certman 0.9.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0bc4ef169994ff88ad064ee325db79ccf2dbd7be
-  data.tar.gz: af026eb3d38e662dae8cb94b6cfc3836e31ebb36
+  metadata.gz: 7f528eceb5261f5389c61418696ea117effe198d
+  data.tar.gz: 4ba61d85165b8e6c294bcaa045e4086958bfc695
 SHA512:
-  metadata.gz: 2b988e395fd5373eb271de4f1d32ae41fcfcc0f51faeab245c864e2d6dddf0e93c00be1bebb830ec321d8668a2c95823ee2a26a93c797dc7b96fd2dcb3484e72
-  data.tar.gz: af9df5146dd99cbf1a5ee8fa8be2e4567d95f4cb37ba83c3cd9610607a613ea666d68560ad49e6e8d1ee70746e59b7e886ac0e4d52b9db89d75254834f963715
+  metadata.gz: 90556d9873310306a7b8249d5943152345424183ba324c3fcc5d51aef7fd3d475666a0b1f82ce74c0933a0026e06c09162478a7405e6f4c27521e27c65a2fef1
+  data.tar.gz: 59b85f927c1f2907c8711488a006056e62e6893ade0bd139e41104e796ade72dbc294986e995e221faa0b1fcbe32ecb9f262826357e69e3d96cbbe61e36050d6

data/.rubocop.yml

@@ -1,6 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.2
 
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
 Metrics/AbcSize:
   Max: 160
 
@@ -21,9 +24,15 @@ Metrics/BlockLength:
 
 Metrics/LineLength:
   Max: 120
-  
+
 Style/Documentation:
   Enabled: false
-  
+
+Layout/IndentHeredoc:
+  Enabled: false
+
 Style/MutableConstant:
   Enabled: false
+
+Style/PercentLiteralDelimiters:
+  Enabled: false

data/.travis.yml

@@ -1,10 +1,10 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.4.0
-  - 2.3.3
-  - 2.2.6
+  - 2.4.2
+  - 2.3.5
+  - 2.2.8
 before_install:
-  - gem install bundler -v 1.12.5
+  - gem install bundler -v 1.16
 script:
   - bundle exec rake

