RubyGems - certman - Versions diffs - 0.1.0 → 0.2.0 - Mend

certman 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -1
data/README.md +10 -5
data/lib/certman/cli.rb +9 -2
data/lib/certman/client.rb +99 -292
data/lib/certman/resource/acm.rb +38 -0
data/lib/certman/resource/route53.rb +140 -0
data/lib/certman/resource/s3.rb +89 -0
data/lib/certman/resource/ses.rb +83 -0
data/lib/certman/resource/sts.rb +9 -0
data/lib/certman/version.rb +1 -1
data/lib/certman.rb +5 -0
metadata +7 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: abd249cac5771cfd40429d8123247925a65c3b55
-  data.tar.gz: a06cea74aff79c77bc6800660f038f89f0412aa8
+  metadata.gz: dc3463ae829bfaef6897bb714c2489d113113465
+  data.tar.gz: 55623eb5f306caa72832a252a06125632344efc9
 SHA512:
-  metadata.gz: 88589e4fb6d9b5eb7e065dc3ddc351c7b2831ea2d5b6cda1e541192e470e50a9ddcd66be775959e2ec202ac034f5be7db437627223fb8fb9dd84a7d3de9707b8
-  data.tar.gz: e10726b02ce3acd0287f8800a8176c6f2f1816d23de210ca8152d3915a0b341173d3f2ea5ddd3f301933e50512563b218e0ccf77e9dcc1e895d715c2e6908e6c
+  metadata.gz: 6fab1591da092475a654d4903b9984ec71f4c35b6f85ce69ff4bdfcde40123d3b53557e10f8450d2efff75d777da892542ff424107fecc1eb2b6a81aa42b031f
+  data.tar.gz: 285bae5e5f326b9b6d57e9d32dcf68b01461354ce63d0b3fed8599a68c49f45e67e28ebe3a8e12c1bdb3028537646efe857a6410a17551f758eccddc00a208e0

data/.rubocop.yml CHANGED Viewed

@@ -17,7 +17,7 @@ Metrics/PerceivedComplexity:
   Max: 10
 Metrics/BlockLength:
-  Max: 30
+  Max: 50
 Metrics/LineLength:
   Max: 120

data/README.md CHANGED Viewed

@@ -36,15 +36,20 @@ NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK? Yes
 [✔] [Route53] Check MX Record (successfull)
 [✔] [S3] Create Bucket for SES inbound (successfull)
 [✔] [SES] Create Domain Identity (successfull)
-[✔] [Route53] Add TXT Record Set to verify Domain Identity (successfull)
+[✔] [Route53] Create TXT Record Set to verify Domain Identity (successfull)
 [✔] [SES] Check Domain Identity Status *verified* (successfull)
-[✔] [Route53] Add MX Record Set (successfull)
+[✔] [Route53] Create MX Record Set (successfull)
+[✔] [SES] Create Receipt Rule Set (successfull)
 [✔] [SES] Create Receipt Rule (successfull)
+[✔] [SES] Replace Active Receipt Rule Set (successfull)
 [✔] [ACM] Request Certificate (successfull)
 [✔] [S3] Check approval mail (will take about 30 min) (successfull)
-[✔] [SES] Remove Receipt rule (successfull)
-[✔] [Route53] Remove Record Set (successfull)
-[✔] [SES] Remove Verified Domain Identiry (successfull)
+[✔] [SES] Revert Active Receipt Rule Set (successfull)
+[✔] [SES] Delete Receipt Rule (successfull)
+[✔] [SES] Delete Receipt Rule Set (successfull)
+[✔] [Route53] Delete MX Record Set (successfull)
+[✔] [Route53] Delete TXT Record Set (successfull)
+[✔] [SES] Delete Verified Domain Identiry (successfull)
 [✔] [S3] Delete Bucket (successfull)
 Done.

