.gz: 7968535f05faeafef1df9160dac5a7769ceb835823bc2d428e56421b6830a53655d743068875ced81b03915be400de2dbe7b32ecce5bbe08e2714862c47bcfa0

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.3.0
+before_install: gem install bundler -v 1.11.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in acmesmith-google-cloud-storage.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 YAMADA Tsuyoshi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# acmesmith-google-cloud-storage
+
+This gem is a plugin for [Acmesmith](https://github.com/sorah/acmesmith) and implements storage using [Google Cloud Storage](https://cloud.google.com/storage/)
+
+## Usage
+
+### Prerequisites
+
+ * You need to have service account of Google Cloud Platform to operate Google Cloud Storage via API.
+
+### Installation
+
+Install `acmesith-google-cloud-storage` gem along with `acmesmith`. You can just do `gem install acmesith-google-cloud-storage` or use Bundler if you want.
+
+### Configuration
+
+Use `google_cloud_storage` storage in your acmesmith.yml. General instructions about acmesmith.yml is available in the manual of Acmesmith.
+
+```yaml
+endpoint: https://acme-staging.api.letsencrypt.org/
+# endpoint: https://acme-v01.api.letsencrypt.org/ # productilon
+
+storage:
+  type: google_cloud_storage
+  bucket: 
+  prefix: 
+  compute_engine_service_account: true # (pick-one): You can use GCE VM instance scope
+  private_key_json_file: /path/to/credential.json # (pick-one) Only JSON key file is supported
+
+challenge_responders:
+  # configure how to respond ACME challenges; see the manual of Acmesmith.
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/acmesmith-google-cloud-storage.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'acmesmith-google-cloud-storage/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "acmesmith-google-cloud-storage"
+  spec.version       = AcmesmithGoogleCloudStorage::VERSION
+  spec.authors       = ["YAMADA Tsuyoshi"]
+  spec.email         = ["tyamada@minimum2scp.org"]
+
+  spec.summary       = %q{acmesmith plugin implementing google_cloud_storage storage}
+  spec.description   = %q{acmesmith plugin implementing google_cloud_storage storage}
+  spec.homepage      = "https://github.com/minimum2scp/acmesmith-google-cloud-storage"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "acmesmith"
+  spec.add_dependency "google-api-client", "~> 0.9.1"
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "acmesmith/google/cloud/storage"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/acmesmith-google-cloud-storage/version.rb

