bullion 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +2 -2
  4. data/lib/bullion.rb +1 -1
  5. data/lib/bullion/challenge_clients/dns.rb +24 -15
  6. data/lib/bullion/version.rb +2 -2
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 593707ee0875636704bc97eb1a384705165b91df8df9603f579f3ec0520604a4
4
- data.tar.gz: f4605392c33a44eb1a39e06ec1a1bfb72b1746a8120eadfd9064cdf1dfb554a4
3
+ metadata.gz: 8733df57bd7abe9e12c46001165fad25429956ca243f4f0a91aea4a306b59d3d
4
+ data.tar.gz: 91a0941eebf4e61c807301c16cfe0d9ebc1d965bfd573b8b89ad2e43a0a1206c
5
5
  SHA512:
6
- metadata.gz: 77a51b885d00586cf3550aad568687652b84c8072904144ccf2fe185ed0c04126036337c06f5f8a6719e19a6a62159ea496133af4c9894fe0327ab4cbcb2eb04
7
- data.tar.gz: 9d393200ce899d507489b76c0a0093b9547230958ea3a0bebf7be33e88ada915f9a76a5f232416095fc1acae77cd45bb6863248a523942d49f9c380f539002ac
6
+ metadata.gz: 1d61ea6623bf7c2ba97fa1e7b71712cdebaa8dc7580a6a4f7788eaf51fe92a9218e4b2f89a4a48425772f86f9e2e2af22f166b536c5d64756ccc3ed4c2db8f4d
7
+ data.tar.gz: 496eb52624bc02f15ce0f51833d6435d4e157c3f8ba05052231d1e50b0eb14eade65d4eb6ccc7f870d7753cdc01bc0cafcfbc3d4dccb618aeee6d3e76355d2b9
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- bullion (0.1.3)
4
+ bullion (0.2.0)
5
5
  httparty (~> 0.18)
6
6
  json (~> 2.5)
7
7
  jwt (~> 1.5)
data/README.md CHANGED
@@ -36,8 +36,8 @@ Whether run locally or via Docker, the following environment variables configure
36
36
  | `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
37
37
  | `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
38
38
  | `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
39
- | `DATABASE_URL` | _None_ | A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
40
- | `DNS01_NAMESERVERS` | `8.8.8.8` | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. |
39
+ | `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
40
+ | `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
41
41
  | `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
42
42
  | `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
43
43
  | `MIN_THREADS` | `2` | Minimum number of [Puma](https://puma.io/) threads for processing requests. |
data/lib/bullion.rb CHANGED
@@ -51,7 +51,7 @@ module Bullion
51
51
  }
52
52
  DB_CONNECTION_SETTINGS.freeze
53
53
 
54
- NAMESERVERS = ENV.fetch('DNS01_NAMESERVERS', '8.8.8.8').split(',')
54
+ NAMESERVERS = ENV.fetch('DNS01_NAMESERVERS', '').split(',')
55
55
 
56
56
  MetricsRegistry = Prometheus::Client.registry
57
57
 
data/lib/bullion/challenge_clients/dns.rb CHANGED
@@ -26,22 +26,31 @@ module Bullion
26
26
  # Randomly select a nameserver to pull the TXT record
27
27
  nameserver = NAMESERVERS.sample
28
28
 
29
- begin
30
- records = Resolv::DNS.open(nameserver: nameserver) do |dns|
31
- dns.getresources(
32
- name,
33
- Resolv::DNS::Resource::IN::TXT
34
- )
29
+ records = records_for(name, nameserver)
30
+ record = records.map(&:strings).flatten.first
31
+ LOGGER.debug "Resolved #{name} to value #{record}"
32
+ record
33
+ rescue Resolv::ResolvError
34
+ msg = ["Resolution error for #{name}"]
35
+ msg << "via #{nameserver}" if nameserver
36
+ LOGGER.info msg.join(' ')
37
+ false
38
+ rescue StandardError => e
39
+ msg = ["Error '#{e.message}' for #{name}"]
40
+ msg << "with #{nameserver}" if nameserver
41
+ LOGGER.warn msg.join(' ')
42
+ false
43
+ end
44
+
45
+ def records_for(name, nameserver = nil)
46
+ if nameserver
47
+ Resolv::DNS.open(nameserver: nameserver) do |dns|
48
+ dns.getresources(name, Resolv::DNS::Resource::IN::TXT)
49
+ end
50
+ else
51
+ Resolv::DNS.open do |dns|
52
+ dns.getresources(name, Resolv::DNS::Resource::IN::TXT)
35
53
  end
36
- record = records.map(&:strings).flatten.first
37
- LOGGER.debug "Resolved #{name} to value #{record}"
38
- record
39
- rescue Resolv::ResolvError
40
- LOGGER.info "Resolution error for #{name} via #{nameserver}"
41
- false
42
- rescue StandardError => e
43
- LOGGER.warn "Error '#{e.message}' for #{name} with #{nameserver}"
44
- false
45
54
  end
46
55
  end
47
56
  end
data/lib/bullion/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Bullion
4
4
  VERSION = [
5
5
  0, # major
6
- 1, # minor
7
- 3 # patch
6
+ 2, # minor
7
+ 0 # patch
8
8
  ].join('.')
9
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bullion
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Gnagy
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-01-14 00:00:00.000000000 Z
11
+ date: 2021-01-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: httparty