data/lib/certman/cli.rb CHANGED Viewed

@@ -1,12 +1,19 @@
 module Certman
   class CLI < Thor
     desc 'request [DOMAIN]', 'Request ACM Certificate with only AWS managed services'
+    option :remain_resources, type: :boolean
     def request(domain)
       pastel = Pastel.new
       prompt = TTY::Prompt.new
       return unless prompt.yes?(pastel.red('NOTICE! Certman support *us-east-1* only, now. OK?'))
       return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
-      cert_arn = Certman::Client.new(domain).request_certificate
+      client = Certman::Client.new(domain)
+      Signal.trap(:INT) do
+        puts ''
+        puts pastel.red('Rollback start.')
+        client.rollback
+      end
+      cert_arn = client.request(options[:remain_resources])
       puts 'Done.'
       puts ''
       puts "certificate_arn: #{pastel.cyan(cert_arn)}"
@@ -15,7 +22,7 @@ module Certman
     desc 'delete [DOMAIN]', 'Delete ACM Certificate'
     def delete(domain)
-      Certman::Client.new(domain).delete_certificate
+      Certman::Client.new(domain).delete
       puts 'Done.'
       puts ''
     end

data/lib/certman/client.rb CHANGED Viewed

@@ -1,350 +1,157 @@
 module Certman
   class Client
-    attr_reader :domain
+    include Certman::Resource::STS
+    include Certman::Resource::S3
+    include Certman::Resource::SES
+    include Certman::Resource::Route53
+    include Certman::Resource::ACM
     def initialize(domain)
+      @do_rollback = false
       @domain = domain
+      @cert_arn = nil
+      @savepoint = []
     end
-    def request_certificate
+    def request(remain_resources = false)
       check_resource
-      # Get Account ID
-      account_id = sts.get_caller_identity.account
-      # Create S3 for SES inbound
-      s = spinner('[S3] Create Bucket for SES inbound')
-      bucket_policy = <<-"EOF"
-{
-            "Version": "2008-10-17",
-    "Statement": [
-        {
-            "Sid": "GiveSESPermissionToWriteEmail",
-            "Effect": "Allow",
-            "Principal": {
-                "Service": [
-                    "ses.amazonaws.com"
-                ]
-            },
-            "Action": [
-                "s3:PutObject"
-            ],
-            "Resource": "arn:aws:s3:::#{bucket_name}/*",
-            "Condition": {
-                "StringEquals": {
-                    "aws:Referer": "#{account_id}"
-                }
-            }
-        }
-    ]
-}
-EOF
-      s3.create_bucket(
-        acl: 'private',
-        bucket: bucket_name
-      )
-      s3.put_bucket_policy(
-        bucket: bucket_name,
-        policy: bucket_policy,
-        use_accelerate_endpoint: false
-      )
-      s.success
-      # Create Domain Identity
-      s = spinner('[SES] Create Domain Identity')
-      res = ses.verify_domain_identity(domain: domain)
-      token = res.verification_token
-      s.success
-      # Add TXT Record Set with Route53
-      s = spinner('[Route53] Add TXT Record Set to verify Domain Identity')
-      root_domain = PublicSuffix.domain(domain)
-      hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
-        PublicSuffix.domain(zone.name) == root_domain
+      step('[S3] Create Bucket for SES inbound', :s3_bucket) do
+        create_bucket
       end
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'CREATE',
-              resource_record_set: {
-                name: "_amazonses.#{domain}",
-                resource_records: [
-                  {
-                    value: '"' + token + '"'
-                  }
-                ],
-                ttl: 60,
-                type: 'TXT'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
-      # Checking verify
-      s = spinner('[SES] Check Domain Identity Status *verified*')
-      is_break = false
-      100.times do
-        res = ses.get_identity_verification_attributes(
-          identities: [
-            domain
-          ]
-        )
-        if res.verification_attributes[domain].verification_status == 'Success'
-          is_break = true
-          s.success
-          break
-        end
-        sleep 5
+      step('[SES] Create Domain Identity', :ses_domain_identity) do
+        create_domain_identity
       end
-      s.error unless is_break
-      # Add MX Record Set
-      s = spinner('[Route53] Add MX Record Set')
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'CREATE',
-              resource_record_set: {
-                name: domain,
-                resource_records: [
-                  {
-                    value: '10 inbound-smtp.us-east-1.amazonaws.com'
-                  }
-                ],
