certman 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/certman/cli.rb +2 -4
- data/lib/certman/client.rb +50 -49
- data/lib/certman/resource/acm.rb +1 -1
- data/lib/certman/resource/route53.rb +4 -4
- data/lib/certman/resource/ses.rb +19 -9
- data/lib/certman/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5fb0672b4747cfec0f8607cd81af9f9bdb06b50b
|
|
4
|
+
data.tar.gz: 1ac80795546083e8f5f1250016a0e4b0c33e8d6a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52b0049736f4d17baf9e678eb08b5d14c4d3e6d8a007f5178fa5b296b8040c51c02ec5d5475de981795e51b155290333e47eec25ebe295e0be272ff8d0dbaeb
|
|
7
|
+
data.tar.gz: d23a89e90b39181aa0561e460ff1e45cfa018fe7826ac036361a97538436e1a37e4afb73deee0c2a3f793cc36bd41d954802a733e35f84907e7dadea2bbc113b
|
data/lib/certman/cli.rb
CHANGED
|
@@ -7,11 +7,9 @@ module Certman
|
|
|
7
7
|
prompt = TTY::Prompt.new
|
|
8
8
|
return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
|
|
9
9
|
Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
|
10
|
-
unless Certman::Resource::SES::REGIONS.include?(Aws.config[:region])
|
|
11
|
-
return unless prompt.yes?(pastel.red('NOTICE! Certman use *us-east-1* S3/SES. OK?'))
|
|
12
|
-
end
|
|
13
|
-
return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
|
|
14
10
|
client = Certman::Client.new(domain)
|
|
11
|
+
return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
|
|
12
|
+
return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
|
|
15
13
|
Signal.trap(:INT) do
|
|
16
14
|
puts ''
|
|
17
15
|
puts pastel.red('Rollback start.')
|
data/lib/certman/client.rb
CHANGED
|
@@ -17,7 +17,7 @@ module Certman
|
|
|
17
17
|
def request(remain_resources = false)
|
|
18
18
|
check_resource
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
enforce_region_by_hash do
|
|
21
21
|
step('[S3] Create Bucket for SES inbound', :s3_bucket) do
|
|
22
22
|
create_bucket
|
|
23
23
|
end
|
|
@@ -30,35 +30,31 @@ module Certman
|
|
|
30
30
|
create_txt_rset
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
|
|
33
|
+
enforce_region_by_hash do
|
|
34
34
|
step('[SES] Check Domain Identity Status *verified*', nil) do
|
|
35
35
|
check_domain_identity_verified
|
|
36
36
|
end
|
|
37
|
-
end
|
|
38
37
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
step('[Route53] Create MX Record Set', :route53_mx) do
|
|
39
|
+
create_mx_rset
|
|
40
|
+
end
|
|
42
41
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
42
|
+
unless active_rule_set_exist?
|
|
43
|
+
step('[SES] Create and Active Receipt Rule Set', :ses_rule_set) do
|
|
44
|
+
create_and_active_rule_set
|
|
45
|
+
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
step('[SES] Create Receipt Rule', :ses_rule) do
|
|
49
49
|
create_rule
|
|
50
50
|
end
|
|
51
|
-
|
|
52
|
-
step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
|
|
53
|
-
replace_active_rule_set
|
|
54
|
-
end
|
|
55
51
|
end
|
|
56
52
|
|
|
57
53
|
step('[ACM] Request Certificate', :acm_certificate) do
|
|
58
54
|
request_certificate
|
|
59
55
|
end
|
|
60
56
|
|
|
61
|
-
|
|
57
|
+
enforce_region_by_hash do
|
|
62
58
|
step('[S3] Check approval mail (will take about 30 min)', nil) do
|
|
63
59
|
check_approval_mail
|
|
64
60
|
end
|
|
@@ -76,27 +72,35 @@ module Certman
|
|
|
76
72
|
end
|
|
77
73
|
|
|
78
74
|
def check_resource
|
|
75
|
+
pastel = Pastel.new
|
|
76
|
+
|
|
79
77
|
s = spinner('[ACM] Check Certificate')
|
|
80
|
-
raise 'Certificate already exist' if
|
|
78
|
+
raise 'Certificate already exist' if certificate_exist?
|
|
81
79
|
s.success
|
|
82
80
|
|
|
83
81
|
s = spinner('[Route53] Check Hosted Zone')
|
|
84
|
-
raise "Hosted Zone #{root_domain} does not exist" unless
|
|
82
|
+
raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone_exist?
|
|
85
83
|
s.success
|
|
86
84
|
|
|
87
85
|
s = spinner('[Route53] Check TXT Record')
|
|
88
|
-
raise "_amazonses.#{email_domain} TXT already exist" if
|
|
86
|
+
raise "_amazonses.#{email_domain} TXT already exist" if txt_rset_exist?
|
|
89
87
|
s.success
|
|
90
88
|
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
89
|
+
enforce_region_by_hash do
|
|
90
|
+
s = spinner('[Route53] Check MX Record')
|
|
91
|
+
raise "#{email_domain} MX already exist" if mx_rset_exist?
|
|
92
|
+
if cname_rset_exist?
|
|
93
|
+
puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{root_domain}")
|
|
94
|
+
@cname_exists = true
|
|
95
|
+
check_resource
|
|
96
|
+
end
|
|
97
|
+
s.success
|
|
94
98
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
99
|
+
s = spinner('[SES] Check Active Rule Set')
|
|
100
|
+
if active_rule_set_exist?
|
|
101
|
+
puts pastel.cyan("\nActive Rule Set already exist. Use #{@current_active_rule_set_name}")
|
|
102
|
+
end
|
|
103
|
+
s.success
|
|
100
104
|
end
|
|
101
105
|
|
|
102
106
|
true
|
|
@@ -108,11 +112,9 @@ module Certman
|
|
|
108
112
|
|
|
109
113
|
private
|
|
110
114
|
|
|
111
|
-
def
|
|
115
|
+
def enforce_region_by_hash
|
|
112
116
|
region = Aws.config[:region]
|
|
113
|
-
|
|
114
|
-
Aws.config[:region] = 'us-east-1'
|
|
115
|
-
end
|
|
117
|
+
Aws.config[:region] = region_by_hash
|
|
116
118
|
yield
|
|
117
119
|
Aws.config[:region] = region
|
|
118
120
|
end
|
|
@@ -134,16 +136,17 @@ module Certman
|
|
|
134
136
|
end
|
|
135
137
|
|
|
136
138
|
def cleanup_resources
|
|
139
|
+
pastel = Pastel.new
|
|
137
140
|
@savepoint.reverse.each do |state|
|
|
138
141
|
case state
|
|
139
142
|
when :s3_bucket
|
|
140
|
-
|
|
143
|
+
enforce_region_by_hash do
|
|
141
144
|
s = spinner('[S3] Delete Bucket')
|
|
142
145
|
delete_bucket
|
|
143
146
|
s.success
|
|
144
147
|
end
|
|
145
148
|
when :ses_domain_identity
|
|
146
|
-
|
|
149
|
+
enforce_region_by_hash do
|
|
147
150
|
s = spinner('[SES] Delete Verified Domain Identiry')
|
|
148
151
|
delete_domain_identity
|
|
149
152
|
s.success
|
|
@@ -153,27 +156,28 @@ module Certman
|
|
|
153
156
|
delete_txt_rset
|
|
154
157
|
s.success
|
|
155
158
|
when :route53_mx
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
+
enforce_region_by_hash do
|
|
160
|
+
s = spinner('[Route53] Delete MX Record Set')
|
|
161
|
+
delete_mx_rset
|
|
162
|
+
s.success
|
|
163
|
+
end
|
|
159
164
|
when :ses_rule_set
|
|
160
|
-
|
|
165
|
+
enforce_region_by_hash do
|
|
161
166
|
s = spinner('[SES] Delete Receipt Rule Set')
|
|
162
|
-
|
|
163
|
-
|
|
167
|
+
if rule_exist?
|
|
168
|
+
puts pastel.cyan("\nReceipt Rule exist. Can not delete Receipt Rule Set.")
|
|
169
|
+
s.error
|
|
170
|
+
else
|
|
171
|
+
delete_rule_set
|
|
172
|
+
s.success
|
|
173
|
+
end
|
|
164
174
|
end
|
|
165
175
|
when :ses_rule
|
|
166
|
-
|
|
176
|
+
enforce_region_by_hash do
|
|
167
177
|
s = spinner('[SES] Delete Receipt Rule')
|
|
168
178
|
delete_rule
|
|
169
179
|
s.success
|
|
170
180
|
end
|
|
171
|
-
when :ses_replace_active_rule_set
|
|
172
|
-
enforce_region_to_us_east_1 do
|
|
173
|
-
s = spinner('[SES] Revert Active Receipt Rule Set')
|
|
174
|
-
revert_active_rue_set
|
|
175
|
-
s.success
|
|
176
|
-
end
|
|
177
181
|
when :acm_certificate
|
|
178
182
|
if @do_rollback
|
|
179
183
|
s = spinner('[ACM] Delete Certificate')
|
|
@@ -216,11 +220,8 @@ module Certman
|
|
|
216
220
|
end
|
|
217
221
|
|
|
218
222
|
def rule_set_name
|
|
219
|
-
@rule_set_name ||=
|
|
220
|
-
|
|
221
|
-
else
|
|
222
|
-
"RuleSetCertman_#{Digest::SHA1.hexdigest(email_domain)}"
|
|
223
|
-
end
|
|
223
|
+
@rule_set_name ||= @current_active_rule_set_name
|
|
224
|
+
@rule_set_name ||= Certman::Resource::SES::RULE_SET_NAME_BY_CERTMAN
|
|
224
225
|
end
|
|
225
226
|
|
|
226
227
|
def spinner(message)
|
data/lib/certman/resource/acm.rb
CHANGED
|
@@ -31,7 +31,7 @@ module Certman
|
|
|
31
31
|
acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
def
|
|
34
|
+
def certificate_exist?
|
|
35
35
|
current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
|
|
36
36
|
cert.domain_name == @domain
|
|
37
37
|
end
|
|
@@ -101,7 +101,7 @@ module Certman
|
|
|
101
101
|
)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
-
def
|
|
104
|
+
def hosted_zone_exist?
|
|
105
105
|
@hosted_zone_id = nil
|
|
106
106
|
hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
|
|
107
107
|
if PublicSuffix.domain(zone.name) == root_domain
|
|
@@ -112,7 +112,7 @@ module Certman
|
|
|
112
112
|
hosted_zone
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
def
|
|
115
|
+
def txt_rset_exist?
|
|
116
116
|
res = route53.test_dns_answer(
|
|
117
117
|
hosted_zone_id: @hosted_zone_id,
|
|
118
118
|
record_name: "_amazonses.#{email_domain}.",
|
|
@@ -121,7 +121,7 @@ module Certman
|
|
|
121
121
|
!res.record_data.empty?
|
|
122
122
|
end
|
|
123
123
|
|
|
124
|
-
def
|
|
124
|
+
def mx_rset_exist?
|
|
125
125
|
res = route53.test_dns_answer(
|
|
126
126
|
hosted_zone_id: @hosted_zone_id,
|
|
127
127
|
record_name: "#{email_domain}.",
|
|
@@ -130,7 +130,7 @@ module Certman
|
|
|
130
130
|
!res.record_data.empty?
|
|
131
131
|
end
|
|
132
132
|
|
|
133
|
-
def
|
|
133
|
+
def cname_rset_exist?
