certman 0.9.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +11 -2
- data/.travis.yml +4 -4
- data/README.md +48 -29
- data/Rakefile +1 -1
- data/certman.gemspec +2 -1
- data/lib/certman/cli.rb +42 -25
- data/lib/certman/client.rb +31 -11
- data/lib/certman/log.rb +1 -1
- data/lib/certman/resource/acm.rb +4 -7
- data/lib/certman/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7f528eceb5261f5389c61418696ea117effe198d
|
4
|
+
data.tar.gz: 4ba61d85165b8e6c294bcaa045e4086958bfc695
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 90556d9873310306a7b8249d5943152345424183ba324c3fcc5d51aef7fd3d475666a0b1f82ce74c0933a0026e06c09162478a7405e6f4c27521e27c65a2fef1
|
7
|
+
data.tar.gz: 59b85f927c1f2907c8711488a006056e62e6893ade0bd139e41104e796ade72dbc294986e995e221faa0b1fcbe32ecb9f262826357e69e3d96cbbe61e36050d6
|
data/.rubocop.yml
CHANGED
@@ -1,6 +1,9 @@
|
|
1
1
|
AllCops:
|
2
2
|
TargetRubyVersion: 2.2
|
3
3
|
|
4
|
+
Style/FrozenStringLiteralComment:
|
5
|
+
Enabled: false
|
6
|
+
|
4
7
|
Metrics/AbcSize:
|
5
8
|
Max: 160
|
6
9
|
|
@@ -21,9 +24,15 @@ Metrics/BlockLength:
|
|
21
24
|
|
22
25
|
Metrics/LineLength:
|
23
26
|
Max: 120
|
24
|
-
|
27
|
+
|
25
28
|
Style/Documentation:
|
26
29
|
Enabled: false
|
27
|
-
|
30
|
+
|
31
|
+
Layout/IndentHeredoc:
|
32
|
+
Enabled: false
|
33
|
+
|
28
34
|
Style/MutableConstant:
|
29
35
|
Enabled: false
|
36
|
+
|
37
|
+
Style/PercentLiteralDelimiters:
|
38
|
+
Enabled: false
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -28,45 +28,64 @@ $ gem install certman
|
|
28
28
|
|
29
29
|
```sh
|
30
30
|
$ certman request blog.example.com
|
31
|
-
NOTICE! Your selected region is *ap-northeast-1*. Certman create certificate on *ap-northeast-1*. OK? Yes
|
32
|
-
NOTICE! Certman
|
33
|
-
NOTICE! When requesting, Certman
|
34
|
-
[✔] [ACM] Check Certificate (
|
35
|
-
[✔] [Route53] Check Hosted Zone (
|
36
|
-
[✔] [Route53] Check TXT Record (
|
37
|
-
[✔] [Route53] Check MX Record (
|
38
|
-
[✔] [
|
39
|
-
[✔] [
|
40
|
-
[✔] [
|
41
|
-
[✔] [
|
42
|
-
[✔] [
|
43
|
-
[✔] [
|
44
|
-
[✔] [SES] Create Receipt Rule (us-east-1) (
|
45
|
-
[✔] [SES]
|
46
|
-
[✔] [ACM] Request Certificate (
|
47
|
-
[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (
|
48
|
-
[✔] [SES]
|
49
|
-
[✔] [SES] Delete Receipt Rule (us-east-1) (
|
50
|
-
[✔] [
|
51
|
-
[✔] [Route53] Delete
|
52
|
-
[✔] [
|
53
|
-
[✔] [
|
54
|
-
[✔] [S3] Delete Bucket (us-east-1) (successfull)
|
31
|
+
NOTICE! Your selected region is *ap-northeast-1*. Certman will create a certificate on *ap-northeast-1*. OK? Yes
|
32
|
+
NOTICE! Certman has chosen *us-east-1* for S3/SES resources. OK? Yes
|
33
|
+
NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set. OK? Yes
|
34
|
+
[✔] [ACM] Check Certificate (us-east-1) (successful)
|
35
|
+
[✔] [Route53] Check Hosted Zone (us-east-1) (successful)
|
36
|
+
[✔] [Route53] Check TXT Record (us-east-1) (successful)
|
37
|
+
[✔] [Route53] Check MX Record (us-east-1) (successful)
|
38
|
+
[✔] [SES] Check Active Rule Set (us-east-1) (successful)
|
39
|
+
[✔] [S3] Create Bucket for SES inbound (us-east-1) (successful)
|
40
|
+
[✔] [SES] Create Domain Identity (us-east-1) (successful)
|
41
|
+