data/README.md

@@ -28,45 +28,64 @@ $ gem install certman
 
 ```sh
 $ certman request blog.example.com
-NOTICE! Your selected region is *ap-northeast-1*. Certman create certificate on *ap-northeast-1*. OK? Yes
-NOTICE! Certman use *us-east-1* S3/SES. OK? Yes
-NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK? Yes
-[✔] [ACM] Check Certificate (ap-northeast-1) (successfull)
-[✔] [Route53] Check Hosted Zone (ap-northeast-1) (successfull)
-[✔] [Route53] Check TXT Record (ap-northeast-1) (successfull)
-[✔] [Route53] Check MX Record (ap-northeast-1) (successfull)
-[✔] [S3] Create Bucket for SES inbound (us-east-1) (successfull)
-[✔] [SES] Create Domain Identity (us-east-1) (successfull)
-[✔] [Route53] Create TXT Record Set to verify Domain Identity (ap-northeast-1) (successfull)
-[✔] [SES] Check Domain Identity Status *verified* (us-east-1) (successfull)
-[✔] [Route53] Create MX Record Set (ap-northeast-1) (successfull)
-[✔] [SES] Create Receipt Rule Set (us-east-1) (successfull)
-[✔] [SES] Create Receipt Rule (us-east-1) (successfull)
-[✔] [SES] Replace Active Receipt Rule Set (us-east-1) (successfull)
-[✔] [ACM] Request Certificate (ap-northeast-1) (successfull)
-[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (successfull)
-[✔] [SES] Revert Active Receipt Rule Set (us-east-1) (successfull)
-[✔] [SES] Delete Receipt Rule (us-east-1) (successfull)
-[✔] [SES] Delete Receipt Rule Set (us-east-1) (successfull)
-[✔] [Route53] Delete MX Record Set (ap-northeast-1) (successfull)
-[✔] [Route53] Delete TXT Record Set (ap-northeast-1) (successfull)
-[✔] [SES] Delete Verified Domain Identiry (us-east-1) (successfull)
-[✔] [S3] Delete Bucket (us-east-1) (successfull)
+NOTICE! Your selected region is *ap-northeast-1*. Certman will create a certificate on *ap-northeast-1*. OK? Yes
+NOTICE! Certman has chosen *us-east-1*  for S3/SES resources. OK? Yes
+NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set. OK? Yes
+[✔] [ACM] Check Certificate (us-east-1) (successful)
+[✔] [Route53] Check Hosted Zone (us-east-1) (successful)
+[✔] [Route53] Check TXT Record (us-east-1) (successful)
+[✔] [Route53] Check MX Record (us-east-1) (successful)
+[✔] [SES] Check Active Rule Set (us-east-1) (successful)
+[✔] [S3] Create Bucket for SES inbound (us-east-1) (successful)
+[✔] [SES] Create Domain Identity (us-east-1) (successful)
+[✔] [Route53] Create TXT Record Set to verify Domain Identity (us-east-1) (successful)
+[✔] [SES] Check Domain Identity Status *verified* (us-east-1) (successful)
+[✔] [Route53] Create MX Record Set (us-east-1) (successful)
+[✔] [SES] Create and Active Receipt Rule Set (us-east-1) (successful)
+[✔] [SES] Create Receipt Rule (us-east-1) (successful)
+[✔] [ACM] Request Certificate (us-east-1) (successful)
+[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (successful)
+[✔] [SES] Delete Receipt Rule (us-east-1) (successful)
+[✔] [SES] Delete Receipt Rule Set (us-east-1) (successful)
+[✔] [Route53] Delete MX Record Set (us-east-1) (successful)
+[✔] [Route53] Delete TXT Record Set (us-east-1) (successful)
+[✔] [SES] Delete Verified Domain Identiry (us-east-1) (successful)
+[✔] [S3] Delete Bucket (us-east-1) (successful)
 Done.
 
 certificate_arn: arn:aws:acm:ap-northeast-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01
+```
+
+OR
+
+```sh
+NOTICE! Your selected region is *us-east-1*. Certman will create a certificate on *us-east-1*.
+NOTICE! Certman has chosen *us-east-1* for S3/SES resources.
+NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set.
+[✖] [ACM] Check Certificate (us-east-1) (error)
 
+Certificate already exists!
+
+certificate_arn: arn:aws:acm:us-east-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01
 ```
 
-#### Remain Resources
+#### Flags
+
+##### `--remain-resources`
+Skips deleting resources after a certificate has been successfully generated. This is necessary if you cannot use automatic validation (i.e., if your site is not accessible to the public internet via HTTPS). See [How Manual Domain Validation Works](http://docs.aws.amazon.com/acm/latest/userguide/how-domain-validation-works.html) for more information.
+
+##### `--non-interactive`
+Suppresses prompts from Certman (i.e, if using with a CI system, such as Travis or Jenkins).
 
-If you want to remain resources, use `--remain-resources` option.
+##### `--subject-alternative-names=www.test.example.com cert.test.example.com`
+Other domain names (separated by spaces) to associate with the requested certificate. Note that only the primary domain name is used for identification purposes and that AWS initially limits each certifcate to 10 SANs.
 
-(see http://docs.aws.amazon.com/ja_jp/acm/latest/userguide/managed-renewal.html#how-manual-domain-validation-works)
+##### `--hosted-zone=test.example.com`
+Specify the name (not the ID) of the Route53 Hosted Zone where the DNS record sets Certman uses will be located. By default, Certman will use the apex domain (i.e. "test.example.com" will have a default hosted-zone of "example.com").
 
 ### Restore Resources
 
-If you want to restore resources for ACM ( to receive approval mail ), use `certman restore-resources`.
+If you want to restore resources generated for an ACM certificate (i.e., in order to receive approval mail again, use `certman restore-resources`. This supports the `--non-interactive` and `--hosted-zone` flags from `certman request`.
 
 ```sh
 $ certman restore-resources blog.example.com
@@ -76,7 +95,7 @@ $ certman restore-resources blog.example.com
 