-                ttl: 60,
-                type: 'MX'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
+      step('[Route53] Create TXT Record Set to verify Domain Identity', :route53_txt) do
+        create_txt_rset
+      end
-      # Create Receipt rule
-      s = spinner('[SES] Create Receipt Rule')
-      rule_name = "S3RuleGeneratedByCertman_#{domain}"
-      rule_set_name = "RuleSetGeneratedByCertman_#{domain}"
-      ses.create_receipt_rule_set(rule_set_name: rule_set_name)
-      ses.create_receipt_rule(
-        rule: {
-          recipients: ["admin@#{domain}"],
-          actions: [
-            {
-              s3_action: {
-                bucket_name: bucket_name
-              }
-            }
-          ],
-          enabled: true,
-          name: rule_name,
-          scan_enabled: true,
-          tls_policy: 'Optional'
-        },
-        rule_set_name: rule_set_name
-      )
-      current_rule_set_name = nil
-      res = ses.describe_active_receipt_rule_set
-      current_rule_set_name = res.metadata.name if res.metadata
-      ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
-      s.success
+      step('[SES] Check Domain Identity Status *verified*', nil) do
+        check_domain_identity_verified
+      end
-      # Request Certificate
-      s = spinner('[ACM] Request Certificate')
-      res = acm.request_certificate(
-        domain_name: domain,
-        subject_alternative_names: [domain],
-        domain_validation_options: [
-          {
-            domain_name: domain,
-            validation_domain: domain
-          }
-        ]
-      )
-      cert_arn = res.certificate_arn
-      s.success
+      step('[Route53] Create MX Record Set', :route53_mx) do
+        create_mx_rset
+      end
-      # Check Mail and Approve
-      s = spinner('[S3] Check approval mail (will take about 30 min)')
-      is_break = false
-      60.times do
-        s3.list_objects(bucket: bucket_name).contents.map do |object|
-          res = s3.get_object(bucket: bucket_name, key: object.key)
-          res.body.read.match(%r{https://certificates\.amazon\.com/approvals[^\s]+}) do |md|
-            cert_uri = md[0]
-            handle = open(cert_uri)
-            document = Oga.parse_html(handle)
-            data = {}
-            document.css('form input').each do |input|
-              data[input.get('name')] = input.get('value')
-            end
-            res = Net::HTTP.post_form(URI.parse('https://certificates.amazon.com/approvals'), data)
-            if res.body =~ /Success/
-              s.success
-            else
-              s.error
-            end
-            is_break = true
-            break
-          end
-        end
-        break if is_break
-        sleep 30
+      step('[SES] Create Receipt Rule Set', :ses_rule_set) do
+        create_rule_set
       end
-      s.error unless is_break
-      # Remove Receipt Rule
-      s = spinner('[SES] Remove Receipt Rule')
-      ses.set_active_receipt_rule_set(rule_set_name: current_rule_set_name)
-      ses.delete_receipt_rule(
-        rule_name: rule_name,
-        rule_set_name: rule_set_name
-      )
-      ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
-      s.success
+      step('[SES] Create Receipt Rule', :ses_rule) do
+        create_rule
+      end
-      # Remove Record Set
-      s = spinner('[Route53] Remove Record Set')
-      route53.change_resource_record_sets(
-        change_batch: {
-          changes: [
-            {
-              action: 'DELETE',
-              resource_record_set: {
-                name: "_amazonses.#{domain}",
-                resource_records: [
-                  {
-                    value: '"' + token + '"'
-                  }
-                ],
-                ttl: 60,
-                type: 'TXT'
-              }
-            },
-            {
-              action: 'DELETE',
-              resource_record_set: {
-                name: domain,
-                resource_records: [
-                  {
-                    value: '10 inbound-smtp.us-east-1.amazonaws.com'
-                  }
-                ],
-                ttl: 60,
-                type: 'MX'
-              }
-            }
-          ],
-          comment: 'Generate by certman'
-        },
-        hosted_zone_id: hosted_zone.id
-      )
-      s.success
+      step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
+        replace_active_rule_set
+      end
-      # Remove Verified Domain Identiry
-      s = spinner('[SES] Remove Verified Domain Identiry')
-      ses.delete_identity(identity: domain)
-      s.success
