certman 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: afe7de198a051fa8fc8e85e76521eb231d6acfc8
4
- data.tar.gz: 2e56cf7d1d91ba4456cdcbfa095a84476291d37f
3
+ metadata.gz: 5fb0672b4747cfec0f8607cd81af9f9bdb06b50b
4
+ data.tar.gz: 1ac80795546083e8f5f1250016a0e4b0c33e8d6a
5
5
  SHA512:
6
- metadata.gz: c6ebd365a7ebff46be9a0e6ee995190e6c0d6cf327d12419246d0fa3e3d76a1425a5563b85a6d8c215748935ecc0c235c15e53e2cb7d4aaf191f374d6656a06c
7
- data.tar.gz: e6be25afe25f5adf314457fe50751ea2acf804c47e8d406c9c298848da871594c53c8a7db75a30c116ae3c3cf3acaf0ce307e57a304b0c55ccfc6d56f90d4242
6
+ metadata.gz: c52b0049736f4d17baf9e678eb08b5d14c4d3e6d8a007f5178fa5b296b8040c51c02ec5d5475de981795e51b155290333e47eec25ebe295e0be272ff8d0dbaeb
7
+ data.tar.gz: d23a89e90b39181aa0561e460ff1e45cfa018fe7826ac036361a97538436e1a37e4afb73deee0c2a3f793cc36bd41d954802a733e35f84907e7dadea2bbc113b
data/lib/certman/cli.rb CHANGED
@@ -7,11 +7,9 @@ module Certman
7
7
  prompt = TTY::Prompt.new
8
8
  return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
9
9
  Certman create certificate on *#{Aws.config[:region]}*. OK?"))
10
- unless Certman::Resource::SES::REGIONS.include?(Aws.config[:region])
11
- return unless prompt.yes?(pastel.red('NOTICE! Certman use *us-east-1* S3/SES. OK?'))
12
- end
13
- return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
14
10
  client = Certman::Client.new(domain)
11
+ return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
12
+ return unless prompt.yes?(pastel.red('NOTICE! When requesting, Certman replace Active Receipt Rule Set. OK?'))
15
13
  Signal.trap(:INT) do
16
14
  puts ''
17
15
  puts pastel.red('Rollback start.')
@@ -17,7 +17,7 @@ module Certman
17
17
  def request(remain_resources = false)
18
18
  check_resource
19
19
 
20
- enforce_region_to_us_east_1 do
20
+ enforce_region_by_hash do
21
21
  step('[S3] Create Bucket for SES inbound', :s3_bucket) do
22
22
  create_bucket
23
23
  end
@@ -30,35 +30,31 @@ module Certman
30
30
  create_txt_rset
31
31
  end
32
32
 
33
- enforce_region_to_us_east_1 do
33
+ enforce_region_by_hash do
34
34
  step('[SES] Check Domain Identity Status *verified*', nil) do
35
35
  check_domain_identity_verified
36
36
  end
37
- end
38
37
 
39
- step('[Route53] Create MX Record Set', :route53_mx) do
40
- create_mx_rset
41
- end
38
+ step('[Route53] Create MX Record Set', :route53_mx) do
39
+ create_mx_rset
40
+ end
42
41
 
43
- enforce_region_to_us_east_1 do
44
- step('[SES] Create Receipt Rule Set', :ses_rule_set) do
45
- create_rule_set
42
+ unless active_rule_set_exist?
43
+ step('[SES] Create and Active Receipt Rule Set', :ses_rule_set) do
44
+ create_and_active_rule_set
45
+ end
46
46
  end
47
47
 
48
48
  step('[SES] Create Receipt Rule', :ses_rule) do
49
49
  create_rule
50
50
  end
51
-
52
- step('[SES] Replace Active Receipt Rule Set', :ses_replace_active_rule_set) do
53
- replace_active_rule_set
54
- end
55
51
  end
56
52
 
57
53
  step('[ACM] Request Certificate', :acm_certificate) do
58
54
  request_certificate
59
55
  end
60
56
 
61
- enforce_region_to_us_east_1 do
57
+ enforce_region_by_hash do
62
58
  step('[S3] Check approval mail (will take about 30 min)', nil) do
63
59
  check_approval_mail
64
60
  end
@@ -76,27 +72,35 @@ module Certman
76
72
  end
77
73
 
78
74
  def check_resource
75
+ pastel = Pastel.new
76
+
79
77
  s = spinner('[ACM] Check Certificate')
80
- raise 'Certificate already exist' if check_certificate
78
+ raise 'Certificate already exist' if certificate_exist?
81
79
  s.success
82
80
 
83
81
  s = spinner('[Route53] Check Hosted Zone')
84
- raise "Hosted Zone #{root_domain} does not exist" unless check_hosted_zone
82
+ raise "Hosted Zone #{root_domain} does not exist" unless hosted_zone_exist?
85
83
  s.success
86
84
 
