acmesmith 0.7.0.beta1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c4a9da6141839cd8a3b4850091f05ab7e024a252
-  data.tar.gz: 64807174e4ee28afd2a4be93d7ae8cbcdcf8cde1
+  metadata.gz: 51baf45477f91b7ca8981c3e8da445348f44528f
+  data.tar.gz: 7ec32294fede6b7dd89e6f651e25dcb967d6a878
 SHA512:
-  metadata.gz: 1be84d5808225cf30cd6dc324a4a7924f1dacfdb310cc5872e7bdfa74d12ef93e7de5c234ba9ad4fe0679ce03ded44e832a66065544cb9dd808360fb7da4e5a3
-  data.tar.gz: 549065d60f3774ab1ef4be20da4b90d4f02f0e7b13af912b62128c65026ae5c1fb76880754251a3b69a929fe2d3a1581c8d09f5a8184829c57c33e317d875d4c
+  metadata.gz: 2deb54d234db5b03fa4b989e84b31a199973896daae57d8da3353e829f0dec3c094332837bebaba2dc9f1597a36d6516aa7da009352d66170c4b045d50e26d86
+  data.tar.gz: 4764a56467552cf763878b1857ef5989a2162cbb3013a1e28aa7ed3f343e849bb02cb6470414dbfc6af0073b7dfb86172d98847237b6bcd9b4a9fb58cbc9e967

data/README.md

@@ -146,7 +146,9 @@ when a new certificate has been succesfully issued. The hooks are
 sequentially executed in the same order as they are configured, and they
 are configurable per certificate's common-name.
 
-Currently `shell` action is available out of the box. It sets `COMMON_NAME` environment variable for use in a script.
+#### `shell`
+
+Execute specified command on a shell. Environment variable `${COMMON_NAME}` is available.
 
 ```
 post_issueing_hooks:
@@ -160,6 +162,21 @@ post_issueing_hooks:
         command: /usr/bin/dosomethingelse ${COMMON_NAME}
 ```
 
+### `acm`
+
+Import certificate into AWS ACM.
+
+```
+post_issueing_hooks:
+  "test.example.com":
+    - acm:
+        region: us-east-1 # required
+        certificate_arn: arn:aws:acm:... # (optional)
+```
+
+When `certificate_arn` is not present, `acm` hook attempts to find the certificate ARN from existing certificate list. Certificate with same common name ("domain name" on ACM), and `Acmesmith` tag
+ will be used. Otherwise, `acm` hook imports as a new certificate with `Acmesmith` tag.
+
 ## 3rd party Plugins
 
 ### Challenge responders

data/lib/acmesmith/client.rb

@@ -98,17 +98,15 @@ module Acmesmith
       cert = Certificate.from_acme_client_certificate(acme_cert)
       storage.put_certificate(cert, certificate_key_passphrase)
 
-      execute_post_issue_hooks(common_name)
-      
+      execute_post_issue_hooks(cert)
+
       cert
     end
 
-    def execute_post_issue_hooks(common_name)
-      post_issues_hooks_for_common_name = config.post_issueing_hooks(common_name)
-      if post_issues_hooks_for_common_name
-        post_issues_hooks_for_common_name.each do |hook|
-          hook.execute
-        end
+    def execute_post_issue_hooks(certificate)
+      hooks = config.post_issueing_hooks(certificate.common_name)
+      hooks.each do |hook|
+        hook.run(certificate: certificate)
       end
     end
 

data/lib/acmesmith/config.rb

@@ -52,16 +52,15 @@ module Acmesmith
     end
 
     def post_issueing_hooks(common_name)
-      @post_issueing_hooks ||= begin
-        if @config.key?('post_issueing_hooks') && @config['post_issueing_hooks'].key?(common_name)
-          specs = @config['post_issueing_hooks'][common_name]
-          specs.flat_map do |specs_sub|
-            specs_sub[specs_sub.flatten[0]]['common_name'] = common_name
-            specs_sub.map do |k, v|
-              PostIssueingHooks.find(k).new(**v.map{ |k_,v_| [k_.to_sym, v_]}.to_h)
-            end
+      if @config.key?('post_issueing_hooks') && @config['post_issueing_hooks'].key?(common_name)
+        specs = @config['post_issueing_hooks'][common_name]
+        specs.flat_map do |specs_sub|
+          specs_sub.map do |k, v|
+            PostIssueingHooks.find(k).new(**v.map{ |k_,v_| [k_.to_sym, v_]}.to_h)
           end
         end
+      else
+        []
       end
     end
 

