encryptbot 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +14 -1
- data/README.md +7 -3
- data/encryptbot.gemspec +4 -3
- data/lib/encryptbot/cert.rb +2 -0
- data/lib/encryptbot/configuration.rb +5 -1
- data/lib/encryptbot/exceptions.rb +3 -0
- data/lib/encryptbot/services/route53.rb +58 -0
- data/lib/encryptbot/version.rb +1 -1
- data/lib/encryptbot.rb +1 -0
- metadata +20 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b0a9f893513d61a64f0e9fd85fc4fb76caba5727
|
4
|
+
data.tar.gz: 6db386732ad8535b01cb59ea4548137d7359c087
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d2cc083be332bdc1c57b2be181763704d34158ad0d10f68e285abd9926cf5f09c005f99d37ca86d069abf0433849ac79d3448184e37f8fab8a95c1b18521ee25
|
7
|
+
data.tar.gz: 0a31ac1f915522e9da4cbb55ee669e7bd7443f6c17b3a573dab00a0ae753ea3db8e6d36009f1c8d0811e09924f8e56c343a829560710c6be5dc993efc3606269
|
data/Gemfile.lock
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
encryptbot (0.1.
|
4
|
+
encryptbot (0.1.1)
|
5
5
|
acme-client
|
6
|
+
aws-sdk-route53
|
6
7
|
faraday
|
7
8
|
platform-api
|
8
9
|
slack-notifier
|
@@ -12,6 +13,17 @@ GEM
|
|
12
13
|
specs:
|
13
14
|
acme-client (2.0.0)
|
14
15
|
faraday (~> 0.9, >= 0.9.1)
|
16
|
+
aws-eventstream (1.0.1)
|
17
|
+
aws-partitions (1.94.0)
|
18
|
+
aws-sdk-core (3.21.3)
|
19
|
+
aws-eventstream (~> 1.0)
|
20
|
+
aws-partitions (~> 1.0)
|
21
|
+
aws-sigv4 (~> 1.0)
|
22
|
+
jmespath (~> 1.0)
|
23
|
+
aws-sdk-route53 (1.9.0)
|
24
|
+
aws-sdk-core (~> 3)
|
25
|
+
aws-sigv4 (~> 1.0)
|
26
|
+
aws-sigv4 (1.0.2)
|
15
27
|
erubis (2.7.0)
|
16
28
|
excon (0.62.0)
|
17
29
|
faraday (0.15.2)
|
@@ -21,6 +33,7 @@ GEM
|
|
21
33
|
excon
|
22
34
|
moneta
|
23
35
|
multi_json (>= 1.9.2)
|
36
|
+
jmespath (1.4.0)
|
24
37
|
moneta (0.8.1)
|
25
38
|
multi_json (1.13.1)
|
26
39
|
multipart-post (2.0.0)
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# Encryptbot
|
2
2
|
|
3
|
-
Encryptbot creates and renews your
|
3
|
+
Encryptbot creates and renews your Let's Encrypt SSL certificate on Heroku allowing for multiple wildcards.
|
4
4
|
|
5
5
|
The gem will:
|
6
6
|
|
7
|
-
- Create
|
8
|
-
- Add
|
7
|
+
- Create Let's Encrypt
|
8
|
+
- Add Let's Encrypt DNS Challenge TXT records to your DNS provider (Cloudflare and Dyn supported)
|
9
9
|
- Add certificate to your Heroku SNI endpoint
|
10
10
|
- Send Slack notifications if the process fails.
|
11
11
|
|
@@ -42,6 +42,10 @@ Encryptbot.configure do |config|
|
|
42
42
|
config.dyn_password = "dyn_password"
|
43
43
|
config.slack_webhook = "slack_webhook_url"
|
44
44
|
config.slack_bot_username = "name_for_slack_bot"
|
45
|
+
config.route53_hosted_zone_id = "Z123456"
|
46
|
+
config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
|
47
|
+
config.route53_access_key_id = "aws_api_key"
|
48
|
+
config.route53_secret_access_key = "aws_api_secret"
|
45
49
|
config.domains = [
|
46
50
|
{domain: "*.domain1.com", service: "cloudflare"},
|
47
51
|
{domain: "*.domain2.com", service: "dyn"},
|
data/encryptbot.gemspec
CHANGED
@@ -9,9 +9,9 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.authors = ["danlewis"]
|
10
10
|
spec.email = [""]
|
11
11
|
|
12
|
-
spec.summary = %q{Manage
|
13
|
-
spec.description = %q{Manage
|
14
|
-
spec.homepage = ""
|
12
|
+
spec.summary = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
13
|
+
spec.description = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
14
|
+
spec.homepage = "https://github.com/danlewis/encryptbot"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
17
17
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
spec.add_dependency "platform-api"
|
26
26
|
spec.add_dependency "faraday"
|
27
27
|
spec.add_dependency "slack-notifier"
|
28
|
+
spec.add_dependency "aws-sdk-route53"
|
28
29
|
spec.add_development_dependency "bundler", "~> 1.16"
|
29
30
|
spec.add_development_dependency "rake", "~> 10.0"
|
30
31
|
end
|
data/lib/encryptbot/cert.rb
CHANGED
@@ -47,6 +47,8 @@ module Encryptbot
|
|
47
47
|
content: dns_challenge.record_content
|
48
48
|
}
|
49
49
|
case @domain_list.detect{|t| t[:domain].gsub("*.", "") == domain }[:service]
|
50
|
+
when "route53"
|
51
|
+
Encryptbot::Services::Route53.new(domain, dns_entry).add_challenge
|
50
52
|
when "cloudflare"
|
51
53
|
Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
|
52
54
|
when "dyn"
|
@@ -14,6 +14,10 @@ module Encryptbot
|
|
14
14
|
@dyn_customer_name = nil
|
15
15
|
@dyn_username = nil
|
16
16
|
@dyn_password = nil
|
17
|
+
@route53_hosted_zone_id = nil
|
18
|
+
@route53_acme_record_name = nil
|
19
|
+
@route53_access_key_id = nil
|
20
|
+
@route53_secret_access_key = nil
|
17
21
|
@acme_email = nil
|
18
22
|
@slack_webhook = nil
|
19
23
|
@slack_bot_username = "encryptbot"
|
@@ -23,7 +27,7 @@ module Encryptbot
|
|
23
27
|
|
24
28
|
def valid?
|
25
29
|
heroku_app && heroku_token && acme_email && domains.any? &&
|
26
|
-
(cloudflare_api_key || dyn_customer_name)
|
30
|
+
(cloudflare_api_key || dyn_customer_name || route53_api_key)
|
27
31
|
end
|
28
32
|
|
29
33
|
end
|
@@ -20,6 +20,9 @@ module Encryptbot
|
|
20
20
|
class CloudflareDNSError < EncryptbotError; end
|
21
21
|
# Exception raised when adding TXT record to Dyn
|
22
22
|
class DynDNSError < EncryptbotError; end
|
23
|
+
# Exception raised when route 53 fails to update
|
24
|
+
class Route53DNSError < EncryptbotError; end
|
25
|
+
# Exception raised when unknown error
|
23
26
|
class UnknownServiceError < EncryptbotError; end
|
24
27
|
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
25
28
|
class InvalidOrderError < EncryptbotError; end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
# Route 53 acts a single service for domains to be verified, hence the domain is not used
|
2
|
+
require "aws-sdk-route53"
|
3
|
+
|
4
|
+
module Encryptbot
|
5
|
+
module Services
|
6
|
+
class Route53
|
7
|
+
|
8
|
+
attr_accessor :domain, :dns_entry, :client, :hosted_zone_id, :aws_acme_record_name
|
9
|
+
|
10
|
+
def initialize(domain, dns_entry)
|
11
|
+
@dns_entry = dns_entry
|
12
|
+
@hosted_zone_id = Encryptbot.configuration.route53_hosted_zone_id
|
13
|
+
@acme_name = Encryptbot.configuration.route53_acme_record_name
|
14
|
+
@client = Aws::Route53::Client.new({
|
15
|
+
region: "global",
|
16
|
+
credentials: Aws::Credentials.new(
|
17
|
+
Encryptbot.configuration.route53_access_key_id,
|
18
|
+
Encryptbot.configuration.route53_secret_access_key
|
19
|
+
)})
|
20
|
+
end
|
21
|
+
|
22
|
+
def add_challenge
|
23
|
+
begin
|
24
|
+
response = @client.change_resource_record_sets({
|
25
|
+
change_batch: {
|
26
|
+
changes: [
|
27
|
+
action: "UPSERT",
|
28
|
+
resource_record_set: {
|
29
|
+
name: @aws_acme_record_name,
|
30
|
+
resource_records: [
|
31
|
+
{
|
32
|
+
value: "\"#{@dns_entry[:content]}\"",
|
33
|
+
},
|
34
|
+
],
|
35
|
+
ttl: 0,
|
36
|
+
type: "TXT",
|
37
|
+
}
|
38
|
+
],
|
39
|
+
comment: "ACME Challege update",
|
40
|
+
},
|
41
|
+
hosted_zone_id: @hosted_zone_id
|
42
|
+
})
|
43
|
+
change_id = response.change_info.id
|
44
|
+
change_status = response.change_info.status
|
45
|
+
while change_status == "PENDING"
|
46
|
+
sleep(10)
|
47
|
+
change_status = @client.get_change({id: change_id}).change_info.status
|
48
|
+
end
|
49
|
+
change_status == "NSYNC"
|
50
|
+
|
51
|
+
rescue => e
|
52
|
+
raise Encryptbot::Error::Route53DNSError, e
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
data/lib/encryptbot/version.rb
CHANGED
data/lib/encryptbot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encryptbot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- danlewis
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: aws-sdk-route53
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: bundler
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,7 +108,7 @@ dependencies:
|
|
94
108
|
- - "~>"
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: '10.0'
|
97
|
-
description: Manage
|
111
|
+
description: Manage Let's Encrypt wildcard certificates on Heroku
|
98
112
|
email:
|
99
113
|
- ''
|
100
114
|
executables: []
|
@@ -119,10 +133,11 @@ files:
|
|
119
133
|
- lib/encryptbot/railtie.rb
|
120
134
|
- lib/encryptbot/services/cloudflare.rb
|
121
135
|
- lib/encryptbot/services/dyn.rb
|
136
|
+
- lib/encryptbot/services/route53.rb
|
122
137
|
- lib/encryptbot/slack.rb
|
123
138
|
- lib/encryptbot/version.rb
|
124
139
|
- lib/tasks/encryptbot.rake
|
125
|
-
homepage:
|
140
|
+
homepage: https://github.com/danlewis/encryptbot
|
126
141
|
licenses:
|
127
142
|
- MIT
|
128
143
|
metadata: {}
|
@@ -145,5 +160,5 @@ rubyforge_project:
|
|
145
160
|
rubygems_version: 2.6.13
|
146
161
|
signing_key:
|
147
162
|
specification_version: 4
|
148
|
-
summary: Manage
|
163
|
+
summary: Manage Let's Encrypt wildcard certificates on Heroku
|
149
164
|
test_files: []
|