certman 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/certman/cli.rb +2 -4
- data/lib/certman/client.rb +50 -49
- data/lib/certman/resource/acm.rb +1 -1
- data/lib/certman/resource/route53.rb +4 -4
- data/lib/certman/resource/ses.rb +19 -9
- data/lib/certman/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5fb0672b4747cfec0f8607cd81af9f9bdb06b50b
|
|
4
|
+
data.tar.gz: 1ac80795546083e8f5f1250016a0e4b0c33e8d6a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52b0049736f4d17baf9e678eb08b5d14c4d3e6d8a007f5178fa5b296b8040c51c02ec5d5475de981795e51b155290333e47eec25ebe295e0be272ff8d0dbaeb
|
|
7
|
+
data.tar.gz: d23a89e90b39181aa0561e460ff1e45cfa018fe7826ac036361a97538436e1a37e4afb73deee0c2a3f793cc36bd41d954802a733e35f84907e7dadea2bbc113b
|
data/lib/certman/cli.rb
CHANGED
|
@@ -7,11 +7,9 @@ module Certman
|
|
|
7
7
|
prompt = TTY::Prompt.new
|
|
8
8
|
return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
|
|
9
9
|
Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
|
10
|
-
unless Certman::Resource::SES::REGIONS.include?(Aws.config[:region])
|
|
11
|
-
return unless prompt.yes?(pastel.red('NOTICE! Certman use *us-east-1* S3/SES. OK?'))
|
|
12
|
-
end
|
|
13
|
-
return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
|
|
14
10
|
client = Certman::Client.new(domain)
|
|
11
|
+
return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
|
|
12
|
+
return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
|
|
15
13
|
Signal.trap(:INT) do
|
|
16
14
|
puts ''
|
|
17
15
|
puts pastel.red('Rollback start.')
|
data/lib/certman/client.rb
CHANGED
|
@@ -17,7 +17,7 @@ module Certman
|
|
|
17
17
|
def request(remain_resources = false)
|
|
18
18
|
check_resource
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
enforce_region_by_hash do
|
|
21
21
|
step('[S3] Create Bucket for SES inbound', :s3_bucket) do
|
|
22
22
|
create_bucket
|
|
23
23
|
end
|
|
@@ -30,35 +30,31 @@ module Certman
|
|
|
30
30
|
create_txt_rset
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
|
|
33
|
+
enforce_region_by_hash do
|
|
34
34
|
step('[SES] Check Domain Identity Status *verified*', nil) do
|
|
35
35
|
check_domain_identity_verified
|
|
36
36
|
end
|
|
37
|
-
end
|
|
38
37
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
step('[Route53] Create MX Record Set', :route53_mx) do
|
|
39
|
+
create_mx_rset
|
|
40
|
+
end
|
|
42
41
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
42
|
+
unless active_rule_set_exist?
|
|
43
|
+
step('[SES] Create and Active Receipt Rule Set', :ses_rule_set) do
|
|
44
|
+
create_and_active_rule_set
|
|
45
|
+
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
step('[SES] Create Receipt Rule', :ses_rule) do
|
|
49
49
|
create_rule
|
|
50
50
|
end
|
|
51
|
-
|
|
52
|
-
step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
|
|
53
|
-
replace_active_rule_set
|
|
54
|
-
end
|
|
55
51
|
end
|
|
56
52
|
|
|
57
53
|
step('[ACM] Request Certificate', :acm_certificate) do
|
|
58
54
|
request_certificate
|
|
59
55
|
end
|
|
60
56
|
|
|
61
|
-
|
|
57
|
+
enforce_region_by_hash do
|
|
62
58
|
step('[S3] Check approval mail (will take about 30 min)', nil) do
|
|
63
59
|
check_approval_mail
|
|
64
60
|
end
|
|
@@ -76,27 +72,35 @@ module Certman
|
|
|
76
72
|
end
|
|
77
73
|
|
|
78
74
|
def check_resource
|
|
75
|
+
pastel = Pastel.new
|
|
76
|
+
|
|
79
77
|
s = spinner('[ACM] Check Certificate')
|
|
80
|
-
raise 'Certificate already exist' if
|
|
78
|
+
raise 'Certificate already exist' if certificate_exist?