[✔] [Route53] Create TXT Record Set to verify Domain Identity (us-east-1) (successful)
|
42
|
+
[✔] [SES] Check Domain Identity Status *verified* (us-east-1) (successful)
|
43
|
+
[✔] [Route53] Create MX Record Set (us-east-1) (successful)
|
44
|
+
[✔] [SES] Create and Active Receipt Rule Set (us-east-1) (successful)
|
45
|
+
[✔] [SES] Create Receipt Rule (us-east-1) (successful)
|
46
|
+
[✔] [ACM] Request Certificate (us-east-1) (successful)
|
47
|
+
[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (successful)
|
48
|
+
[✔] [SES] Delete Receipt Rule (us-east-1) (successful)
|
49
|
+
[✔] [SES] Delete Receipt Rule Set (us-east-1) (successful)
|
50
|
+
[✔] [Route53] Delete MX Record Set (us-east-1) (successful)
|
51
|
+
[✔] [Route53] Delete TXT Record Set (us-east-1) (successful)
|
52
|
+
[✔] [SES] Delete Verified Domain Identiry (us-east-1) (successful)
|
53
|
+
[✔] [S3] Delete Bucket (us-east-1) (successful)
|
55
54
|
Done.
|
56
55
|
|
57
56
|
certificate_arn: arn:aws:acm:ap-northeast-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01
|
57
|
+
```
|
58
|
+
|
59
|
+
OR
|
60
|
+
|
61
|
+
```sh
|
62
|
+
NOTICE! Your selected region is *us-east-1*. Certman will create a certificate on *us-east-1*.
|
63
|
+
NOTICE! Certman has chosen *us-east-1* for S3/SES resources.
|
64
|
+
NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set.
|
65
|
+
[✖] [ACM] Check Certificate (us-east-1) (error)
|
58
66
|
|
67
|
+
Certificate already exists!
|
68
|
+
|
69
|
+
certificate_arn: arn:aws:acm:us-east-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01
|
59
70
|
```
|
60
71
|
|
61
|
-
####
|
72
|
+
#### Flags
|
73
|
+
|
74
|
+
##### `--remain-resources`
|
75
|
+
Skips deleting resources after a certificate has been successfully generated. This is necessary if you cannot use automatic validation (i.e., if your site is not accessible to the public internet via HTTPS). See [How Manual Domain Validation Works](http://docs.aws.amazon.com/acm/latest/userguide/how-domain-validation-works.html) for more information.
|
76
|
+
|
77
|
+
##### `--non-interactive`
|
78
|
+
Suppresses prompts from Certman (i.e, if using with a CI system, such as Travis or Jenkins).
|
62
79
|
|
63
|
-
|
80
|
+
##### `--subject-alternative-names=www.test.example.com cert.test.example.com`
|
81
|
+
Other domain names (separated by spaces) to associate with the requested certificate. Note that only the primary domain name is used for identification purposes and that AWS initially limits each certifcate to 10 SANs.
|
64
82
|
|
65
|
-
|
83
|
+
##### `--hosted-zone=test.example.com`
|
84
|
+
Specify the name (not the ID) of the Route53 Hosted Zone where the DNS record sets Certman uses will be located. By default, Certman will use the apex domain (i.e. "test.example.com" will have a default hosted-zone of "example.com").
|
66
85
|
|
67
86
|
### Restore Resources
|
68
87
|
|
69
|
-
If you want to restore resources for ACM ( to receive approval mail
|
88
|
+
If you want to restore resources generated for an ACM certificate (i.e., in order to receive approval mail again, use `certman restore-resources`. This supports the `--non-interactive` and `--hosted-zone` flags from `certman request`.