data/lib/acmesmith/post_issueing_hooks/acm.rb

@@ -0,0 +1,65 @@
+require 'aws-sdk'
+require 'acmesmith/post_issueing_hooks/base'
+
+module Acmesmith
+  module PostIssueingHooks
+    class Acm < Base
+      def initialize(certificate_arn: nil, region:)
+        @certificate_arn = certificate_arn
+        @certificate_arn_set = true if @certificate_arn
+        @region = region
+      end
+
+      attr_reader :region
+
+      def certificate_arn
+        return @certificate_arn if @certificate_arn_set
+        @certificate_arn ||= find_certificate_arn
+        @certificate_arn_set = true
+        @certificate_arn
+      end
+
+      def find_certificate_arn
+        acm.list_certificates().each do |page|
+          page.certificate_summary_list.each do |summary|
+            if summary.domain_name == common_name
+              tags = acm.list_tags_for_certificate(certificate_arn: summary.certificate_arn).tags
+              if tags.find{ |_| _.key == 'Acmesmith' }
+                return summary.certificate_arn
+              end
+            end
+          end
+        end
+      end
+
+      def acm
+        @acm ||= Aws::ACM::Client.new(region: region)
+      end
+
+      def execute
+        puts "=> Importing certificate CN=#{common_name} into AWS ACM (region=#{region})"
+        if certificate_arn
+          puts " * updating ARN: #{certificate_arn}"
+        else
+          puts " * Importing as as new certificate"
+        end
+
+        resp = acm.import_certificate(
+          {
+            certificate: certificate.certificate.to_pem,
+            private_key: certificate.private_key.to_pem,
+            certificate_chain: certificate.chain,
+          }.merge(certificate_arn ? {certificate_arn: certificate_arn} : {})
+        )
+        unless certificate_arn
+          puts " * ARN: #{resp.certificate_arn}"
+        end
+
+        acm.add_tags_to_certificate(
+          certificate_arn: resp.certificate_arn,
+          tags: [key: 'Acmesmith', value: '1'],
+        )
+      end
+    end
+  end
+end

data/lib/acmesmith/post_issueing_hooks/base.rb

@@ -1,13 +1,20 @@
 module Acmesmith
   module PostIssueingHooks
     class Base
-      def initialize
+      attr_reader :certificate
+
+      def common_name
+        certificate.common_name
       end
 
-      def execute(domain)
-        raise NotImplementedError
+      def run(certificate:)
+        @certificate = certificate
+        execute
       end
 
+      def execute
+        raise NotImplementedError
+      end
     end
   end
 end

data/lib/acmesmith/post_issueing_hooks/shell.rb

@@ -4,27 +4,22 @@ require 'acmesmith/post_issueing_hooks/base'
 module Acmesmith
   module PostIssueingHooks
     class Shell < Base
-      class HostedZoneNotFound < StandardError; end
-      class AmbiguousHostedZones < StandardError; end
-
-      def initialize(common_name:, command:, ignore_failure:false)
-        @common_name = common_name
+      def initialize(command:, ignore_failure: false)
         @command = command
         @ignore_failure = ignore_failure
       end
 
       def execute
-        puts "=> Executing Post Issueing Hook for #{@common_name} in #{self.class.name}"
-        puts "=> ENV: COMMON_NAME=#{@common_name}"
-        puts "=> Running: #{@command}"
+        puts "=> Executing Post Issueing Hook for #{common_name} in #{self.class.name}"
+        puts " $ #{@command}"
 
-        status = system({"COMMON_NAME" => @common_name}, "#{@command};")
+        status = system({"COMMON_NAME" => common_name}, @command)
 
         unless status
           if @ignore_failure
-            $stderr.puts "WARNING, command failed"
+            $stderr.puts " ! execution failed"
           else
-            raise "FATAL, command failed"
+            raise "Execution failed"
           end
         end
       end

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "0.7.0.beta1"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 0.7.0.beta1
+  version: 0.8.0
 platform: ruby
 authors:
 - sorah (Shota Fukumori)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-03 00:00:00.000000000 Z
+date: 2017-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -128,6 +128,7 @@ files:
 - lib/acmesmith/command.rb
 - lib/acmesmith/config.rb
 - lib/acmesmith/post_issueing_hooks.rb
+- lib/acmesmith/post_issueing_hooks/acm.rb
 - lib/acmesmith/post_issueing_hooks/base.rb
 - lib/acmesmith/post_issueing_hooks/shell.rb
 - lib/acmesmith/storages.rb
@@ -153,9 +154,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.6.11