87
85
  s = spinner('[Route53] Check TXT Record')
88
- raise "_amazonses.#{email_domain} TXT already exist" if check_txt_rset
86
+ raise "_amazonses.#{email_domain} TXT already exist" if txt_rset_exist?
89
87
  s.success
90
88
 
91
- s = spinner('[Route53] Check MX Record')
92
- raise "#{email_domain} MX already exist" if check_mx_rset
93
- s.success
89
+ enforce_region_by_hash do
90
+ s = spinner('[Route53] Check MX Record')
91
+ raise "#{email_domain} MX already exist" if mx_rset_exist?
92
+ if cname_rset_exist?
93
+ puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{root_domain}")
94
+ @cname_exists = true
95
+ check_resource
96
+ end
97
+ s.success
94
98
 
95
- if check_cname_rset
96
- pastel = Pastel.new
97
- puts pastel.cyan("#{email_domain} CNAME already exist. Use #{root_domain}")
98
- @cname_exists = true
99
- check_resource
99
+ s = spinner('[SES] Check Active Rule Set')
100
+ if active_rule_set_exist?
101
+ puts pastel.cyan("\nActive Rule Set already exist. Use #{@current_active_rule_set_name}")
102
+ end
103
+ s.success
100
104
  end
101
105
 
102
106
  true
@@ -108,11 +112,9 @@ module Certman
108
112
 
109
113
  private
110
114
 
111
- def enforce_region_to_us_east_1
115
+ def enforce_region_by_hash
112
116
  region = Aws.config[:region]
113
- unless Certman::Resource::SES::REGIONS.include?(Aws.config[:region])
114
- Aws.config[:region] = 'us-east-1'
115
- end
117
+ Aws.config[:region] = region_by_hash
116
118
  yield
117
119
  Aws.config[:region] = region
118
120
  end
@@ -134,16 +136,17 @@ module Certman
134
136
  end
135
137
 
136
138
  def cleanup_resources
139
+ pastel = Pastel.new
137
140
  @savepoint.reverse.each do |state|
138
141
  case state
139
142
  when :s3_bucket
140
- enforce_region_to_us_east_1 do
143
+ enforce_region_by_hash do
141
144
  s = spinner('[S3] Delete Bucket')
142
145
  delete_bucket
143
146
  s.success
144
147
  end
145
148
  when :ses_domain_identity
146
- enforce_region_to_us_east_1 do
149
+ enforce_region_by_hash do
147
150
  s = spinner('[SES] Delete Verified Domain Identiry')
148
151
  delete_domain_identity
149
152
  s.success
@@ -153,27 +156,28 @@ module Certman
153
156
  delete_txt_rset
154
157
  s.success
155
158
  when :route53_mx
156
- s = spinner('[Route53] Delete MX Record Set')
157
- delete_mx_rset
158
- s.success
159
+ enforce_region_by_hash do
160
+ s = spinner('[Route53] Delete MX Record Set')
161
+ delete_mx_rset
162
+ s.success
163
+ end
159
164
  when :ses_rule_set
160
- enforce_region_to_us_east_1 do
165
+ enforce_region_by_hash do
161
166
  s = spinner('[SES] Delete Receipt Rule Set')
162
- delete_rule_set
163
- s.success
167
+ if rule_exist?
168
+ puts pastel.cyan("\nReceipt Rule exist. Can not delete Receipt Rule Set.")
169
+ s.error
170
+ else
171
+ delete_rule_set
172
+ s.success
173
+ end
164
174
  end
165
175
  when :ses_rule
166
- enforce_region_to_us_east_1 do
176
+ enforce_region_by_hash do
167
177
  s = spinner('[SES] Delete Receipt Rule')
168
178
  delete_rule
169
179
  s.success
170
180
  end
171
- when :ses_replace_active_rule_set
172
- enforce_region_to_us_east_1 do
173
- s = spinner('[SES] Revert Active Receipt Rule Set')
174
- revert_active_rue_set
175
- s.success
176
- end
177
181
  when :acm_certificate
178
182
  if @do_rollback
179
183
  s = spinner('[ACM] Delete Certificate')
@@ -216,11 +220,8 @@ module Certman
216
220
  end
217
221
 
218
222
  def rule_set_name
219
- @rule_set_name ||= if "RuleSetCertman_#{email_domain}".length < 64
220
- "RuleSetCertman_#{email_domain}"
221
- else
222
- "RuleSetCertman_#{Digest::SHA1.hexdigest(email_domain)}"
223
- end
223
+ @rule_set_name ||= @current_active_rule_set_name
224
+ @rule_set_name ||= Certman::Resource::SES::RULE_SET_NAME_BY_CERTMAN
224
225
  end
225
226
 
226
227
  def spinner(message)
@@ -31,7 +31,7 @@ module Certman
31
31
  acm.delete_certificate(certificate_arn: current_cert.certificate_arn)
32
32
  end
33
33
 
34
- def check_certificate
34
+ def certificate_exist?
35
35
  current_cert = acm.list_certificates.certificate_summary_list.find do |cert|
36
36
  cert.domain_name == @domain
37
37
  end
@@ -101,7 +101,7 @@ module Certman
101
101
  )
102
102
  end
103
103
 
104
- def check_hosted_zone
104
+ def hosted_zone_exist?
105
105
  @hosted_zone_id = nil
106
106
  hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
107
107
  if PublicSuffix.domain(zone.name) == root_domain
@@ -112,7 +112,7 @@ module Certman
112
112
  hosted_zone
113
113
  end
114
114
 
115
- def check_txt_rset
115
+ def txt_rset_exist?
116
116
  res = route53.test_dns_answer(
117
117
  hosted_zone_id: @hosted_zone_id,
118
118
  record_name: "_amazonses.#{email_domain}.",
@@ -121,7 +121,7 @@ module Certman
121
121
  !res.record_data.empty?
122
122
  end
123
123
 
124
- def check_mx_rset
124
+ def mx_rset_exist?
125
125
  res = route53.test_dns_answer(
126
126
  hosted_zone_id: @hosted_zone_id,
127
127
  record_name: "#{email_domain}.",
@@ -130,7 +130,7 @@ module Certman
130
130
  !res.record_data.empty?
131
131
  end
132
132
 
133
- def check_cname_rset
133
+ def cname_rset_exist?
134
134
  res = route53.test_dns_answer(
135
135
  hosted_zone_id: @hosted_zone_id,
136
136
  record_name: "#{email_domain}.",
@@ -2,12 +2,24 @@ module Certman
2
2
  module Resource
3
3
  module SES
4
4
  REGIONS = %w(us-east-1 us-west-2 eu-west-1)
5
+ RULE_SET_NAME_BY_CERTMAN = 'RuleSetByCertman'
6
+
7
+ def region_by_hash
8
+ key = Digest::SHA1.hexdigest(@domain).to_i(16) % REGIONS.length
9
+ REGIONS[key]
10
+ end
5
11
 
6
12
  def create_domain_identity
7
13
  res = ses.verify_domain_identity(domain: email_domain)
8
14
  @token = res.verification_token
9
15
  end
10
16
 
17
+ def active_rule_set_exist?
18
+ @current_active_rule_set_name = nil
19
+ res = ses.describe_active_receipt_rule_set
20
+ @current_active_rule_set_name = res.metadata.name if res.metadata
21
+ end
22
+
11
23
  def check_domain_identity_verified
12
24
  is_break = false
13
25
  100.times do
@@ -31,8 +43,9 @@ module Certman
31
43
  ses.delete_identity(identity: email_domain)
32
44
  end
33
45
 
34
- def create_rule_set
46
+ def create_and_active_rule_set
35
47
  ses.create_receipt_rule_set(rule_set_name: rule_set_name)
48
+ ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
36
49
  end
37
50
 
38
51
  def create_rule
@@ -55,14 +68,15 @@ module Certman
55
68
  )
56
69
  end
57
70
 
58
- def replace_active_rule_set
59
- @current_rule_set_name = nil
71
+ def rule_exist?
60
72
  res = ses.describe_active_receipt_rule_set
61
- @current_rule_set_name = res.metadata.name if res.metadata
62
- ses.set_active_receipt_rule_set(rule_set_name: rule_set_name)
73
+ res.rules && !res.rules.empty?
63
74
  end
64
75
 
65
76
  def delete_rule_set
77
+ res = ses.describe_active_receipt_rule_set
78
+ return if res.rules && res.rules.length > 1
79
+ ses.set_active_receipt_rule_set(rule_set_name: nil)
66
80
  ses.delete_receipt_rule_set(rule_set_name: rule_set_name)
67
81
  end
68
82
 
@@ -73,10 +87,6 @@ module Certman
73
87
  )
74
88
  end
75
89
 
76
- def revert_active_rue_set
77
- ses.set_active_receipt_rule_set(rule_set_name: @current_rule_set_name)
78
- end
79
-
80
90
  def ses
81
91
  @ses ||= Aws::SES::Client.new
82
92
  end
@@ -1,3 +1,3 @@
1
1
  module Certman
2
- VERSION = '0.6.1'
2
+ VERSION = '0.7.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certman
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - k1LoW
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-04-19 00:00:00.000000000 Z
11
+ date: 2017-05-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
256
256
  version: '0'
257
257
  requirements: []
258
258
  rubyforge_project:
259
- rubygems_version: 2.5.2
259
+ rubygems_version: 2.6.12
260
260
  signing_key:
261
261
  specification_version: 4
262
262
  summary: CLI tool for AWS Certificate Manager.