|
|
81
79
|
s.success
|
|
82
80
|
|
|
83
81
|
s = spinner('[Route53] Check Hosted Zone')
|
|
84
|
-
raise "Hosted Zone #{root_domain} does not exist" unless
|
|
82
|
+
raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone_exist?
|
|
85
83
|
s.success
|
|
86
84
|
|
|
87
85
|
s = spinner('[Route53] Check TXT Record')
|
|
88
|
-
raise "_amazonses.#{email_domain} TXT already exist" if
|
|
86
|
+
raise "_amazonses.#{email_domain} TXT already exist" if txt_rset_exist?
|
|
89
87
|
s.success
|
|
90
88
|
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
89
|
+
enforce_region_by_hash do
|
|
90
|
+
s = spinner('[Route53] Check MX Record')
|
|
91
|
+
raise "#{email_domain} MX already exist" if mx_rset_exist?
|
|
92
|
+
if cname_rset_exist?
|
|
93
|
+
puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{root_domain}")
|
|
94
|
+
@cname_exists = true
|
|
95
|
+
check_resource
|
|
96
|
+
end
|
|
97
|
+
s.success
|
|
94
98
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
99
|
+
s = spinner('[SES] Check Active Rule Set')
|
|
100
|
+
if active_rule_set_exist?
|
|
101
|
+
puts pastel.cyan("\nActive Rule Set already exist. Use #{@current_active_rule_set_name}")
|
|
102
|
+
end
|
|
103
|
+
s.success
|
|
100
104
|
end
|
|
101
105
|
|
|
102
106
|
true
|
|
@@ -108,11 +112,9 @@ module Certman
|
|
|
108
112
|
|
|
109
113
|
private
|
|
110
114
|
|
|
111
|
-
def
|
|
115
|
+
def enforce_region_by_hash
|
|
112
116
|
region = Aws.config[:region]
|
|
113
|
-
|
|
114
|
-
Aws.config[:region] = 'us-east-1'
|
|
115
|
-
end
|
|
117
|
+
Aws.config[:region] = region_by_hash
|
|
116
118
|
yield
|
|
117
119
|
Aws.config[:region] = region
|
|
118
120
|
end
|
|
@@ -134,16 +136,17 @@ module Certman
|
|
|
134
136
|
end
|
|
135
137
|
|
|
136
138
|
def cleanup_resources
|
|
139
|
+
pastel = Pastel.new
|
|
137
140
|
@savepoint.reverse.each do |state|
|
|
138
141
|
case state
|
|
139
142
|
when :s3_bucket
|
|
140
|
-
|
|
143
|
+
enforce_region_by_hash do
|
|
141
144
|
s = spinner('[S3] Delete Bucket')
|
|
142
145
|
delete_bucket
|
|
143
146
|
s.success
|
|
144
147
|
end
|
|
145
148
|
when :ses_domain_identity
|
|
146
|
-
|
|
149
|
+
enforce_region_by_hash do
|
|
147
150
|
s = spinner('[SES] Delete Verified Domain Identiry')
|
|
148
151
|
delete_domain_identity
|
|
149
152
|
s.success
|
|
@@ -153,27 +156,28 @@ module Certman
|
|
|
153
156
|
delete_txt_rset
|
|
154
157
|
s.success
|
|
155
158
|
when :route53_mx
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
+
enforce_region_by_hash do
|
|
160
|
+
s = spinner('[Route53] Delete MX Record Set')
|
|
161
|
+
delete_mx_rset
|
|
162
|
+
s.success
|
|
163
|
+
end
|
|
159
164
|
when :ses_rule_set
|
|
160
|
-
|
|
165
|
+
enforce_region_by_hash do
|
|
161
166
|
s = spinner('[SES] Delete Receipt Rule Set')
|
|
162
|
-
|
|
163
|
-
|
|
167
|
+
if rule_exist?