|
|
134
134
|
res = route53.test_dns_answer(
|
|
135
135
|
hosted_zone_id: @hosted_zone_id,
|
|
136
136
|
record_name: "#{email_domain}.",
|
data/lib/certman/resource/ses.rb
CHANGED
|
@@ -2,12 +2,24 @@ module Certman
|
|
|
2
2
|
module Resource
|
|
3
3
|
module SES
|
|
4
4
|
REGIONS = %w(us-east-1 us-west-2 eu-west-1)
|
|
5
|
+
RULE_SET_NAME_BY_CERTMAN = 'RuleSetByCertman'
|
|
6
|
+
|
|
7
|
+
def region_by_hash
|
|
8
|
+
key = Digest::SHA1.hexdigest(@domain).to_i(16) % REGIONS.length
|
|
9
|
+
REGIONS[key]
|
|
10
|
+
end
|
|
5
11
|
|
|
6
12
|
def create_domain_identity
|
|
7
13
|
res = ses.verify_domain_identity(domain: email_domain)
|
|
8
14
|
@token = res.verification_token
|
|
9
15
|
end
|
|
10
16
|
|
|
17
|
+
def active_rule_set_exist?
|
|
18
|
+
@current_active_rule_set_name = nil
|
|
19
|
+
res = ses.describe_active_receipt_rule_set
|
|
20
|
+
@current_active_rule_set_name = res.metadata.name if res.metadata
|
|
21
|
+
end
|
|
22
|
+
|
|
11
23
|
def check_domain_identity_verified
|
|
12
24
|
is_break = false
|
|
13
25
|
100.times do
|
|
@@ -31,8 +43,9 @@ module Certman
|
|
|
31
43
|
ses.delete_identity(identity: email_domain)
|
|
32
44
|
end
|
|
33
45
|
|
|
34
|
-
def
|
|
46
|
+
def create_and_active_rule_set
|
|
35
47
|
ses.create_receipt_rule_set(rule_set_name: rule_set_name)
|
|
48
|
+
ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
|
|
36
49
|
end
|
|
37
50
|
|
|
38
51
|
def create_rule
|
|
@@ -55,14 +68,15 @@ module Certman
|
|
|
55
68
|
)
|
|
56
69
|
end
|
|
57
70
|
|
|
58
|
-
def
|
|
59
|
-
@current_rule_set_name = nil
|
|
71
|
+
def rule_exist?
|
|
60
72
|
res = ses.describe_active_receipt_rule_set
|
|
61
|
-
|
|
62
|
-
ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
|
|
73
|
+
res.rules && !res.rules.empty?
|
|
63
74
|
end
|
|
64
75
|
|
|
65
76
|
def delete_rule_set
|
|
77
|
+
res = ses.describe_active_receipt_rule_set
|
|
78
|
+
return if res.rules && res.rules.length > 1
|
|
79
|
+
ses.set_active_receipt_rule_set(rule_set_name: nil)
|
|
66
80
|
ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
|
|
67
81
|
end
|
|
68
82
|
|
|
@@ -73,10 +87,6 @@ module Certman
|
|
|
73
87
|
)
|
|
74
88
|
end
|
|
75
89
|
|
|
76
|
-
def revert_active_rue_set
|
|
77
|
-
ses.set_active_receipt_rule_set(rule_set_name: @current_rule_set_name)
|
|
78
|
-
end
|
|
79
|
-
|
|
80
90
|
def ses
|
|
81
91
|
@ses ||= Aws::SES::Client.new
|
|
82
92
|
end
|
data/lib/certman/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-05-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements: []
|
|
258
258
|
rubyforge_project:
|
|
259
|
-
rubygems_version: 2.
|
|
259
|
+
rubygems_version: 2.6.12
|
|
260
260
|
signing_key:
|
|
261
261
|
specification_version: 4
|
|
262
262
|
summary: CLI tool for AWS Certificate Manager.
|