+      step('[ACM] Request Certificate', :acm_certificate) do
+        request_certificate
+      end
-      # Delete S3 for SES inbound
-      s = spinner('[S3] Delete Bucket')
-      objects = s3.list_objects(bucket: bucket_name).contents.map do |object|
-        { key: object.key }
+      step('[S3] Check approval mail (will take about 30 min)', nil) do
+        check_approval_mail
       end
-      s3.delete_objects(
-        bucket: bucket_name,
-        delete: {
-          objects: objects
-        }
-      )
-      s3.delete_bucket(bucket: bucket_name)
-      s.success
-      cert_arn
+      cleanup_resources if !remain_resources || @do_rollback
+      @cert_arn
     end
-    def delete_certificate
+    def delete
       s = spinner('[ACM] Delete Certificate')
-      current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
-        cert.domain_name == domain
-      end
-      raise 'Certificate does not exist' unless current_cert
-      acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
+      delete_certificate
       s.success
     end
     def check_resource
       s = spinner('[ACM] Check Certificate')
-      current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
-        cert.domain_name == domain
-      end
-      raise 'Certificate already exist' if current_cert
+      check_certificate
       s.success
       s = spinner('[Route53] Check Hosted Zone')
-      root_domain = PublicSuffix.domain(domain)
-      hosted_zone_id = nil
-      hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
-        if PublicSuffix.domain(zone.name) == root_domain
-          hosted_zone_id = zone.id
-          next true
-        end
-      end
-      raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone
+      check_hosted_zone
       s.success
       s = spinner('[Route53] Check TXT Record')
-      res = route53.list_resource_record_sets(
-        hosted_zone_id: hosted_zone_id,
-        start_record_name: "_amazonses.#{domain}.",
-        start_record_type: 'TXT'
-      )
-      raise "_amazonses.#{domain} TXT already exist" unless res.resource_record_sets.empty?
+      check_txt_rset
       s.success
       s = spinner('[Route53] Check MX Record')
-      res = route53.list_resource_record_sets(
-        hosted_zone_id: hosted_zone_id,
-        start_record_name: "#{domain}.",
-        start_record_type: 'MX'
-      )
-      raise "#{domain} MX already exist" unless res.resource_record_sets.empty?
+      check_mx_rset
       s.success
       true
     end
-    private
-    def sts
-      @sts ||= Aws::STS::Client.new
+    def rollback
+      @do_rollback = true
     end
-    def s3
-      @s3 ||= Aws::S3::Client.new
+    private
+    def step(message, save)
+      return if @do_rollback
+      s = spinner(message)
+      begin
+        yield
+        @savepoint.push(save)
+        s.success
+      rescue
+        puts "Error: #{$ERROR_INFO}"
+        @do_rollback = true
+        s.error
+      end
     end
-    def ses
-      @ses ||= Aws::SES::Client.new
+    def cleanup_resources
+      @savepoint.reverse.each do |state|
+        case state
+        when :s3_bucket
+          s = spinner('[S3] Delete Bucket')
+          delete_bucket
+          s.success
+        when :ses_domain_identity
+          s = spinner('[SES] Delete Verified Domain Identiry')
+          delete_domain_identity
+          s.success
+        when :route53_txt
+          s = spinner('[Route53] Delete TXT Record Set')
+          delete_txt_rset
+          s.success
+        when :route53_mx
+          s = spinner('[Route53] Delete MX Record Set')
+          delete_mx_rset
+          s.success
+        when :ses_rule_set
+          s = spinner('[SES] Delete Receipt Rule Set')
+          delete_rule_set
+          s.success
+        when :ses_rule
+          s = spinner('[SES] Delete Receipt Rule')
+          delete_rule
+          s.success
+        when :ses_replace_active_rule_set
+          s = spinner('[SES] Revert Active Receipt Rule Set')
+          revert_active_rue_set
+          s.success
+        end
+      end
     end
-    def route53
-      @route53 ||= Aws::Route53::Client.new
+    def bucket_name
+      @bucket_name ||= "#{@domain}-generated-by-certman-for-ses-inbound-"
     end
-    def acm
-      @acm ||= Aws::ACM::Client.new
+    def rule_name
+      @rule_name ||= "S3RuleGeneratedByCertman_#{@domain}"
     end
-    def bucket_name
-      @bucket_name ||= "#{domain}-generated-by-certman-for-ses-inbound-"
+    def rule_set_name
+      @rule_set_name ||= "RuleSetGeneratedByCertman_#{@domain}"
     end
     def spinner(message)