|
70
89
|
|
71
90
|
```sh
|
72
91
|
$ certman restore-resources blog.example.com
|
@@ -76,7 +95,7 @@ $ certman restore-resources blog.example.com
|
|
76
95
|
|
77
96
|
```sh
|
78
97
|
$ certman delete blog.example.com
|
79
|
-
[✔] [ACM] Delete Certificate (
|
98
|
+
[✔] [ACM] Delete Certificate (successful)
|
80
99
|
Done.
|
81
100
|
|
82
101
|
```
|
data/Rakefile
CHANGED
data/certman.gemspec
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# coding: utf-8
|
2
|
+
|
2
3
|
lib = File.expand_path('../lib', __FILE__)
|
3
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
5
|
require 'certman/version'
|
@@ -31,7 +32,7 @@ Gem::Specification.new do |spec|
|
|
31
32
|
spec.add_development_dependency 'bundler', '~> 1.12'
|
32
33
|
spec.add_development_dependency 'rake', '~> 10.0'
|
33
34
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
34
|
-
spec.add_development_dependency 'rubocop', '~> 0.
|
35
|
+
spec.add_development_dependency 'rubocop', '~> 0.49.0'
|
35
36
|
spec.add_development_dependency 'octorelease'
|
36
37
|
spec.add_development_dependency 'pry'
|
37
38
|
end
|
data/lib/certman/cli.rb
CHANGED
@@ -1,23 +1,18 @@
|
|
1
1
|
module Certman
|
2
2
|
class CLI < Thor
|
3
|
-
desc 'request [DOMAIN]', '
|
3
|
+
desc 'request [DOMAIN]', 'Requests an ACM Certificate with only AWS managed services'
|
4
4
|
option :remain_resources, type: :boolean, default: false
|
5
|
-
option :
|
5
|
+
option :non_interactive, type: :boolean, default: false
|
6
|
+
option :subject_alternative_names, type: :array, banner: 'alt_domain_1 alt_domain_2...'
|
7
|
+
option :hosted_zone, type: :string, banner: '<Route53 HostedZone Name>'
|
6
8
|
def request(domain)
|
7
|
-
pastel = Pastel.new
|
8
9
|
prompt = TTY::Prompt.new
|
9
|
-
|
10
|
-
Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
10
|
+
pastel = Pastel.new
|
11
11
|
client = Certman::Client.new(domain, options)
|
12
|
-
|
13
|
-
|
14
|
-
Receipt Rule Set. OK?"))
|
15
|
-
Signal.trap(:INT) do
|
16
|
-
puts ''
|
17
|
-
puts pastel.red('Rollback start.')
|
18
|
-
client.rollback
|
19
|
-
end
|
12
|
+
prompt_or_notify(client, prompt, pastel)
|
13
|
+
rollback_on_interrupt(client, pastel)
|
20
14
|
cert_arn = client.request
|
15
|
+
|
21
16
|
puts 'Done.'
|
22
17
|
puts ''
|
23
18
|
puts "certificate_arn: #{pastel.cyan(cert_arn)}"
|
@@ -25,22 +20,16 @@ Receipt Rule Set. OK?"))
|
|
25
20
|
end
|
26
21
|
|
27
22
|
desc 'restore-resources [DOMAIN]', 'Restore resources to receive approval mail'
|
28
|
-
option :
|
23
|
+
option :non_interactive, type: :boolean, default: false
|
24
|
+
option :hosted_zone, type: :string, banner: '<Route53 HostedZone Name>'
|
29
25
|
def restore_resources(domain)
|
30
|
-
pastel = Pastel.new
|
31
26
|
prompt = TTY::Prompt.new
|
32
|
-
|
33
|
-
Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
27
|
+
pastel = Pastel.new
|
34
28
|
client = Certman::Client.new(domain, options)
|
35
|
-
|
36
|
-
|
37
|
-
Receipt Rule Set. OK?"))
|
38
|
-
Signal.trap(:INT) do
|
39
|
-
puts ''
|
40
|
-
puts pastel.red('Rollback start.')
