certman 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +30 -23
- data/exe/certman +0 -1
- data/lib/certman/cli.rb +4 -1
- data/lib/certman/client.rb +63 -35
- data/lib/certman/log.rb +1 -1
- data/lib/certman/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0e408e374e023b020b14823efde18c02ecda7e96
|
4
|
+
data.tar.gz: 974e04dcadccb2b152bcd06eb639ad59e2a4ba1e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60fbd45d48957f144aa4a6e13d278f3da882fc66e50b26edcaaeccb3ad07d18fbd3d6bdec7402e6c1bb176b84672fa06da2001fcd69964c591996f283a6e241c
|
7
|
+
data.tar.gz: a4a22c9cd126403dd09c6b37af8d7f7debaee67ba8f6f64391f0597185c7fe98341fde19d4f0b867d8cb000f1c3913704b8f31b5f487c084707e1a939a4b0213
|
data/README.md
CHANGED
@@ -28,35 +28,42 @@ $ gem install certman
|
|
28
28
|
|
29
29
|
```sh
|
30
30
|
$ certman request blog.example.com
|
31
|
-
NOTICE!
|
31
|
+
NOTICE! Your selected region is *ap-northeast-1*. Certman create certificate on *ap-northeast-1*. OK? Yes
|
32
|
+
NOTICE! Certman use *us-east-1* S3/SES. OK? Yes
|
32
33
|
NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK? Yes
|
33
|
-
[✔] [ACM] Check Certificate (successfull)
|
34
|
-
[✔] [Route53] Check Hosted Zone (successfull)
|
35
|
-
[✔] [Route53] Check TXT Record (successfull)
|
36
|
-
[✔] [Route53] Check MX Record (successfull)
|
37
|
-
[✔] [S3] Create Bucket for SES inbound (successfull)
|
38
|
-
[✔] [SES] Create Domain Identity (successfull)
|
39
|
-
[✔] [Route53] Create TXT Record Set to verify Domain Identity (successfull)
|
40
|
-
[✔] [SES] Check Domain Identity Status *verified* (successfull)
|
41
|
-
[✔] [Route53] Create MX Record Set (successfull)
|
42
|
-
[✔] [SES] Create Receipt Rule Set (successfull)
|
43
|
-
[✔] [SES] Create Receipt Rule (successfull)
|
44
|
-
[✔] [SES] Replace Active Receipt Rule Set (successfull)
|
45
|
-
[✔] [ACM] Request Certificate (successfull)
|
46
|
-
[✔] [S3] Check approval mail (will take about 30 min) (successfull)
|
47
|
-
[✔] [SES] Revert Active Receipt Rule Set (successfull)
|
48
|
-
[✔] [SES] Delete Receipt Rule (successfull)
|
49
|
-
[✔] [SES] Delete Receipt Rule Set (successfull)
|
50
|
-
[✔] [Route53] Delete MX Record Set (successfull)
|
51
|
-
[✔] [Route53] Delete TXT Record Set (successfull)
|
52
|
-
[✔] [SES] Delete Verified Domain Identiry (successfull)
|
53
|
-
[✔] [S3] Delete Bucket (successfull)
|
34
|
+
[✔] [ACM] Check Certificate (ap-northeast-1) (successfull)
|
35
|
+
[✔] [Route53] Check Hosted Zone (ap-northeast-1) (successfull)
|
36
|
+
[✔] [Route53] Check TXT Record (ap-northeast-1) (successfull)
|
37
|
+
[✔] [Route53] Check MX Record (ap-northeast-1) (successfull)
|
38
|
+
[✔] [S3] Create Bucket for SES inbound (us-east-1) (successfull)
|
39
|
+
[✔] [SES] Create Domain Identity (us-east-1) (successfull)
|
40
|
+
[✔] [Route53] Create TXT Record Set to verify Domain Identity (ap-northeast-1) (successfull)
|
41
|
+
[✔] [SES] Check Domain Identity Status *verified* (us-east-1) (successfull)
|
42
|
+
[✔] [Route53] Create MX Record Set (ap-northeast-1) (successfull)
|
43
|
+
[✔] [SES] Create Receipt Rule Set (us-east-1) (successfull)
|
44
|
+
[✔] [SES] Create Receipt Rule (us-east-1) (successfull)
|
45
|
+
[✔] [SES] Replace Active Receipt Rule Set (us-east-1) (successfull)
|
46
|
+
[✔] [ACM] Request Certificate (ap-northeast-1) (successfull)
|
47
|
+
[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (successfull)
|
48
|
+
[✔] [SES] Revert Active Receipt Rule Set (us-east-1) (successfull)
|
49
|
+
[✔] [SES] Delete Receipt Rule (us-east-1) (successfull)
|
50
|
+
[✔] [SES] Delete Receipt Rule Set (us-east-1) (successfull)
|
51
|
+
[✔] [Route53] Delete MX Record Set (ap-northeast-1) (successfull)
|
52
|
+
[✔] [Route53] Delete TXT Record Set (ap-northeast-1) (successfull)
|
53
|
+
[✔] [SES] Delete Verified Domain Identiry (us-east-1) (successfull)
|
54
|
+
[✔] [S3] Delete Bucket (us-east-1) (successfull)
|
54
55
|
Done.
