RubyGems - certman - Versions diffs - 0.1.0 → 0.2.0 - Mend

certman 0.1.0 → 0.2.0

Files changed (13) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -1
data/README.md +10 -5
data/lib/certman/cli.rb +9 -2
data/lib/certman/client.rb +99 -292
data/lib/certman/resource/acm.rb +38 -0
data/lib/certman/resource/route53.rb +140 -0
data/lib/certman/resource/s3.rb +89 -0
data/lib/certman/resource/ses.rb +83 -0
data/lib/certman/resource/sts.rb +9 -0
data/lib/certman/version.rb +1 -1
data/lib/certman.rb +5 -0
metadata +7 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: abd249cac5771cfd40429d8123247925a65c3b55
-  data.tar.gz: a06cea74aff79c77bc6800660f038f89f0412aa8
+  metadata.gz: dc3463ae829bfaef6897bb714c2489d113113465
+  data.tar.gz: 55623eb5f306caa72832a252a06125632344efc9
 SHA512:
-  metadata.gz: 88589e4fb6d9b5eb7e065dc3ddc351c7b2831ea2d5b6cda1e541192e470e50a9ddcd66be775959e2ec202ac034f5be7db437627223fb8fb9dd84a7d3de9707b8
-  data.tar.gz: e10726b02ce3acd0287f8800a8176c6f2f1816d23de210ca8152d3915a0b341173d3f2ea5ddd3f301933e50512563b218e0ccf77e9dcc1e895d715c2e6908e6c
+  metadata.gz: 6fab1591da092475a654d4903b9984ec71f4c35b6f85ce69ff4bdfcde40123d3b53557e10f8450d2efff75d777da892542ff424107fecc1eb2b6a81aa42b031f
+  data.tar.gz: 285bae5e5f326b9b6d57e9d32dcf68b01461354ce63d0b3fed8599a68c49f45e67e28ebe3a8e12c1bdb3028537646efe857a6410a17551f758eccddc00a208e0

data/.rubocop.yml CHANGED Viewed

@@ -17,7 +17,7 @@ Metrics/PerceivedComplexity:
   Max: 10
 Metrics/BlockLength:
-  Max: 30
+  Max: 50
 Metrics/LineLength:
   Max: 120

data/README.md CHANGED Viewed

@@ -36,15 +36,20 @@ NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK? Yes
 [✔] [Route53] Check MX Record (successfull)
 [✔] [S3] Create Bucket for SES inbound (successfull)
 [✔] [SES] Create Domain Identity (successfull)
-[✔] [Route53] Add TXT Record Set to verify Domain Identity (successfull)
+[✔] [Route53] Create TXT Record Set to verify Domain Identity (successfull)
 [✔] [SES] Check Domain Identity Status *verified* (successfull)
-[✔] [Route53] Add MX Record Set (successfull)
+[✔] [Route53] Create MX Record Set (successfull)
+[✔] [SES] Create Receipt Rule Set (successfull)
 [✔] [SES] Create Receipt Rule (successfull)
+[✔] [SES] Replace Active Receipt Rule Set (successfull)
 [✔] [ACM] Request Certificate (successfull)
 [✔] [S3] Check approval mail (will take about 30 min) (successfull)
-[✔] [SES] Remove Receipt rule (successfull)
-[✔] [Route53] Remove Record Set (successfull)
-[✔] [SES] Remove Verified Domain Identiry (successfull)
+[✔] [SES] Revert Active Receipt Rule Set (successfull)
+[✔] [SES] Delete Receipt Rule (successfull)
+[✔] [SES] Delete Receipt Rule Set (successfull)
+[✔] [Route53] Delete MX Record Set (successfull)
+[✔] [Route53] Delete TXT Record Set (successfull)
+[✔] [SES] Delete Verified Domain Identiry (successfull)
 [✔] [S3] Delete Bucket (successfull)
 Done.

