acmesmith 0.4.2 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +25 -5
- data/lib/acmesmith/command.rb +19 -1
- data/lib/acmesmith/config.rb +16 -1
- data/lib/acmesmith/post_issueing_hooks/base.rb +14 -0
- data/lib/acmesmith/post_issueing_hooks/shell.rb +33 -0
- data/lib/acmesmith/post_issueing_hooks.rb +9 -0
- data/lib/acmesmith/version.rb +1 -1
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: acb392ec6aa3ec962ef269435f61e0eee59191bb
|
|
4
|
+
data.tar.gz: 54e3498de72de66e12af34fd7cdeafeb0aad6530
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c9d77926eb2cca01db936ac89cacdf6b71779f743c0af3dbeeeb43af781bb62f065e20e65b0e44fdfc93a2c0f4c84f9a597d112c1d482cf645d45495170d6b7
|
|
7
|
+
data.tar.gz: 2ca4345dc71166a781b58e869c4fb3dd086f29fb118c3d54d1329be2c28810ea1901d6ca1389ff0ca2476769a18f3abfb2b0040f032836a713505dbb2ae85822
|
data/README.md
CHANGED
|
@@ -10,12 +10,10 @@ This tool is written in Ruby, but Acmesmith saves certificates in simple scheme,
|
|
|
10
10
|
- ACME registration, domain authorization, certificate requests
|
|
11
11
|
- Tested against [Let's encrypt](https://letsencrypt.org)
|
|
12
12
|
- Storing keys in several ways
|
|
13
|
-
- Currently AWS S3 is supported
|
|
14
13
|
- Challenge response
|
|
15
|
-
|
|
16
|
-
-
|
|
17
|
-
-
|
|
18
|
-
- Challenge reponses for other than AWS Route53 or dns-01 challenges, like for Openstack DNSaaS.
|
|
14
|
+
- Many cloud services support
|
|
15
|
+
- AWS S3 storage and Route53 `dns-01` responder support out-of-the-box
|
|
16
|
+
- 3rd party plugins available for OpenStack designate, Google Cloud DNS, simple http-01, and Google Cloud Storage. See [Plugins](#3rd-party-plugins) below
|
|
19
17
|
|
|
20
18
|
### Planned
|
|
21
19
|
|
|
@@ -141,12 +139,34 @@ challenge_responders:
|
|
|
141
139
|
# "example.org.": "/hostedzone/DEADBEEF"
|
|
142
140
|
```
|
|
143
141
|
|
|
142
|
+
### Post Issueing Hooks
|
|
143
|
+
|
|
144
|
+
Post issueing hooks are configurable actions that are executed
|
|
145
|
+
when a new certificate has been succesfully issued. The hooks are
|
|
146
|
+
sequentially executed in the same order as they are configured, and they
|
|
147
|
+
are configurable per certificate's common-name.
|
|
148
|
+
|
|
149
|
+
Currently `shell` action is available out of the box. It sets `COMMON_NAME` environment variable for use in a script.
|
|
150
|
+
|
|
151
|
+
```
|
|
152
|
+
post_issueing_hooks:
|
|
153
|
+
"test.example.com":
|
|
154
|
+
- shell:
|
|
155
|
+
command: mail -s "New cert for ${COMMON_NAME} has been issued" user@example.com < /dev/null
|
|
156
|
+
- shell:
|
|
157
|
+
command: touch /tmp/certs-has-been-issued-${COMMON_NAME}
|
|
158
|
+
"admin.example.com":
|
|
159
|
+
- shell:
|
|
160
|
+
command: /usr/bin/dosomethingelse ${COMMON_NAME}
|
|
161
|
+
```
|
|
162
|
+
|
|
144
163
|
## 3rd party Plugins
|
|
145
164
|
|
|
146
165
|
### Challenge responders
|
|
147
166
|
|
|
148
167
|
- [hanazuki/acmesmith-designate](https://github.com/hanazuki/acmesmith-designate) `dns-01` challenge responder with OpenStack-based DNSaaS (Designate v1 API), e.g. for ConoHa.
|
|
149
168
|
- [nagachika/acmesmith-google-cloud-dns](https://github.com/nagachika/acmesmith-google-cloud-dns) `dns-01` challenge responder with [Google Cloud DNS](https://cloud.google.com/dns/).
|
|
169
|
+
- [mipmip/acmesmith-http-path](https://github.com/mipmip/acmesmith-http-path) - `http-01` challenge reponder if you have write access to the vhost server root.