|
|
168
|
+
puts pastel.cyan("\nReceipt Rule exist. Can not delete Receipt Rule Set.")
|
|
169
|
+
s.error
|
|
170
|
+
else
|
|
171
|
+
delete_rule_set
|
|
172
|
+
s.success
|
|
173
|
+
end
|
|
164
174
|
end
|
|
165
175
|
when :ses_rule
|
|
166
|
-
|
|
176
|
+
enforce_region_by_hash do
|
|
167
177
|
s = spinner('[SES] Delete Receipt Rule')
|
|
168
178
|
delete_rule
|
|
169
179
|
s.success
|
|
170
180
|
end
|
|
171
|
-
when :ses_replace_active_rule_set
|
|
172
|
-
enforce_region_to_us_east_1 do
|
|
173
|
-
s = spinner('[SES] Revert Active Receipt Rule Set')
|
|
174
|
-
revert_active_rue_set
|
|
175
|
-
s.success
|
|
176
|
-
end
|
|
177
181
|
when :acm_certificate
|
|
178
182
|
if @do_rollback
|
|
179
183
|
s = spinner('[ACM] Delete Certificate')
|
|
@@ -216,11 +220,8 @@ module Certman
|
|
|
216
220
|
end
|
|
217
221
|
|
|
218
222
|
def rule_set_name
|
|
219
|
-
@rule_set_name ||=
|
|
220
|
-
|
|
221
|
-
else
|
|
222
|
-
"RuleSetCertman_#{Digest::SHA1.hexdigest(email_domain)}"
|
|
223
|
-
end
|
|
223
|
+
@rule_set_name ||= @current_active_rule_set_name
|
|
224
|
+
@rule_set_name ||= Certman::Resource::SES::RULE_SET_NAME_BY_CERTMAN
|
|
224
225
|
end
|
|
225
226
|
|
|
226
227
|
def spinner(message)
|
data/lib/certman/resource/acm.rb
CHANGED
|
@@ -31,7 +31,7 @@ module Certman
|
|
|
31
31
|
acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
def
|
|
34
|
+
def certificate_exist?
|
|
35
35
|
current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
|
|
36
36
|
cert.domain_name == @domain
|
|
37
37
|
end
|
|
@@ -101,7 +101,7 @@ module Certman
|
|
|
101
101
|
)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
-
def
|
|
104
|
+
def hosted_zone_exist?
|
|
105
105
|
@hosted_zone_id = nil
|
|
106
106
|
hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
|
|
107
107
|
if PublicSuffix.domain(zone.name) == root_domain
|
|
@@ -112,7 +112,7 @@ module Certman
|
|
|
112
112
|
hosted_zone
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
def
|
|
115
|
+
def txt_rset_exist?
|
|
116
116
|
res = route53.test_dns_answer(
|
|
117
117
|
hosted_zone_id: @hosted_zone_id,
|
|
118
118
|
record_name: "_amazonses.#{email_domain}.",
|
|
@@ -121,7 +121,7 @@ module Certman
|
|
|
121
121
|
!res.record_data.empty?
|
|
122
122
|
end
|
|
123
123
|
|
|
124
|
-
def
|
|
124
|
+
def mx_rset_exist?
|
|
125
125
|
res = route53.test_dns_answer(
|
|
126
126
|
hosted_zone_id: @hosted_zone_id,
|
|
127
127
|
record_name: "#{email_domain}.",
|
|
@@ -130,7 +130,7 @@ module Certman
|
|
|
130
130
|
!res.record_data.empty?
|
|
131
131
|
end
|
|
132
132
|
|
|
133
|
-
def
|
|
133
|
+
def cname_rset_exist?