data/lib/certman/cli.rb CHANGED Viewed

@@ -1,12 +1,19 @@
 module Certman
   class CLI < Thor
     desc 'request [DOMAIN]', 'Request ACM Certificate with only AWS managed services'
+    option :remain_resources, type: :boolean
     def request(domain)
       pastel = Pastel.new
       prompt = TTY::Prompt.new
       return unless prompt.yes?(pastel.red('NOTICE! Certman support *us-east-1* only, now. OK?'))
       return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
-      cert_arn = Certman::Client.new(domain).request_certificate
+      client = Certman::Client.new(domain)
+      Signal.trap(:INT) do
+        puts ''
+        puts pastel.red('Rollback start.')
+        client.rollback
+      end
+      cert_arn = client.request(options[:remain_resources])
       puts 'Done.'
       puts ''
       puts "certificate_arn: #{pastel.cyan(cert_arn)}"
@@ -15,7 +22,7 @@ module Certman
     desc 'delete [DOMAIN]', 'Delete ACM Certificate'
     def delete(domain)
-      Certman::Client.new(domain).delete_certificate
+      Certman::Client.new(domain).delete
       puts 'Done.'
       puts ''
     end

data/lib/certman/client.rb CHANGED Viewed

@@ -1,350 +1,157 @@
 module Certman
   class Client
-    attr_reader :domain
+    include Certman::Resource::STS
+    include Certman::Resource::S3
+    include Certman::Resource::SES
+    include Certman::Resource::Route53
+    include Certman::Resource::ACM
     def initialize(domain)
+      @do_rollback = false
       @domain = domain
+      @cert_arn = nil
+      @savepoint = []
     end
-    def request_certificate
+    def request(remain_resources = false)
       check_resource
-      # Get Account ID
-      account_id = sts.get_caller_identity.account
-      # Create S3 for SES inbound
-      s = spinner('[S3] Create Bucket for SES inbound')
-      bucket_policy = <<-"EOF"
-{
-            "Version": "2008-10-17",
-    "Statement": [
-        {
-            "Sid": "GiveSESPermissionToWriteEmail",
-            "Effect": "Allow",
-            "Principal": {
-                "Service": [
-                    "ses.amazonaws.com"
-                ]
-            },
-            "Action": [
-                "s3:PutObject"
-            ],
-            "Resource": "arn:aws:s3:::#{bucket_name}/*",
-            "Condition": {
-                "StringEquals": {
-                    "aws:Referer": "#{account_id}"
-                }
-            }
-        }
-    ]
-}
-EOF
-      s3.create_bucket(
-        acl: 'private',
-        bucket: bucket_name
-      )
-      s3.put_bucket_policy(
-        bucket: bucket_name,
-        policy: bucket_policy,
-        use_accelerate_endpoint: false
-      )
-      s.success
-      # Create Domain Identity
-      s = spinner('[SES] Create Domain Identity')
-      res = ses.verify_domain_identity(domain: domain)
-      token = res.verification_token
-      s.success
-      # Add TXT Record Set with Route53
-      s = spinner('[Route53] Add TXT Record Set to verify Domain Identity')
-      root_domain = PublicSuffix.domain(domain)
-      hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
-        PublicSuffix.domain(zone.name) == root_domain
+      step('[S3] Create Bucket for SES inbound', :s3_bucket) do
+        create_bucket
       end
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'CREATE',
-              resource_record_set: {
-                name: "_amazonses.#{domain}",
-                resource_records: [
-                  {
-                    value: '"' + token + '"'
-                  }
-                ],
-                ttl: 60,
-                type: 'TXT'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
-      # Checking verify
-      s = spinner('[SES] Check Domain Identity Status *verified*')
-      is_break = false
-      100.times do
-        res = ses.get_identity_verification_attributes(
-          identities: [
-            domain
-          ]
-        )
-        if res.verification_attributes[domain].verification_status == 'Success'
-          is_break = true
-          s.success
-          break
-        end
-        sleep 5
+      step('[SES] Create Domain Identity', :ses_domain_identity) do
+        create_domain_identity
       end
-      s.error unless is_break
-      # Add MX Record Set
-      s = spinner('[Route53] Add MX Record Set')
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'CREATE',
-              resource_record_set: {
-                name: domain,
-                resource_records: [
-                  {
-                    value: '10 inbound-smtp.us-east-1.amazonaws.com'
-                  }
-                ],
-                ttl: 60,
-                type: 'MX'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
+      step('[Route53] Create TXT Record Set to verify Domain Identity', :route53_txt) do
+        create_txt_rset
+      end
-      # Create Receipt rule
-      s = spinner('[SES] Create Receipt Rule')
-      rule_name = "S3RuleGeneratedByCertman_#{domain}"
-      rule_set_name = "RuleSetGeneratedByCertman_#{domain}"
-      ses.create_receipt_rule_set(rule_set_name: rule_set_name)
-      ses.create_receipt_rule(
-        rule: {
-          recipients: ["admin@#{domain}"],
-          actions: [
-            {
-              s3_action: {
-                bucket_name: bucket_name
-              }
-            }
-          ],
-          enabled: true,
-          name: rule_name,
-          scan_enabled: true,
-          tls_policy: 'Optional'
-        },
-        rule_set_name: rule_set_name
-      )
-      current_rule_set_name = nil
-      res = ses.describe_active_receipt_rule_set
-      current_rule_set_name = res.metadata.name if res.metadata
-      ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
-      s.success
+      step('[SES] Check Domain Identity Status *verified*', nil) do
+        check_domain_identity_verified
+      end
-      # Request Certificate
-      s = spinner('[ACM] Request Certificate')
-      res = acm.request_certificate(
-        domain_name: domain,
-        subject_alternative_names: [domain],
-        domain_validation_options: [
-          {
-            domain_name: domain,
-            validation_domain: domain
-          }
-        ]
-      )
-      cert_arn = res.certificate_arn
-      s.success
+      step('[Route53] Create MX Record Set', :route53_mx) do
+        create_mx_rset
+      end
-      # Check Mail and Approve
-      s = spinner('[S3] Check approval mail (will take about 30 min)')
-      is_break = false
-      60.times do
-        s3.list_objects(bucket: bucket_name).contents.map do |object|
-          res = s3.get_object(bucket: bucket_name, key: object.key)
-          res.body.read.match(%r{https://certificates\.amazon\.com/approvals[^\s]+}) do |md|
-            cert_uri = md[0]
-            handle = open(cert_uri)
-            document = Oga.parse_html(handle)
-            data = {}
-            document.css('form input').each do |input|
-              data[input.get('name')] = input.get('value')
-            end
-            res = Net::HTTP.post_form(URI.parse('https://certificates.amazon.com/approvals'), data)
-            if res.body =~ /Success/
-              s.success
-            else
-              s.error
-            end
-            is_break = true
-            break
-          end
-        end
-        break if is_break
-        sleep 30
+      step('[SES] Create Receipt Rule Set', :ses_rule_set) do
+        create_rule_set
       end
-      s.error unless is_break
-      # Remove Receipt Rule
-      s = spinner('[SES] Remove Receipt Rule')
-      ses.set_active_receipt_rule_set(rule_set_name: current_rule_set_name)
-      ses.delete_receipt_rule(
-        rule_name: rule_name,
-        rule_set_name: rule_set_name
-      )
-      ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
-      s.success
+      step('[SES] Create Receipt Rule', :ses_rule) do
+        create_rule
+      end
-      # Remove Record Set
-      s = spinner('[Route53] Remove Record Set')
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'DELETE',
-              resource_record_set: {
-                name: "_amazonses.#{domain}",
-                resource_records: [
-                  {
-                    value: '"' + token + '"'
-                  }
-                ],
-                ttl: 60,
-                type: 'TXT'
-              }
-            },
-            {
-              action: 'DELETE',
-              resource_record_set: {
-                name: domain,
-                resource_records: [
-                  {
-                    value: '10 inbound-smtp.us-east-1.amazonaws.com'
-                  }
-                ],
-                ttl: 60,
-                type: 'MX'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
+      step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
+        replace_active_rule_set
+      end
-      # Remove Verified Domain Identiry
-      s = spinner('[SES] Remove Verified Domain Identiry')
-      ses.delete_identity(identity: domain)
-      s.success
+      step('[ACM] Request Certificate', :acm_certificate) do
+        request_certificate
+      end
-      # Delete S3 for SES inbound
-      s = spinner('[S3] Delete Bucket')
-      objects = s3.list_objects(bucket: bucket_name).contents.map do |object|
-        { key: object.key }
+      step('[S3] Check approval mail (will take about 30 min)', nil) do
+        check_approval_mail
       end
-      s3.delete_objects(
-        bucket: bucket_name,
-        delete: {
-          objects: objects
-        }
-      )
-      s3.delete_bucket(bucket: bucket_name)
-      s.success
-      cert_arn
+      cleanup_resources if !remain_resources || @do_rollback
+      @cert_arn
     end
-    def delete_certificate
+    def delete
       s = spinner('[ACM] Delete Certificate')
-      current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
-        cert.domain_name == domain
-      end
-      raise 'Certificate does not exist' unless current_cert
-      acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
+      delete_certificate
       s.success
     end
     def check_resource
       s = spinner('[ACM] Check Certificate')
-      current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
-        cert.domain_name == domain
-      end
-      raise 'Certificate already exist' if current_cert
+      check_certificate
       s.success
       s = spinner('[Route53] Check Hosted Zone')
-      root_domain = PublicSuffix.domain(domain)
-      hosted_zone_id = nil
-      hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
-        if PublicSuffix.domain(zone.name) == root_domain
-          hosted_zone_id = zone.id
-          next true
-        end
-      end
-      raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone
+      check_hosted_zone
       s.success
       s = spinner('[Route53] Check TXT Record')
-      res = route53.list_resource_record_sets(
-        hosted_zone_id: hosted_zone_id,
-        start_record_name: "_amazonses.#{domain}.",
-        start_record_type: 'TXT'
-      )
-      raise "_amazonses.#{domain} TXT already exist" unless res.resource_record_sets.empty?
+      check_txt_rset
       s.success
       s = spinner('[Route53] Check MX Record')
-      res = route53.list_resource_record_sets(
-        hosted_zone_id: hosted_zone_id,
-        start_record_name: "#{domain}.",
-        start_record_type: 'MX'
-      )
-      raise "#{domain} MX already exist" unless res.resource_record_sets.empty?
+      check_mx_rset
       s.success
       true
     end
-    private
-    def sts
-      @sts ||= Aws::STS::Client.new
+    def rollback
+      @do_rollback = true
     end
-    def s3
-      @s3 ||= Aws::S3::Client.new
+    private
+    def step(message, save)
+      return if @do_rollback
+      s = spinner(message)
+      begin
+        yield
+        @savepoint.push(save)
+        s.success
+      rescue
+        puts "Error: #{$ERROR_INFO}"
+        @do_rollback = true
+        s.error
+      end
     end
-    def ses
-      @ses ||= Aws::SES::Client.new
+    def cleanup_resources
+      @savepoint.reverse.each do |state|
+        case state
+        when :s3_bucket
+          s = spinner('[S3] Delete Bucket')
+          delete_bucket
+          s.success
+        when :ses_domain_identity
+          s = spinner('[SES] Delete Verified Domain Identiry')
+          delete_domain_identity
+          s.success
+        when :route53_txt
+          s = spinner('[Route53] Delete TXT Record Set')
+          delete_txt_rset
+          s.success
+        when :route53_mx
+          s = spinner('[Route53] Delete MX Record Set')
+          delete_mx_rset
+          s.success
+        when :ses_rule_set
+          s = spinner('[SES] Delete Receipt Rule Set')
+          delete_rule_set
+          s.success
+        when :ses_rule
+          s = spinner('[SES] Delete Receipt Rule')
+          delete_rule
+          s.success
+        when :ses_replace_active_rule_set
+          s = spinner('[SES] Revert Active Receipt Rule Set')
+          revert_active_rue_set
+          s.success
+        end
+      end
     end
-    def route53
-      @route53 ||= Aws::Route53::Client.new
+    def bucket_name
+      @bucket_name ||= "#{@domain}-generated-by-certman-for-ses-inbound-"
     end
-    def acm
-      @acm ||= Aws::ACM::Client.new
+    def rule_name
+      @rule_name ||= "S3RuleGeneratedByCertman_#{@domain}"
     end
-    def bucket_name
-      @bucket_name ||= "#{domain}-generated-by-certman-for-ses-inbound-"
+    def rule_set_name
+      @rule_set_name ||= "RuleSetGeneratedByCertman_#{@domain}"
     end
     def spinner(message)