|
55
56
|
|
56
|
-
certificate_arn: arn:aws:acm:
|
57
|
+
certificate_arn: arn:aws:acm:ap-northeast-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01
|
57
58
|
|
58
59
|
```
|
59
60
|
|
61
|
+
#### Remain Resources
|
62
|
+
|
63
|
+
If you want to remain resources, use `--remain-resources` option.
|
64
|
+
|
65
|
+
(see http://docs.aws.amazon.com/ja_jp/acm/latest/userguide/managed-renewal.html#how-manual-domain-validation-works)
|
66
|
+
|
60
67
|
### Delete Certificate
|
61
68
|
|
62
69
|
```sh
|
data/exe/certman
CHANGED
data/lib/certman/cli.rb
CHANGED
@@ -5,7 +5,10 @@ module Certman
|
|
5
5
|
def request(domain)
|
6
6
|
pastel = Pastel.new
|
7
7
|
prompt = TTY::Prompt.new
|
8
|
-
return unless prompt.yes?(pastel.red(
|
8
|
+
return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
9
|
+
unless ['us-east-1', 'us-west-2', 'eu-west-1'].include?(Aws.config[:region])
|
10
|
+
return unless prompt.yes?(pastel.red('NOTICE! Certman use *us-east-1* S3/SES. OK?'))
|
11
|
+
end
|
9
12
|
return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
|
10
13
|
client = Certman::Client.new(domain)
|
11
14
|
Signal.trap(:INT) do
|
data/lib/certman/client.rb
CHANGED
@@ -16,44 +16,51 @@ module Certman
|
|
16
16
|
def request(remain_resources = false)
|
17
17
|
check_resource
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
19
|
+
enforce_region_to_us_east_1 do
|
20
|
+
step('[S3] Create Bucket for SES inbound', :s3_bucket) do
|
21
|
+
create_bucket
|
22
|
+
end
|
23
|
+
step('[SES] Create Domain Identity', :ses_domain_identity) do
|
24
|
+
create_domain_identity
|
25
|
+
end
|
25
26
|
end
|
26
27
|
|
27
28
|
step('[Route53] Create TXT Record Set to verify Domain Identity', :route53_txt) do
|
28
29
|
create_txt_rset
|
29
30
|
end
|
30
31
|
|
31
|
-
|
32
|
-
|
32
|
+
enforce_region_to_us_east_1 do
|
33
|
+
step('[SES] Check Domain Identity Status *verified*', nil) do
|
34
|
+
check_domain_identity_verified
|
35
|
+
end
|
33
36
|
end
|
34
37
|
|
35
38
|
step('[Route53] Create MX Record Set', :route53_mx) do
|
36
39
|
create_mx_rset
|
37
40
|
end
|
38
41
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
+
enforce_region_to_us_east_1 do
|
43
|
+
step('[SES] Create Receipt Rule Set', :ses_rule_set) do
|
44
|
+
create_rule_set
|
45
|
+
end
|
42
46
|
|
43
|
-
|
44
|
-
|
45
|
-
|
47
|
+
step('[SES] Create Receipt Rule', :ses_rule) do
|
48
|
+
create_rule
|
49
|
+
end
|
46
50
|
|
47
|
-
|
48
|
-
|
51
|
+
step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
|
52
|
+
replace_active_rule_set
|
53
|
+
end
|
49
54
|
end
|
50
55
|
|
51
56
|
step('[ACM] Request Certificate', :acm_certificate) do
|
52
57
|
request_certificate
|
53
58
|
end
|
54
59
|
|
55
|
-
|
56
|
-
|
60
|
+
enforce_region_to_us_east_1 do