|
41
|
-
client.rollback
|
42
|
-
end
|
29
|
+
prompt_or_notify(client, prompt, pastel)
|
30
|
+
rollback_on_interrupt(client, pastel)
|
43
31
|
client.restore_resources
|
32
|
+
|
44
33
|
puts 'Done.'
|
45
34
|
puts ''
|
46
35
|
end
|
@@ -48,8 +37,36 @@ Receipt Rule Set. OK?"))
|
|
48
37
|
desc 'delete [DOMAIN]', 'Delete ACM Certificate'
|
49
38
|
def delete(domain)
|
50
39
|
Certman::Client.new(domain, options).delete
|
40
|
+
|
51
41
|
puts 'Done.'
|
52
42
|
puts ''
|
53
43
|
end
|
44
|
+
|
45
|
+
private
|
46
|
+
|
47
|
+
def prompt_or_notify(client, prompt, pastel)
|
48
|
+
notices = [
|
49
|
+
"NOTICE! Your selected region is *#{Aws.config[:region]}*. " \
|
50
|
+
"Certman will create a certificate on *#{Aws.config[:region]}*.",
|
51
|
+
"NOTICE! Certman has chosen *#{client.region_by_hash}* for S3/SES resources.",
|
52
|
+
'NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set.'
|
53
|
+
]
|
54
|
+
|
55
|
+
notices.each do |message|
|
56
|
+
if options[:non_interactive]
|
57
|
+
puts pastel.red(message)
|
58
|
+
else
|
59
|
+
exit unless prompt.yes?(pastel.red(message << ' OK?'))
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def rollback_on_interrupt(client, pastel)
|
65
|
+
Signal.trap(:INT) do
|
66
|
+
puts ''
|
67
|
+
puts pastel.red('Rollback start.')
|
68
|
+
client.rollback
|
69
|
+
end
|
70
|
+
end
|
54
71
|
end
|
55
72
|
end
|
data/lib/certman/client.rb
CHANGED
@@ -10,11 +10,12 @@ module Certman
|
|
10
10
|
@do_rollback = false
|
11
11
|
@cname_exists = false
|
12
12
|
@domain = domain
|
13
|
+
@subject_alternative_names = options[:subject_alternative_names]
|
13
14
|
@cert_arn = nil
|
14
15
|
@savepoint = []
|
15
16
|
@remain_resources = options[:remain_resources]
|
16
17
|
@hosted_zone_domain = options[:hosted_zone]
|
17
|
-
@hosted_zone_domain.sub(/\.\z/, '')
|
18
|
+
@hosted_zone_domain.sub(/\.\z/, '') if @hosted_zone_domain
|
18
19
|
end
|
19
20
|
|
20
21
|
def request
|
@@ -58,7 +59,7 @@ module Certman
|
|
58
59
|
end
|
59
60
|
|
60
61
|
enforce_region_by_hash do
|
61
|
-
step('[S3] Check approval mail (
|
62
|
+
step('[S3] Check for approval mail (can take up to 30 min)', nil) do
|
62
63
|
check_approval_mail
|
63
64
|
end
|
64
65
|
end
|
@@ -109,6 +110,11 @@ module Certman
|
|
109
110
|
|
110
111
|
def delete
|
111
112
|
s = spinner('[ACM] Delete Certificate')
|
113
|
+
unless certificate_exist?
|
114
|
+
s.error
|
115
|
+
puts pastel.yellow("\nNo certificate to delete!\n")
|
116
|
+
exit
|
117
|
+
end
|
112
118
|
delete_certificate
|
113
119
|
s.success
|
114
120
|
end
|
@@ -118,23 +124,40 @@ module Certman
|
|
118
124
|
|
119
125
|
if check_acm
|
120
126
|
s = spinner('[ACM] Check Certificate')
|
121
|
-
|
127
|
+
if certificate_exist?
|
128
|
+
s.error
|
129
|
+
puts pastel.yellow("\nCertificate already exists!\n")
|
130
|
+
puts "certificate_arn: #{pastel.cyan(@cert_arn)}"
|
131
|
+
exit
|
132
|
+
end
|
122
133
|
s.success
|
123
134
|
end
|
124
135
|
|
125
136
|
s = spinner('[Route53] Check Hosted Zone')
|
126
|
-
|
137
|
+
unless hosted_zone_exist?