data/lib/certman/resource/acm.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module Certman
+  module Resource
+    module ACM
+      def request_certificate
+        res = acm.request_certificate(
+          domain_name: @domain,
+          subject_alternative_names: [@domain],
+          domain_validation_options: [
+            {
+              domain_name: @domain,
+              validation_domain: @domain
+            }
+          ]
+        )
+        @cert_arn = res.certificate_arn
+      end
+      def delete_certificate
+        current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
+          cert.domain_name == @domain
+        end
+        raise 'Certificate does not exist' unless current_cert
+        acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
+      end
+      def check_certificate
+        current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
+          cert.domain_name == @domain
+        end
+        raise 'Certificate already exist' if current_cert
+      end
+      def acm
+        @acm ||= Aws::ACM::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/route53.rb ADDED Viewed

@@ -0,0 +1,140 @@
+module Certman
+  module Resource
+    # rubocop:disable Metrics/ModuleLength
+    module Route53
+      def create_txt_rset
+        root_domain = PublicSuffix.domain(@domain)
+        @hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
+          PublicSuffix.domain(zone.name) == root_domain
+        end
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'CREATE',
+                resource_record_set: {
+                  name: "_amazonses.#{@domain}",
+                  resource_records: [
+                    {
+                      value: '"' + @token + '"'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'TXT'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def create_mx_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'CREATE',
+                resource_record_set: {
+                  name: @domain,
+                  resource_records: [
+                    {
+                      value: '10 inbound-smtp.us-east-1.amazonaws.com'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'MX'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def delete_txt_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'DELETE',
+                resource_record_set: {
+                  name: "_amazonses.#{@domain}",
+                  resource_records: [
+                    {
+                      value: '"' + @token + '"'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'TXT'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def delete_mx_rset
+        route53.change_resource_record_sets(
+          change_batch: {
+            changes: [
+              {
+                action: 'DELETE',
+                resource_record_set: {
+                  name: @domain,
+                  resource_records: [
+                    {
+                      value: '10 inbound-smtp.us-east-1.amazonaws.com'
+                    }
+                  ],
+                  ttl: 60,
+                  type: 'MX'
+                }
+              }
+            ],
+            comment: 'Generate by certman'
+          },
+          hosted_zone_id: @hosted_zone.id
+        )
+      end
+      def check_hosted_zone
+        root_domain = PublicSuffix.domain(@domain)
+        @hosted_zone_id = nil
+        hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
+          if PublicSuffix.domain(zone.name) == root_domain
+            @hosted_zone_id = zone.id
+            next true
+          end
+        end
+        raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone
+      end
+      def check_txt_rset
+        res = route53.list_resource_record_sets(
+          hosted_zone_id: @hosted_zone_id,
+          start_record_name: "_amazonses.#{@domain}.",
+          start_record_type: 'TXT'
+        )
+        raise "_amazonses.#{@domain} TXT already exist" unless res.resource_record_sets.empty?
+      end
+      def check_mx_rset
+        res = route53.list_resource_record_sets(
+          hosted_zone_id: @hosted_zone_id,
+          start_record_name: "#{@domain}.",
+          start_record_type: 'MX'
+        )
+        raise "#{@domain} MX already exist" unless res.resource_record_sets.empty?
+      end
+      def route53
+        @route53 ||= Aws::Route53::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/s3.rb ADDED Viewed