 ```sh
 $ certman delete blog.example.com
-[✔] [ACM] Delete Certificate (successfull)
+[✔] [ACM] Delete Certificate (successful)
 Done.
 
 ```

data/Rakefile

@@ -7,4 +7,4 @@ require 'rubocop/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new
 
-task default: [:spec, :rubocop]
+task default: %i(spec rubocop)

data/certman.gemspec

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'certman/version'
@@ -31,7 +32,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 1.12'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rubocop', '~> 0.47.0'
+  spec.add_development_dependency 'rubocop', '~> 0.49.0'
   spec.add_development_dependency 'octorelease'
   spec.add_development_dependency 'pry'
 end

data/lib/certman/cli.rb

@@ -1,23 +1,18 @@
 module Certman
   class CLI < Thor
-    desc 'request [DOMAIN]', 'Request ACM Certificate with only AWS managed services'
+    desc 'request [DOMAIN]', 'Requests an ACM Certificate with only AWS managed services'
     option :remain_resources, type: :boolean, default: false
-    option :hosted_zone, type: :string, banner: '<Route53 HostedZone>'
+    option :non_interactive, type: :boolean, default: false
+    option :subject_alternative_names, type: :array, banner: 'alt_domain_1 alt_domain_2...'
+    option :hosted_zone, type: :string, banner: '<Route53 HostedZone Name>'
     def request(domain)
-      pastel = Pastel.new
       prompt = TTY::Prompt.new
-      return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
-Certman create certificate on *#{Aws.config[:region]}*. OK?"))
+      pastel = Pastel.new
       client = Certman::Client.new(domain, options)
-      return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
-      return unless prompt.yes?(pastel.red("NOTICE! When requesting, Certman apend Receipt Rule to current Active \
-Receipt Rule Set. OK?"))
-      Signal.trap(:INT) do
-        puts ''
-        puts pastel.red('Rollback start.')
-        client.rollback
-      end
+      prompt_or_notify(client, prompt, pastel)
+      rollback_on_interrupt(client, pastel)
       cert_arn = client.request
+
       puts 'Done.'
       puts ''
       puts "certificate_arn: #{pastel.cyan(cert_arn)}"
@@ -25,22 +20,16 @@ Receipt Rule Set. OK?"))
     end
 
     desc 'restore-resources [DOMAIN]', 'Restore resources to receive approval mail'
-    option :hosted_zone, type: :string, banner: '<Route53 HostedZone>'
+    option :non_interactive, type: :boolean, default: false
+    option :hosted_zone, type: :string, banner: '<Route53 HostedZone Name>'
     def restore_resources(domain)
-      pastel = Pastel.new
       prompt = TTY::Prompt.new
-      return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
-Certman create certificate on *#{Aws.config[:region]}*. OK?"))
+      pastel = Pastel.new
       client = Certman::Client.new(domain, options)
-      return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
-      return unless prompt.yes?(pastel.red("NOTICE! When requesting, Certman apend Receipt Rule to current Active \
-Receipt Rule Set. OK?"))
-      Signal.trap(:INT) do
-        puts ''
-        puts pastel.red('Rollback start.')
-        client.rollback
-      end
+      prompt_or_notify(client, prompt, pastel)
+      rollback_on_interrupt(client, pastel)
       client.restore_resources
+
       puts 'Done.'
       puts ''
     end
@@ -48,8 +37,36 @@ Receipt Rule Set. OK?"))
     desc 'delete [DOMAIN]', 'Delete ACM Certificate'
     def delete(domain)
       Certman::Client.new(domain, options).delete
+
       puts 'Done.'
       puts ''
     end
+
+    private
+
+    def prompt_or_notify(client, prompt, pastel)
+      notices = [
+        "NOTICE! Your selected region is *#{Aws.config[:region]}*. " \
+          "Certman will create a certificate on *#{Aws.config[:region]}*.",
+        "NOTICE! Certman has chosen *#{client.region_by_hash}* for S3/SES resources.",
+        'NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set.'
+      ]
+
+      notices.each do |message|
+        if options[:non_interactive]
+          puts pastel.red(message)
+        else
+          exit unless prompt.yes?(pastel.red(message << ' OK?'))
+        end
+      end
+    end
+
+    def rollback_on_interrupt(client, pastel)
+      Signal.trap(:INT) do
+        puts ''
+        puts pastel.red('Rollback start.')
+        client.rollback
+      end
+    end
   end
 end

data/lib/certman/client.rb

@@ -10,11 +10,12 @@ module Certman
       @do_rollback = false
       @cname_exists = false
       @domain = domain
+      @subject_alternative_names = options[:subject_alternative_names]
       @cert_arn = nil
       @savepoint = []