|
|
134
134
|
res = route53.test_dns_answer(
|
|
135
135
|
hosted_zone_id: @hosted_zone_id,
|
|
136
136
|
record_name: "#{email_domain}.",
|
data/lib/certman/resource/ses.rb
CHANGED
|
@@ -2,12 +2,24 @@ module Certman
|
|
|
2
2
|
module Resource
|
|
3
3
|
module SES
|
|
4
4
|
REGIONS = %w(us-east-1 us-west-2 eu-west-1)
|
|
5
|
+
RULE_SET_NAME_BY_CERTMAN = 'RuleSetByCertman'
|
|
6
|
+
|
|
7
|
+
def region_by_hash
|
|
8
|
+
key = Digest::SHA1.hexdigest(@domain).to_i(16) % REGIONS.length
|
|
9
|
+
REGIONS[key]
|
|
10
|
+
end
|
|
5
11
|
|
|
6
12
|
def create_domain_identity
|
|
7
13
|
res = ses.verify_domain_identity(domain: email_domain)
|
|
8
14
|
@token = res.verification_token
|
|
9
15
|
end
|
|
10
16
|
|
|
17
|
+
def active_rule_set_exist?
|
|
18
|
+
@current_active_rule_set_name = nil
|
|
19
|
+
res = ses.describe_active_receipt_rule_set
|
|
20
|
+
@current_active_rule_set_name = res.metadata.name if res.metadata
|
|
21
|
+
end
|
|
22
|
+
|
|
11
23
|
def check_domain_identity_verified
|
|
12
24
|
is_break = false
|
|
13
25
|
100.times do
|
|
@@ -31,8 +43,9 @@ module Certman
|
|
|
31
43
|
ses.delete_identity(identity: email_domain)
|
|
32
44
|
end
|
|
33
45
|
|
|
34
|
-
def
|
|
46
|
+
def create_and_active_rule_set
|
|
35
47
|
ses.create_receipt_rule_set(rule_set_name: rule_set_name)
|
|
48
|
+
ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
|
|
36
49
|
end
|
|
37
50
|
|
|
38
51
|
def create_rule
|
|
@@ -55,14 +68,15 @@ module Certman
|
|
|
55
68
|
)
|
|
56
69
|
end
|
|
57
70
|
|
|
58
|
-
def
|
|
59
|
-
@current_rule_set_name = nil
|
|
71
|
+
def rule_exist?
|
|
60
72
|
res = ses.describe_active_receipt_rule_set
|
|
61
|
-
|
|
62
|
-
ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
|
|
73
|
+
res.rules && !res.rules.empty?
|
|
63
74
|
end
|
|
64
75
|
|
|
65
76
|
def delete_rule_set
|
|
77
|
+
res = ses.describe_active_receipt_rule_set
|
|
78
|
+
return if res.rules && res.rules.length > 1
|
|
79
|
+
ses.set_active_receipt_rule_set(rule_set_name: nil)
|
|
66
80
|
ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
|
|
67
81
|
end
|
|
68
82
|
|
|
@@ -73,10 +87,6 @@ module Certman
|
|
|
73
87
|
)
|
|
74
88
|
end
|
|
75
89
|
|
|
76
|
-
def revert_active_rue_set
|
|
77
|
-
ses.set_active_receipt_rule_set(rule_set_name: @current_rule_set_name)
|
|
78
|
-
end
|
|
79
|
-
|
|
80
90
|
def ses
|
|
81
91
|
@ses ||= Aws::SES::Client.new
|
|
82
92
|
end
|
data/lib/certman/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-05-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements: []
|
|
258
258
|
rubyforge_project:
|
|
259
|
-
rubygems_version: 2.
|
|
259
|
+
rubygems_version: 2.6.12
|
|
260
260
|
signing_key:
|
|
261
261
|
specification_version: 4
|
|
262
262
|
summary: CLI tool for AWS Certificate Manager.
|