@@ -0,0 +1,89 @@
+module Certman
+  module Resource
+    module S3
+      def create_bucket
+        account_id = sts.get_caller_identity.account
+        bucket_policy = <<-"EOF"
+{
+            "Version": "2008-10-17",
+    "Statement": [
+        {
+            "Sid": "GiveSESPermissionToWriteEmail",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": [
+                    "ses.amazonaws.com"
+                ]
+            },
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Resource": "arn:aws:s3:::#{bucket_name}/*",
+            "Condition": {
+                "StringEquals": {
+                    "aws:Referer": "#{account_id}"
+                }
+            }
+        }
+    ]
+}
+EOF
+        s3.create_bucket(
+          acl: 'private',
+          bucket: bucket_name
+        )
+        s3.put_bucket_policy(
+          bucket: bucket_name,
+          policy: bucket_policy,
+          use_accelerate_endpoint: false
+        )
+      end
+      def check_approval_mail
+        is_break = false
+        60.times do
+          s3.list_objects(bucket: bucket_name).contents.map do |object|
+            res = s3.get_object(bucket: bucket_name, key: object.key)
+            res.body.read.match(%r{https://certificates\.amazon\.com/approvals[^\s]+}) do |md|
+              cert_uri = md[0]
+              handle = open(cert_uri)
+              document = Oga.parse_html(handle)
+              data = {}
+              document.css('form input').each do |input|
+                data[input.get('name')] = input.get('value')
+              end
+              res = Net::HTTP.post_form(URI.parse('https://certificates.amazon.com/approvals'), data)
+              raise 'Can not approve' unless res.body =~ /Success/
+              # success
+              is_break = true
+              break
+            end
+          end
+          break if is_break
+          break if @do_rollback
+          sleep 30
+        end
+        raise 'Can not approve' unless is_break
+      end
+      def delete_bucket
+        objects = s3.list_objects(bucket: bucket_name).contents.map do |object|
+          { key: object.key }
+        end
+        unless objects.empty?
+          s3.delete_objects(
+            bucket: bucket_name,
+            delete: {
+              objects: objects
+            }
+          )
+        end
+        s3.delete_bucket(bucket: bucket_name)
+      end
+      def s3
+        @s3 ||= Aws::S3::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/ses.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module Certman
+  module Resource
+    module SES
+      def create_domain_identity
+        res = ses.verify_domain_identity(domain: @domain)
+        @token = res.verification_token
+      end
+      def check_domain_identity_verified
+        is_break = false
+        100.times do
+          res = ses.get_identity_verification_attributes(
+            identities: [
+              @domain
+            ]
+          )
+          if res.verification_attributes[@domain].verification_status == 'Success'
+            # success
+            is_break = true
+            break
+          end
+          break if @do_rollback
+          sleep 5
+        end
+        raise 'Can not check verified' unless is_break
+      end
+      def delete_domain_identity
+        ses.delete_identity(identity: @domain)
+      end
+      def create_rule_set
+        ses.create_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def create_rule
+        ses.create_receipt_rule(
+          rule: {
+            recipients: ["admin@#{@domain}"],
+            actions: [
+              {
+                s3_action: {
+                  bucket_name: bucket_name
+                }
+              }
+            ],
+            enabled: true,
+            name: rule_name,
+            scan_enabled: true,
+            tls_policy: 'Optional'
+          },
+          rule_set_name: rule_set_name
+        )
+      end
+      def replace_active_rule_set
+        @current_rule_set_name = nil
+        res = ses.describe_active_receipt_rule_set
+        @current_rule_set_name = res.metadata.name if res.metadata
+        ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def delete_rule_set
+        ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
+      end
+      def delete_rule
+        ses.delete_receipt_rule(
+          rule_name: rule_name,
+          rule_set_name: rule_set_name
+        )
+      end
+      def revert_active_rue_set
+        ses.set_active_receipt_rule_set(rule_set_name: @current_rule_set_name)
+      end
+      def ses
+        @ses ||= Aws::SES::Client.new
+      end
+    end
+  end
+end

data/lib/certman/resource/sts.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Certman
+  module Resource
+    module STS
+      def sts
+        @sts ||= Aws::STS::Client.new
+      end
+    end
+  end
+end

data/lib/certman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Certman
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/certman.rb CHANGED Viewed

@@ -8,6 +8,11 @@ require 'open-uri'
 require 'tty-prompt'
 require 'tty-spinner'
 require 'pastel'
+require 'certman/resource/sts'
+require 'certman/resource/s3'
+require 'certman/resource/ses'
+require 'certman/resource/route53'
+require 'certman/resource/acm'
 require 'certman/client'
 require 'certman/cli'
 require 'certman/log'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: certman
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - k1LoW
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-03-23 00:00:00.000000000 Z
+date: 2017-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -230,6 +230,11 @@ files:
 - lib/certman/cli.rb
 - lib/certman/client.rb
 - lib/certman/log.rb
+- lib/certman/resource/acm.rb
+- lib/certman/resource/route53.rb
+- lib/certman/resource/s3.rb
+- lib/certman/resource/ses.rb
+- lib/certman/resource/sts.rb
 - lib/certman/version.rb
 homepage: https://github.com/k1LoW/certman
 licenses: