certman 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/certman/cli.rb +6 -4
- data/lib/certman/client.rb +15 -7
- data/lib/certman/resource/route53.rb +2 -2
- data/lib/certman/resource/s3.rb +3 -2
- data/lib/certman/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de87e6045fb8c57ca1901d8a4873bc98f9708f47
|
|
4
|
+
data.tar.gz: 996d68620862ad5dcefeba152bf1a951869289a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 783c5f0b05da2cf4abaaa8019a4a0cca53a3431eb52b7b1d1439c26cef96089510045c77c758855b2f02187456ebddc581f4b4f37e93963a0f812348c3147b83
|
|
7
|
+
data.tar.gz: 848c27576f51f0757aea1f374a722206dac7d059145288f8966aadfeabab872c7cfaf7d34d9a68b53fb82f891bf67278d2f9495e73a4692c00bdd185e52d75c0
|
data/lib/certman/cli.rb
CHANGED
|
@@ -1,21 +1,23 @@
|
|
|
1
1
|
module Certman
|
|
2
2
|
class CLI < Thor
|
|
3
3
|
desc 'request [DOMAIN]', 'Request ACM Certificate with only AWS managed services'
|
|
4
|
-
option :remain_resources, type: :boolean
|
|
4
|
+
option :remain_resources, type: :boolean, default: false
|
|
5
|
+
option :hosted_zone, type: :string
|
|
5
6
|
def request(domain)
|
|
6
7
|
pastel = Pastel.new
|
|
7
8
|
prompt = TTY::Prompt.new
|
|
8
9
|
return unless prompt.yes?(pastel.red("NOTICE! Your selected region is *#{Aws.config[:region]}*. \
|
|
9
10
|
Certman create certificate on *#{Aws.config[:region]}*. OK?"))
|
|
10
|
-
client = Certman::Client.new(domain)
|
|
11
|
+
client = Certman::Client.new(domain, options)
|
|
11
12
|
return unless prompt.yes?(pastel.red("NOTICE! Certman use *#{client.region_by_hash}* S3/SES. OK?"))
|
|
12
|
-
return unless prompt.yes?(pastel.red(
|
|
13
|
+
return unless prompt.yes?(pastel.red("NOTICE! When requesting, Certman apend Receipt Rule to current Active \
|
|
14
|
+
Receipt Rule Set. OK?"))
|
|
13
15
|
Signal.trap(:INT) do
|
|
14
16
|
puts ''
|
|
15
17
|
puts pastel.red('Rollback start.')
|
|
16
18
|
client.rollback
|
|
17
19
|
end
|
|
18
|
-
cert_arn = client.request
|
|
20
|
+
cert_arn = client.request
|
|
19
21
|
puts 'Done.'
|
|
20
22
|
puts ''
|
|
21
23
|
puts "certificate_arn: #{pastel.cyan(cert_arn)}"
|
data/lib/certman/client.rb
CHANGED
|
@@ -6,15 +6,18 @@ module Certman
|
|
|
6
6
|
include Certman::Resource::Route53
|
|
7
7
|
include Certman::Resource::ACM
|
|
8
8
|
|
|
9
|
-
def initialize(domain)
|
|
9
|
+
def initialize(domain, options)
|
|
10
10
|
@do_rollback = false
|
|
11
11
|
@cname_exists = false
|
|
12
12
|
@domain = domain
|
|
13
13
|
@cert_arn = nil
|
|
14
14
|
@savepoint = []
|
|
15
|
+
@remain_resources = options[:remain_resources]
|
|
16
|
+
@hosted_zone_domain = options[:hosted_zone]
|
|
17
|
+
@hosted_zone_domain.sub(/\.\z/, '') unless @hosted_zone_domain.nil?
|
|
15
18
|
end
|
|
16
19
|
|
|
17
|
-
def request
|
|
20
|
+
def request
|
|
18
21
|
check_resource
|
|
19
22
|
|
|
20
23
|
enforce_region_by_hash do
|
|
@@ -60,7 +63,7 @@ module Certman
|
|
|
60
63
|
end
|
|
61
64
|
end
|
|
62
65
|
|
|
63
|
-
cleanup_resources if
|
|
66
|
+
cleanup_resources if !@remain_resources || @do_rollback
|
|
64
67
|
|
|
65
68
|
@cert_arn
|
|
66
69
|
end
|
|
@@ -79,7 +82,7 @@ module Certman
|
|
|
79
82
|
s.success
|
|
80
83
|
|
|
81
84
|
s = spinner('[Route53] Check Hosted Zone')
|
|
82
|
-
raise "Hosted Zone #{
|
|
85
|
+
raise "Hosted Zone #{hosted_zone_domain} does not exist" unless hosted_zone_exist?