|
|
150
170
|
|
|
151
171
|
### Storage
|
|
152
172
|
|
data/lib/acmesmith/command.rb
CHANGED
|
@@ -64,7 +64,15 @@ module Acmesmith
|
|
|
64
64
|
|
|
65
65
|
puts cert.certificate.to_text
|
|
66
66
|
puts cert.certificate.to_pem
|
|
67
|
+
|
|
68
|
+
execute_post_issue_hooks(common_name)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
desc "post-issue-hooks COMMON_NAME", "Run all post-issueing hooks for common name. (for testing purpose)"
|
|
72
|
+
def post_issue_hooks(common_name)
|
|
73
|
+
execute_post_issue_hooks(common_name)
|
|
67
74
|
end
|
|
75
|
+
map 'post-issue-hooks' => :post_issue_hooks
|
|
68
76
|
|
|
69
77
|
desc "list [COMMON_NAME]", "list certificates or its versions"
|
|
70
78
|
def list(common_name = nil)
|
|
@@ -156,7 +164,7 @@ module Acmesmith
|
|
|
156
164
|
end
|
|
157
165
|
|
|
158
166
|
desc "autorenew", "request renewal of certificates which expires soon"
|
|
159
|
-
method_option :days, aliases: %w(-d), default: 7, desc: 'specify threshold in days to select certificates to renew'
|
|
167
|
+
method_option :days, type: :numeric, aliases: %w(-d), default: 7, desc: 'specify threshold in days to select certificates to renew'
|
|
160
168
|
def autorenew
|
|
161
169
|
storage.list_certificates.each do |cn|
|
|
162
170
|
puts "=> #{cn}"
|
|
@@ -214,5 +222,15 @@ module Acmesmith
|
|
|
214
222
|
config['account_key_passphrase']
|
|
215
223
|
end
|
|
216
224
|
end
|
|
225
|
+
|
|
226
|
+
def execute_post_issue_hooks(common_name)
|
|
227
|
+
post_issues_hooks_for_common_name = config.post_issueing_hooks(common_name)
|
|
228
|
+
if post_issues_hooks_for_common_name
|
|
229
|
+
post_issues_hooks_for_common_name.each do |hook|
|
|
230
|
+
hook.execute
|
|
231
|
+
end
|
|
232
|
+
end
|
|
233
|
+
end
|
|
234
|
+
|
|
217
235
|
end
|
|
218
236
|
end
|
data/lib/acmesmith/config.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'yaml'
|
|
2
2
|
require 'acmesmith/storages'
|
|
3
3
|
require 'acmesmith/challenge_responders'
|
|
4
|
+
require 'acmesmith/post_issueing_hooks'
|
|
4
5
|
|
|
5
6
|
module Acmesmith
|
|
6
7
|
class Config
|
|
@@ -42,8 +43,22 @@ module Acmesmith
|
|
|
42
43
|
end
|
|
43
44
|
end
|
|
44
45
|
|
|
46
|
+
def post_issueing_hooks(common_name)
|
|
47
|
+
@post_issueing_hooks ||= begin
|
|
48
|
+
if @config.key?('post_issueing_hooks') && @config['post_issueing_hooks'].key?(common_name)
|
|
49
|
+
specs = @config['post_issueing_hooks'][common_name]
|
|
50
|
+
specs.flat_map do |specs_sub|
|
|
51
|
+
specs_sub[specs_sub.flatten[0]]['common_name'] = common_name
|
|
52
|
+
specs_sub.map do |k, v|
|
|
53
|
+
PostIssueingHooks.find(k).new(**v.map{ |k_,v_| [k_.to_sym, v_]}.to_h)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
45
60
|
def challenge_responders
|
|
46
|
-
@
|
|
61
|
+
@challenge_responders ||= begin
|
|
47
62
|
specs = @config['challenge_responders'].kind_of?(Hash) ? @config['challenge_responders'].map { |k,v| [k => v] } : @config['challenge_responders']
|
|
48
63
|
specs.flat_map do |specs_sub|
|
|
49
64
|
specs_sub.map do |k, v|
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'open3'
|
|
2
|
+
require 'acmesmith/post_issueing_hooks/base'
|
|
3
|
+
|
|
4
|
+
module Acmesmith
|
|
5
|
+
module PostIssueingHooks
|
|
6
|
+
class Shell < Base
|
|
7
|
+
class HostedZoneNotFound < StandardError; end
|
|
8
|
+
class AmbiguousHostedZones < StandardError; end
|
|
9
|
+
|
|
10
|
+
def initialize(common_name:, command:, ignore_failure:false)
|
|
11
|
+
@common_name = common_name
|
|
12
|
+
@command = command
|
|
13
|
+
@ignore_failure = ignore_failure
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def execute
|
|
17
|
+
puts "=> Executing Post Issueing Hook for #{@common_name} in #{self.class.name}"
|
|
18
|
+
puts "=> ENV: COMMON_NAME=#{@common_name}"
|
|
19
|
+
puts "=> Running: #{@command}"
|
|
20
|
+
|
|
21
|
+
status = system({"COMMON_NAME" => @common_name}, "#{@command};")
|
|
22
|
+
|
|
23
|
+
unless status
|
|
24
|
+
if @ignore_failure
|
|
25
|
+
$stderr.puts "WARNING, command failed"
|
|
26
|
+
else
|
|
27
|
+
raise "FATAL, command failed"
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/lib/acmesmith/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acmesmith
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- sorah (Shota Fukumori)
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|
|
@@ -126,6 +126,9 @@ files:
|
|
|
126
126
|
- lib/acmesmith/challenge_responders/route53.rb
|
|
127
127
|
- lib/acmesmith/command.rb
|
|
128
128
|
- lib/acmesmith/config.rb
|
|
129
|
+
- lib/acmesmith/post_issueing_hooks.rb
|
|
130
|
+
- lib/acmesmith/post_issueing_hooks/base.rb
|
|
131
|
+
- lib/acmesmith/post_issueing_hooks/shell.rb
|
|
129
132
|
- lib/acmesmith/storages.rb
|
|
130
133
|
- lib/acmesmith/storages/base.rb
|
|
131
134
|
- lib/acmesmith/storages/filesystem.rb
|
|
@@ -154,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
154
157
|
version: '0'
|
|
155
158
|
requirements: []
|
|
156
159
|
rubyforge_project:
|
|
157
|
-
rubygems_version: 2.6.
|
|
160
|
+
rubygems_version: 2.6.8
|
|
158
161
|
signing_key:
|
|
159
162
|
specification_version: 4
|
|
160
163
|
summary: ACME client (Let's encrypt client) to manage certificate in multi server
|