|
61
|
+
step('[S3] Check approval mail (will take about 30 min)', nil) do
|
62
|
+
check_approval_mail
|
63
|
+
end
|
57
64
|
end
|
58
65
|
|
59
66
|
cleanup_resources if !remain_resources || @do_rollback
|
@@ -93,6 +100,15 @@ module Certman
|
|
93
100
|
|
94
101
|
private
|
95
102
|
|
103
|
+
def enforce_region_to_us_east_1
|
104
|
+
region = Aws.config[:region]
|
105
|
+
unless ['us-east-1', 'us-west-2', 'eu-west-1'].include?(Aws.config[:region])
|
106
|
+
Aws.config[:region] = 'us-east-1'
|
107
|
+
end
|
108
|
+
yield
|
109
|
+
Aws.config[:region] = region
|
110
|
+
end
|
111
|
+
|
96
112
|
def step(message, save)
|
97
113
|
return if @do_rollback
|
98
114
|
s = spinner(message)
|
@@ -100,8 +116,10 @@ module Certman
|
|
100
116
|
yield
|
101
117
|
@savepoint.push(save)
|
102
118
|
s.success
|
103
|
-
rescue
|
104
|
-
|
119
|
+
rescue => e
|
120
|
+
pastel = Pastel.new
|
121
|
+
puts ''
|
122
|
+
puts pastel.red("Error: #{e.message}")
|
105
123
|
@do_rollback = true
|
106
124
|
s.error
|
107
125
|
end
|
@@ -111,13 +129,17 @@ module Certman
|
|
111
129
|
@savepoint.reverse.each do |state|
|
112
130
|
case state
|
113
131
|
when :s3_bucket
|
114
|
-
|
115
|
-
|
116
|
-
|
132
|
+
enforce_region_to_us_east_1 do
|
133
|
+
s = spinner('[S3] Delete Bucket')
|
134
|
+
delete_bucket
|
135
|
+
s.success
|
136
|
+
end
|
117
137
|
when :ses_domain_identity
|
118
|
-
|
119
|
-
|
120
|
-
|
138
|
+
enforce_region_to_us_east_1 do
|
139
|
+
s = spinner('[SES] Delete Verified Domain Identiry')
|
140
|
+
delete_domain_identity
|
141
|
+
s.success
|
142
|
+
end
|
121
143
|
when :route53_txt
|
122
144
|
s = spinner('[Route53] Delete TXT Record Set')
|
123
145
|
delete_txt_rset
|
@@ -127,17 +149,23 @@ module Certman
|
|
127
149
|
delete_mx_rset
|
128
150
|
s.success
|
129
151
|
when :ses_rule_set
|
130
|
-
|
131
|
-
|
132
|
-
|
152
|
+
enforce_region_to_us_east_1 do
|
153
|
+
s = spinner('[SES] Delete Receipt Rule Set')
|
154
|
+
delete_rule_set
|
155
|
+
s.success
|
156
|
+
end
|
133
157
|
when :ses_rule
|
134
|
-
|
135
|
-
|
136
|
-
|
158
|
+
enforce_region_to_us_east_1 do
|
159
|
+
s = spinner('[SES] Delete Receipt Rule')
|
160
|
+
delete_rule
|
161
|
+
s.success
|
162
|
+
end
|
137
163
|
when :ses_replace_active_rule_set
|
138
|
-
|
139
|
-
|
140
|
-
|
164
|
+
enforce_region_to_us_east_1 do
|
165
|
+
s = spinner('[SES] Revert Active Receipt Rule Set')
|
166
|
+
revert_active_rue_set
|
167
|
+
s.success
|
168
|
+
end
|
141
169
|
end
|
142
170
|
end
|
143
171
|
end
|
data/lib/certman/log.rb
CHANGED
data/lib/certman/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: certman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-04-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|