|
|
83
86
|
s.success
|
|
84
87
|
|
|
85
88
|
s = spinner('[Route53] Check TXT Record')
|
|
@@ -90,7 +93,7 @@ module Certman
|
|
|
90
93
|
s = spinner('[Route53] Check MX Record')
|
|
91
94
|
raise "#{email_domain} MX already exist" if mx_rset_exist?
|
|
92
95
|
if cname_rset_exist?
|
|
93
|
-
puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{
|
|
96
|
+
puts pastel.cyan("\n#{email_domain} CNAME already exist. Use #{hosted_zone_domain}")
|
|
94
97
|
@cname_exists = true
|
|
95
98
|
check_resource
|
|
96
99
|
end
|
|
@@ -197,17 +200,22 @@ module Certman
|
|
|
197
200
|
end
|
|
198
201
|
end
|
|
199
202
|
|
|
203
|
+
def hosted_zone_domain
|
|
204
|
+
return @hosted_zone_domain if @hosted_zone_domain
|
|
205
|
+
root_domain
|
|
206
|
+
end
|
|
207
|
+
|
|
200
208
|
def root_domain
|
|
201
209
|
PublicSuffix.domain(@domain)
|
|
202
210
|
end
|
|
203
211
|
|
|
204
212
|
def email_domain
|
|
205
|
-
return
|
|
213
|
+
return hosted_zone_domain if @cname_exists
|
|
206
214
|
@domain.sub(/\A(www|\*)\./, '')
|
|
207
215
|
end
|
|
208
216
|
|
|
209
217
|
def validation_domain
|
|
210
|
-
return
|
|
218
|
+
return hosted_zone_domain if @cname_exists
|
|
211
219
|
@domain
|
|
212
220
|
end
|
|
213
221
|
|
|
@@ -4,7 +4,7 @@ module Certman
|
|
|
4
4
|
module Route53
|
|
5
5
|
def create_txt_rset
|
|
6
6
|
@hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
|
|
7
|
-
|
|
7
|
+
zone.name == "#{hosted_zone_domain}."
|
|
8
8
|
end
|
|
9
9
|
route53.change_resource_record_sets(
|
|
10
10
|
change_batch: {
|
|
@@ -104,7 +104,7 @@ module Certman
|
|
|
104
104
|
def hosted_zone_exist?
|
|
105
105
|
@hosted_zone_id = nil
|
|
106
106
|
hosted_zone = route53.list_hosted_zones.hosted_zones.find do |zone|
|
|
107
|
-
if
|
|
107
|
+
if zone.name == "#{hosted_zone_domain}."
|
|
108
108
|
@hosted_zone_id = zone.id
|
|
109
109
|
next true
|
|
110
110
|
end
|
data/lib/certman/resource/s3.rb
CHANGED
|
@@ -45,7 +45,7 @@ EOF
|
|
|
45
45
|
sleep 60
|
|
46
46
|
s3.list_objects(bucket: bucket_name).contents.map do |object|
|
|
47
47
|
res = s3.get_object(bucket: bucket_name, key: object.key)
|
|
48
|
-
res.body.read.match(%r{https://certificates\.amazon\.com/approvals[^\s]+}) do |md|
|
|
48
|
+
res.body.read.match(%r{https://[^\s]*certificates\.amazon\.com/approvals[^\s]+}) do |md|
|
|
49
49
|
cert_uri = md[0]
|
|
50
50
|
handle = open(cert_uri)
|
|
51
51
|
document = Oga.parse_html(handle)
|
|
@@ -53,7 +53,8 @@ EOF
|
|
|
53
53
|
document.css('form input').each do |input|
|
|
54
54
|
data[input.get('name')] = input.get('value')
|
|
55
55
|
end
|
|
56
|
-
|
|
56
|
+
post_uri = cert_uri.sub(/\?.*/, '')
|
|
57
|
+
res = Net::HTTP.post_form(URI.parse(post_uri), data)
|
|
57
58
|
raise 'Can not approve' unless res.body =~ /Success/
|
|
58
59
|
# success
|
|
59
60
|
is_break = true
|
data/lib/certman/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certman
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-05-
|
|
11
|
+
date: 2017-05-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|