data/lib/certman/resource/acm.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module Certman
+  module Resource
+    module ACM
+      def request_certificate
+        res = acm.request_certificate(
+          domain_name: @domain,
+          subject_alternative_names: [@domain],
+          domain_validation_options: [
+            {
+              domain_name: @domain,
+              validation_domain: @domain
+            }
+          ]
+        )
+        @cert_arn = res.certificate_arn
+      end
+      def delete_certificate
+        current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
+          cert.domain_name == @domain
+        end
+        raise 'Certificate does not exist' unless current_cert
+        acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
+      end
+      def check_certificate
+        current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
+          cert.domain_name == @domain
+        end
+        raise 'Certificate already exist' if current_cert
+      end
+      def acm
+        @acm ||= Aws::ACM::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/route53.rb ADDED Viewed

@@ -0,0 +1,140 @@
+module Certman
+  module Resource
+    # rubocop:disable Metrics/ModuleLength
+    module Route53
+      def create_txt_rset
+        root_domain = PublicSuffix.domain(@domain)
+        @hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
+          PublicSuffix.domain(zone.name) == root_domain
+        end
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'CREATE',
+                resource_record_set: {
+                  name: "_amazonses.#{@domain}",
+                  resource_records: [
+                    {
+                      value: '"' + @token + '"'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'TXT'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def create_mx_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'CREATE',
+                resource_record_set: {
+                  name: @domain,
+                  resource_records: [
+                    {
+                      value: '10 inbound-smtp.us-east-1.amazonaws.com'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'MX'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def delete_txt_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'DELETE',
+                resource_record_set: {
+                  name: "_amazonses.#{@domain}",
+                  resource_records: [
+                    {
+                      value: '"' + @token + '"'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'TXT'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def delete_mx_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'DELETE',
+                resource_record_set: {
+                  name: @domain,
+                  resource_records: [
+                    {
+                      value: '10 inbound-smtp.us-east-1.amazonaws.com'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'MX'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def check_hosted_zone
+        root_domain = PublicSuffix.domain(@domain)
+        @hosted_zone_id = nil
+        hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
+          if PublicSuffix.domain(zone.name) == root_domain
+            @hosted_zone_id = zone.id
+            next true
+          end
+        end
+        raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone
+      end
+      def check_txt_rset
+        res = route53.list_resource_record_sets(
+          hosted_zone_id: @hosted_zone_id,
+          start_record_name: "_amazonses.#{@domain}.",
+          start_record_type: 'TXT'
+        )
+        raise "_amazonses.#{@domain} TXT already exist" unless res.resource_record_sets.empty?
+      end
+      def check_mx_rset
+        res = route53.list_resource_record_sets(
+          hosted_zone_id: @hosted_zone_id,
+          start_record_name: "#{@domain}.",
+          start_record_type: 'MX'
+        )
+        raise "#{@domain} MX already exist" unless res.resource_record_sets.empty?
+      end
+      def route53
+        @route53 ||= Aws::Route53::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/s3.rb ADDED Viewed