|
138
|
+
s.error
|
139
|
+
puts pastel.red("\nHosted Zone #{hosted_zone_domain} does not exist")
|
140
|
+
exit
|
141
|
+
end
|
127
142
|
s.success
|
128
143
|
|
129
144
|
s = spinner('[Route53] Check TXT Record')
|
130
|
-
|
145
|
+
if txt_rset_exist?
|
146
|
+
s.error
|
147
|
+
puts pastel.red("\n_amazonses.#{email_domain} TXT already exists")
|
148
|
+
exit
|
149
|
+
end
|
131
150
|
s.success
|
132
151
|
|
133
152
|
enforce_region_by_hash do
|
134
153
|
s = spinner('[Route53] Check MX Record')
|
135
|
-
|
154
|
+
if mx_rset_exist?
|
155
|
+
s.error
|
156
|
+
puts pastel.red("\n#{email_domain} MX already exist")
|
157
|
+
exit
|
158
|
+
end
|
136
159
|
if cname_rset_exist?
|
137
|
-
puts pastel.cyan("\n#{email_domain} CNAME already
|
160
|
+
puts pastel.cyan("\n#{email_domain} CNAME already exists. Use #{hosted_zone_domain}")
|
138
161
|
@cname_exists = true
|
139
162
|
check_resource
|
140
163
|
end
|
@@ -224,10 +247,7 @@ module Certman
|
|
224
247
|
end
|
225
248
|
when :acm_certificate
|
226
249
|
if @do_rollback
|
227
|
-
|
228
|
-
delete_certificate
|
229
|
-
@cert_arn = nil
|
230
|
-
s.success
|
250
|
+
delete # certificate
|
231
251
|
end
|
232
252
|
end
|
233
253
|
end
|
data/lib/certman/log.rb
CHANGED
data/lib/certman/resource/acm.rb
CHANGED
@@ -4,7 +4,7 @@ module Certman
|
|
4
4
|
def request_certificate
|
5
5
|
res = acm.request_certificate(
|
6
6
|
domain_name: @domain,
|
7
|
-
subject_alternative_names:
|
7
|
+
subject_alternative_names: @subject_alternative_names,
|
8
8
|
domain_validation_options: [
|
9
9
|
{
|
10
10
|
domain_name: @domain,
|
@@ -24,18 +24,15 @@ module Certman
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def delete_certificate
|
27
|
-
|
28
|
-
|
29
|
-
end
|
30
|
-
raise 'Certificate does not exist' unless current_cert
|
31
|
-
acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
|
27
|
+
acm.delete_certificate(certificate_arn: @cert_arn)
|
28
|
+
@cert_arn = nil
|
32
29
|
end
|
33
30
|
|
34
31
|
def certificate_exist?
|
35
32
|
current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
|
36
33
|
cert.domain_name == @domain
|
37
34
|
end
|
38
|
-
current_cert
|
35
|
+
@cert_arn = current_cert.certificate_arn if current_cert
|
39
36
|
end
|
40
37
|
|
41
38
|
def acm
|
data/lib/certman/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: certman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -170,14 +170,14 @@ dependencies:
|
|
170
170
|
requirements:
|
171
171
|
- - "~>"
|
172
172
|
- !ruby/object:Gem::Version
|
173
|
-
version: 0.
|
173
|
+
version: 0.49.0
|
174
174
|
type: :development
|
175
175
|
prerelease: false
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
177
177
|
requirements:
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version: 0.
|
180
|
+
version: 0.49.0
|
181
181
|
- !ruby/object:Gem::Dependency
|
182
182
|
name: octorelease
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
256
256
|
version: '0'
|
257
257
|
requirements: []
|
258
258
|
rubyforge_project:
|
259
|
-
rubygems_version: 2.6.
|
259
|
+
rubygems_version: 2.6.13
|
260
260
|
signing_key:
|
261
261
|
specification_version: 4
|
262
262
|
summary: CLI tool for AWS Certificate Manager.
|