@@ -0,0 +1,3 @@
+module AcmesmithGoogleCloudStorage
+  VERSION = "0.1.0"
+end

data/lib/acmesmith/storages/google_cloud_storage.rb

@@ -0,0 +1,192 @@
+require 'acmesmith/storages/base'
+require 'acmesmith/account_key'
+require 'acmesmith/certificate'
+
+require 'google/apis/storage_v1'
+require 'open-uri'
+require 'stringio'
+
+module Acmesmith
+  module Storages
+    class GoogleCloudStorage < Base
+      attr_reader :bucket, :prefix, :compute_engine_service_account, :private_key_json_file
+
+      def initialize(bucket:, prefix:, compute_engine_service_account:nil, private_key_json_file:nil)
+        @bucket = bucket
+        @prefix = prefix
+        if @prefix && !@prefix.end_with?('/')
+          @prefix += '/'
+        end
+        @compute_engine_service_account = compute_engine_service_account
+        @private_key_json_file = private_key_json_file
+
+        @scope = 'https://www.googleapis.com/auth/devstorage.read_write'
+        @api = Google::Apis::StorageV1::StorageService.new
+        if @compute_engine_service_account
+          @api.authorization = Google::Auth.get_application_default(@scope)
+        elsif @private_key_json_file
+          credential = load_json_key(@private_key_json_file)
+          @api.authorization = Signet::OAuth2::Client.new(
+            token_credential_uri: "https://accounts.google.com/o/oauth2/token",
+            audience: "https://accounts.google.com/o/oauth2/token",
+            scope: @scope,
+            issuer: credential[:email_address],
+            signing_key: credential[:private_key])
+        else
+          raise "You need to specify authentication options (compute_engine_service_account or private_key_json_file)"
+        end
+        @api.authorization.fetch_access_token!
+      end
+
+      def get_account_key
+        obj = @api.get_object(bucket, account_key_key)
+        media = get_media(obj.media_link)
+        AccountKey.new media
+      rescue Google::Apis::ClientError => e
+        if e.status_code == 404
+          raise NotExist.new("Account key doesn't exist")
+        else
+          raise e
+        end
+      end
+
+      def account_key_exist?
+        begin
+          get_account_key
+        rescue NotExist
+          return false
+        else
+          return true
+        end
+      end
+
+      def put_account_key(key, passphrase = nil)
+        raise AlreadyExist if account_key_exist?
+        obj = Google::Apis::StorageV1::Object.new(
+          name: account_key_key,
+          content_type: 'application/x-pem-file'
+        )
+        @api.insert_object(bucket, obj, upload_source: StringIO.new(key.export(passphrase)))
+      end
+
+      def put_certificate(cert, passphrase = nil, update_current: true)
+        h = cert.export(passphrase)
+
+        put = -> (key, body) do
+          obj = Google::Apis::StorageV1::Object.new(
+            name: key,
+            content_type: 'application/x-pem-file',
+          )
+          @api.insert_object(bucket, obj, upload_source: StringIO.new(body))
+        end
+
+        put.call certificate_key(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n"
+        put.call chain_key(cert.common_name, cert.version), "#{h[:chain].rstrip}\n"
+        put.call fullchain_key(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n"
+        put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n"
+
+        if update_current
+          @api.insert_object(
+            bucket,
+            Google::Apis::StorageV1::Object.new(name: certificate_current_key(cert.common_name), content_type: 'text/plain'),
+            upload_source: StringIO.new(cert.version),
+          )
+        end
+      end
+
+      def get_certificate(common_name, version: 'current')
+        version = certificate_current(common_name) if version == 'current'
+
+        certificate = get_media(@api.get_object(bucket, certificate_key(common_name, version)).media_link)
+        chain       = get_media(@api.get_object(bucket, chain_key(common_name, version)).media_link)
+        private_key = get_media(@api.get_object(bucket, private_key_key(common_name, version)).media_link)
+        Certificate.new(certificate, chain, private_key)
+      rescue Google::Apis::ClientError => e
+        if e.status_code == 404
+          raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
+        else
+          raise e
+        end
+      end
+
+      def list_certificates
+        certs_prefix = "#{prefix}certs/"
+        objects = @api.fetch_all do |token, s|
+          s.list_objects(bucket, prefix: certs_prefix, page_token: token)
+        end
+        objects.map{ |obj|
+          regexp = /\A#{Regexp.escape(certs_prefix)}/
+          obj.name.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '')
+        }.uniq
+      end
+
+      def list_certificate_versions(common_name)
+        cert_ver_prefix = "#{prefix}certs/#{common_name}/"
+        objects = @api.fetch_all do |token, s|
+          s.list_objects(bucket, prefix: cert_ver_prefix, page_token: token)
+        end
+        objects.map { |obj|
+          regexp = /\A#{Regexp.escape(cert_ver_prefix)}/
+          obj.name.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '')
+        }.uniq.reject { |_| _ == 'current' }
+      end
+
+      def get_current_certificate_version(common_name)
+        certificate_current(common_name)
+      end
+
+      private
+
+      def account_key_key
+        "#{prefix}account.pem"
+      end
+
+      def certificate_base_key(cn, ver)
+        "#{prefix}certs/#{cn}/#{ver}"
+      end
+
+      def certificate_current_key(cn)
+        certificate_base_key(cn, 'current')
+      end
+
+      def certificate_current(cn)
+        obj = @api.get_object(bucket, certificate_current_key(cn))
+        get_media(obj.media_link).chomp
+      rescue Google::Apis::ClientError => e
+        if e.status_code == 404
+          raise NotExist.new("Certificate for #{cn.inspect} of current version doesn't exist")
+        else
+          raise e
+        end
+      end
+
+      def certificate_key(cn, ver)
+        "#{certificate_base_key(cn, ver)}/cert.pem"
+      end
+
+      def private_key_key(cn, ver)
+        "#{certificate_base_key(cn, ver)}/key.pem"
+      end
+
+      def chain_key(cn, ver)
+        "#{certificate_base_key(cn, ver)}/chain.pem"
+      end
+
+      def fullchain_key(cn, ver)
+        "#{certificate_base_key(cn, ver)}/fullchain.pem"
+      end
+
+      def get_media(media_link)
+        open(media_link, {'Authorization' => "Bearer #{@api.authorization.access_token}"}).read
+      end
+
+      def load_json_key(filepath)
+        obj = JSON.parse(File.read(filepath))
+        {
+          email_address: obj["client_email"],
+          private_key: OpenSSL::PKey.read(obj["private_key"]),
+        }
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,126 @@
+--- !ruby/object:Gem::Specification
+name: acmesmith-google-cloud-storage
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- YAMADA Tsuyoshi
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-03-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: acmesmith
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: google-api-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: acmesmith plugin implementing google_cloud_storage storage
+email:
+- tyamada@minimum2scp.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- acmesmith-google-cloud-storage.gemspec
+- bin/console
+- bin/setup
+- lib/acmesmith-google-cloud-storage/version.rb
+- lib/acmesmith/storages/google_cloud_storage.rb
+homepage: https://github.com/minimum2scp/acmesmith-google-cloud-storage
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: acmesmith plugin implementing google_cloud_storage storage
+test_files: []