       @remain_resources = options[:remain_resources]
       @hosted_zone_domain = options[:hosted_zone]
-      @hosted_zone_domain.sub(/\.\z/, '') unless @hosted_zone_domain.nil?
+      @hosted_zone_domain.sub(/\.\z/, '') if @hosted_zone_domain
     end
 
     def request
@@ -58,7 +59,7 @@ module Certman
       end
 
       enforce_region_by_hash do
-        step('[S3] Check approval mail (will take about 30 min)', nil) do
+        step('[S3] Check for approval mail (can take up to 30 min)', nil) do
           check_approval_mail
         end
       end
@@ -109,6 +110,11 @@ module Certman
 
     def delete
       s = spinner('[ACM] Delete Certificate')
+      unless certificate_exist?
+        s.error
+        puts pastel.yellow("\nNo certificate to delete!\n")
+        exit
+      end
       delete_certificate
       s.success
     end
@@ -118,23 +124,40 @@ module Certman
 
       if check_acm
         s = spinner('[ACM] Check Certificate')
-        raise 'Certificate already exist' if certificate_exist?
+        if certificate_exist?
+          s.error
+          puts pastel.yellow("\nCertificate already exists!\n")
+          puts "certificate_arn: #{pastel.cyan(@cert_arn)}"
+          exit
+        end
         s.success
       end
 
       s = spinner('[Route53] Check Hosted Zone')
-      raise "Hosted Zone #{hosted_zone_domain} does not exist" unless hosted_zone_exist?
+      unless hosted_zone_exist?
+        s.error
+        puts pastel.red("\nHosted Zone #{hosted_zone_domain} does not exist")
+        exit
+      end
       s.success
 
       s = spinner('[Route53] Check TXT Record')
-      raise "_amazonses.#{email_domain} TXT already exist" if txt_rset_exist?
+      if txt_rset_exist?
+        s.error
+        puts pastel.red("\n_amazonses.#{email_domain} TXT already exists")
+        exit
+      end
       s.success
 
       enforce_region_by_hash do
         s = spinner('[Route53] Check MX Record')
-        raise "#{email_domain} MX already exist" if mx_rset_exist?
+        if mx_rset_exist?
+          s.error
+          puts pastel.red("\n#{email_domain} MX already exist")
+          exit
+        end
         if cname_rset_exist?
-          puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{hosted_zone_domain}")
+          puts pastel.cyan("\n#{email_domain} CNAME already exists. Use #{hosted_zone_domain}")
           @cname_exists = true
           check_resource
         end
@@ -224,10 +247,7 @@ module Certman
           end
         when :acm_certificate
           if @do_rollback
-            s = spinner('[ACM] Delete Certificate')
-            delete_certificate
-            @cert_arn = nil
-            s.success
+            delete # certificate
           end
         end
       end

data/lib/certman/log.rb

@@ -7,7 +7,7 @@ module Certman
     end
 
     def success
-      @s.success(@pastel.green('(successfull)'))
+      @s.success(@pastel.green('(successful)'))
     end
 
     def error

data/lib/certman/resource/acm.rb

@@ -4,7 +4,7 @@ module Certman
       def request_certificate
         res = acm.request_certificate(
           domain_name: @domain,
-          subject_alternative_names: [@domain],
+          subject_alternative_names: @subject_alternative_names,
           domain_validation_options: [
             {
               domain_name: @domain,
@@ -24,18 +24,15 @@ module Certman
       end
 
       def delete_certificate
-        current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
-          cert.domain_name == @domain
-        end
-        raise 'Certificate does not exist' unless current_cert
-        acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
+        acm.delete_certificate(certificate_arn: @cert_arn)
+        @cert_arn = nil
       end
 
       def certificate_exist?
         current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
           cert.domain_name == @domain
         end
-        current_cert
+        @cert_arn = current_cert.certificate_arn if current_cert
       end
 
       def acm

data/lib/certman/version.rb

@@ -1,3 +1,3 @@
 module Certman
-  VERSION = '0.9.0'
+  VERSION = '0.10.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: certman
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-08-17 00:00:00.000000000 Z
+date: 2017-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.47.0
+        version: 0.49.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.47.0
+        version: 0.49.0
 - !ruby/object:Gem::Dependency
   name: octorelease
   requirement: !ruby/object:Gem::Requirement
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: CLI tool for AWS Certificate Manager.