@@ -0,0 +1,89 @@
+module Certman
+  module Resource
+    module S3
+      def create_bucket
+        account_id = sts.get_caller_identity.account
+        bucket_policy = <<-"EOF"
+{
+            "Version": "2008-10-17",
+    "Statement": [
+        {
+            "Sid": "GiveSESPermissionToWriteEmail",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": [
+                    "ses.amazonaws.com"
+                ]
+            },
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Resource": "arn:aws:s3:::#{bucket_name}/*",
+            "Condition": {
+                "StringEquals": {
+                    "aws:Referer": "#{account_id}"
+                }
+            }
+        }
+    ]
+}
+EOF
+        s3.create_bucket(
+          acl: 'private',
+          bucket: bucket_name
+        )
+        s3.put_bucket_policy(
+          bucket: bucket_name,
+          policy: bucket_policy,
+          use_accelerate_endpoint: false
+        )
+      end
+      def check_approval_mail
+        is_break = false
+        60.times do
+          s3.list_objects(bucket: bucket_name).contents.map do |object|
+            res = s3.get_object(bucket: bucket_name, key: object.key)
+            res.body.read.match(%r{https://certificates\.amazon\.com/approvals[^\s]+}) do |md|
+              cert_uri = md[0]
+              handle = open(cert_uri)
+              document = Oga.parse_html(handle)
+              data = {}
+              document.css('form input').each do |input|
+                data[input.get('name')] = input.get('value')
+              end
+              res = Net::HTTP.post_form(URI.parse('https://certificates.amazon.com/approvals'), data)
+              raise 'Can not approve' unless res.body =~ /Success/
+              # success
+              is_break = true
+              break
+            end
+          end
+          break if is_break
+          break if @do_rollback
+          sleep 30
+        end
+        raise 'Can not approve' unless is_break
+      end
+      def delete_bucket
+        objects = s3.list_objects(bucket: bucket_name).contents.map do |object|
+          { key: object.key }
+        end
+        unless objects.empty?
+          s3.delete_objects(
+            bucket: bucket_name,
+            delete: {
+              objects: objects
+            }
+          )
+        end
+        s3.delete_bucket(bucket: bucket_name)
+      end
+      def s3
+        @s3 ||= Aws::S3::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/ses.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module Certman
+  module Resource
+    module SES
+      def create_domain_identity
+        res = ses.verify_domain_identity(domain: @domain)
+        @token = res.verification_token
+      end
+      def check_domain_identity_verified
+        is_break = false
+        100.times do
+          res = ses.get_identity_verification_attributes(
+            identities: [
+              @domain
+            ]
+          )
+          if res.verification_attributes[@domain].verification_status == 'Success'
+            # success
+            is_break = true
+            break
+          end
+          break if @do_rollback
+          sleep 5
+        end
+        raise 'Can not check verified' unless is_break
+      end
+      def delete_domain_identity
+        ses.delete_identity(identity: @domain)
+      end
+      def create_rule_set
+        ses.create_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def create_rule
+        ses.create_receipt_rule(
+          rule: {
+            recipients: ["admin@#{@domain}"],
+            actions: [
+              {
+                s3_action: {
+                  bucket_name: bucket_name
+                }
+              }
+            ],
+            enabled: true,
+            name: rule_name,
+            scan_enabled: true,
+            tls_policy: 'Optional'
+          },
+          rule_set_name: rule_set_name
+        )
+      end
+      def replace_active_rule_set
+        @current_rule_set_name = nil
+        res = ses.describe_active_receipt_rule_set
+        @current_rule_set_name = res.metadata.name if res.metadata
+        ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def delete_rule_set
+        ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def delete_rule
+        ses.delete_receipt_rule(
+          rule_name: rule_name,
+          rule_set_name: rule_set_name
+        )
+      end
+      def revert_active_rue_set
+        ses.set_active_receipt_rule_set(rule_set_name: @current_rule_set_name)
+      end
+      def ses
+        @ses ||= Aws::SES::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/sts.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Certman
+  module Resource
+    module STS
+      def sts
+        @sts ||= Aws::STS::Client.new
+      end
+    end
+  end
+end

data/lib/certman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Certman
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/certman.rb CHANGED Viewed

@@ -8,6 +8,11 @@ require 'open-uri'
 require 'tty-prompt'
 require 'tty-spinner'
 require 'pastel'
+require 'certman/resource/sts'
+require 'certman/resource/s3'
+require 'certman/resource/ses'
+require 'certman/resource/route53'
+require 'certman/resource/acm'
 require 'certman/client'
 require 'certman/cli'
 require 'certman/log'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: certman
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - k1LoW
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-03-23 00:00:00.000000000 Z
+date: 2017-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -230,6 +230,11 @@ files:
 - lib/certman/cli.rb
 - lib/certman/client.rb
 - lib/certman/log.rb
+- lib/certman/resource/acm.rb
+- lib/certman/resource/route53.rb
+- lib/certman/resource/s3.rb
+- lib/certman/resource/ses.rb
+- lib/certman/resource/sts.rb
 - lib/certman/version.rb
 homepage: https://github.com/k1LoW/certman
 licenses: