encryptbot 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +14 -1
- data/README.md +7 -3
- data/encryptbot.gemspec +4 -3
- data/lib/encryptbot/cert.rb +2 -0
- data/lib/encryptbot/configuration.rb +5 -1
- data/lib/encryptbot/exceptions.rb +3 -0
- data/lib/encryptbot/services/route53.rb +58 -0
- data/lib/encryptbot/version.rb +1 -1
- data/lib/encryptbot.rb +1 -0
- metadata +20 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b0a9f893513d61a64f0e9fd85fc4fb76caba5727
|
4
|
+
data.tar.gz: 6db386732ad8535b01cb59ea4548137d7359c087
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d2cc083be332bdc1c57b2be181763704d34158ad0d10f68e285abd9926cf5f09c005f99d37ca86d069abf0433849ac79d3448184e37f8fab8a95c1b18521ee25
|
7
|
+
data.tar.gz: 0a31ac1f915522e9da4cbb55ee669e7bd7443f6c17b3a573dab00a0ae753ea3db8e6d36009f1c8d0811e09924f8e56c343a829560710c6be5dc993efc3606269
|
data/Gemfile.lock
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
encryptbot (0.1.
|
4
|
+
encryptbot (0.1.1)
|
5
5
|
acme-client
|
6
|
+
aws-sdk-route53
|
6
7
|
faraday
|
7
8
|
platform-api
|
8
9
|
slack-notifier
|
@@ -12,6 +13,17 @@ GEM
|
|
12
13
|
specs:
|
13
14
|
acme-client (2.0.0)
|
14
15
|
faraday (~> 0.9, >= 0.9.1)
|
16
|
+
aws-eventstream (1.0.1)
|
17
|
+
aws-partitions (1.94.0)
|
18
|
+
aws-sdk-core (3.21.3)
|
19
|
+
aws-eventstream (~> 1.0)
|
20
|
+
aws-partitions (~> 1.0)
|
21
|
+
aws-sigv4 (~> 1.0)
|
22
|
+
jmespath (~> 1.0)
|
23
|
+
aws-sdk-route53 (1.9.0)
|
24
|
+
aws-sdk-core (~> 3)
|
25
|
+
aws-sigv4 (~> 1.0)
|
26
|
+
aws-sigv4 (1.0.2)
|
15
27
|
erubis (2.7.0)
|
16
28
|
excon (0.62.0)
|
17
29
|
faraday (0.15.2)
|
@@ -21,6 +33,7 @@ GEM
|
|
21
33
|
excon
|
22
34
|
moneta
|
23
35
|
multi_json (>= 1.9.2)
|
36
|
+
jmespath (1.4.0)
|
24
37
|
moneta (0.8.1)
|
25
38
|
multi_json (1.13.1)
|
26
39
|
multipart-post (2.0.0)
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# Encryptbot
|
2
2
|
|
3
|
-
Encryptbot creates and renews your
|
3
|
+
Encryptbot creates and renews your Let's Encrypt SSL certificate on Heroku allowing for multiple wildcards.
|
4
4
|
|
5
5
|
The gem will:
|
6
6
|
|
7
|
-
- Create
|
8
|
-
- Add
|
7
|
+
- Create Let's Encrypt
|
8
|
+
- Add Let's Encrypt DNS Challenge TXT records to your DNS provider (Cloudflare and Dyn supported)
|
9
9
|
- Add certificate to your Heroku SNI endpoint
|
10
10
|
- Send Slack notifications if the process fails.
|
11
11
|
|
@@ -42,6 +42,10 @@ Encryptbot.configure do |config|
|
|
42
42
|
config.dyn_password = "dyn_password"
|
43
43
|
config.slack_webhook = "slack_webhook_url"
|
44
44
|
config.slack_bot_username = "name_for_slack_bot"
|
45
|
+
config.route53_hosted_zone_id = "Z123456"
|
46
|
+
config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
|
47
|
+
config.route53_access_key_id = "aws_api_key"
|
48
|
+
config.route53_secret_access_key = "aws_api_secret"
|
45
49
|
config.domains = [
|
46
50
|
{domain: "*.domain1.com", service: "cloudflare"},
|
47
51
|
{domain: "*.domain2.com", service: "dyn"},
|
data/encryptbot.gemspec
CHANGED
@@ -9,9 +9,9 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.authors = ["danlewis"]
|
10
10
|
spec.email = [""]
|
11
11
|
|
12
|
-
spec.summary = %q{Manage
|
13
|
-
spec.description = %q{Manage
|
14
|
-
spec.homepage = ""
|
12
|
+
spec.summary = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
13
|
+
spec.description = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
14
|
+
spec.homepage = "https://github.com/danlewis/encryptbot"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
17
17
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
spec.add_dependency "platform-api"
|
26
26
|
spec.add_dependency "faraday"
|
27
27
|
spec.add_dependency "slack-notifier"
|
28
|
+
spec.add_dependency "aws-sdk-route53"
|
28
29
|
spec.add_development_dependency "bundler", "~> 1.16"
|
29
30
|
spec.add_development_dependency "rake", "~> 10.0"
|
30
31
|
end
|
data/lib/encryptbot/cert.rb
CHANGED
@@ -47,6 +47,8 @@ module Encryptbot
|
|
47
47
|
content: dns_challenge.record_content
|
48
48
|
}
|
49
49
|
case @domain_list.detect{|t| t[:domain].gsub("*.", "") == domain }[:service]
|
50
|
+
when "route53"
|
51
|
+
Encryptbot::Services::Route53.new(domain, dns_entry).add_challenge
|
50
52
|
when "cloudflare"
|
51
53
|
Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
|
52
54
|
when "dyn"
|
@@ -14,6 +14,10 @@ module Encryptbot
|
|
14
14
|
@dyn_customer_name = nil
|
15
15
|
@dyn_username = nil
|
16
16
|
@dyn_password = nil
|
17
|
+
@route53_hosted_zone_id = nil
|
18
|
+
@route53_acme_record_name = nil
|
19
|
+
@route53_access_key_id = nil
|
20
|
+
@route53_secret_access_key = nil
|
17
21
|
@acme_email = nil
|
18
22
|
@slack_webhook = nil
|
19
23
|
@slack_bot_username = "encryptbot"
|
@@ -23,7 +27,7 @@ module Encryptbot
|
|
23
27
|
|
24
28
|
def valid?
|
25
29
|
heroku_app && heroku_token && acme_email && domains.any? &&
|
26
|
-
(cloudflare_api_key || dyn_customer_name)
|
30
|
+
(cloudflare_api_key || dyn_customer_name || route53_api_key)
|
27
31
|
end
|
28
32
|
|
29
33
|
end
|
@@ -20,6 +20,9 @@ module Encryptbot
|
|
20
20
|
class CloudflareDNSError < EncryptbotError; end
|
21
21
|
# Exception raised when adding TXT record to Dyn
|
22
22
|
class DynDNSError < EncryptbotError; end
|
23
|
+
# Exception raised when route 53 fails to update
|
24
|
+
class Route53DNSError < EncryptbotError; end
|
25
|
+
# Exception raised when unknown error
|
23
26
|
class UnknownServiceError < EncryptbotError; end
|
24
27
|
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
25
28
|
class InvalidOrderError < EncryptbotError; end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
# Route 53 acts a single service for domains to be verified, hence the domain is not used
|
2
|
+
require "aws-sdk-route53"
|
3
|
+
|
4
|
+
module Encryptbot
|
5
|
+
module Services
|
6
|
+
class Route53
|
7
|
+
|
8
|
+
attr_accessor :domain, :dns_entry, :client, :hosted_zone_id, :aws_acme_record_name
|
9
|
+
|
10
|
+
def initialize(domain, dns_entry)
|
11
|
+
@dns_entry = dns_entry
|
12
|
+
@hosted_zone_id = Encryptbot.configuration.route53_hosted_zone_id
|
13
|
+
@acme_name = Encryptbot.configuration.route53_acme_record_name
|
14
|
+
@client = Aws::Route53::Client.new({
|
15
|
+
region: "global",
|
16
|
+
credentials: Aws::Credentials.new(
|
17
|
+
Encryptbot.configuration.route53_access_key_id,
|
18
|
+
Encryptbot.configuration.route53_secret_access_key
|
19
|
+
)})
|
20
|
+
end
|
21
|
+
|
22
|
+
def add_challenge
|
23
|
+
begin
|
24
|
+
response = @client.change_resource_record_sets({
|
25
|
+
change_batch: {
|
26
|
+
changes: [
|
27
|
+
action: "UPSERT",
|
28
|
+
resource_record_set: {
|
29
|
+
name: @aws_acme_record_name,
|
30
|
+
resource_records: [
|
31
|
+
{
|
32
|
+
value: "\"#{@dns_entry[:content]}\"",
|
33
|
+
},
|
34
|
+
],
|
35
|
+
ttl: 0,
|
36
|
+
type: "TXT",
|
37
|
+
}
|
38
|
+
],
|
39
|
+
comment: "ACME Challege update",
|
40
|
+
},
|
41
|
+
hosted_zone_id: @hosted_zone_id
|
42
|
+
})
|
43
|
+
change_id = response.change_info.id
|
44
|
+
change_status = response.change_info.status
|
45
|
+
while change_status == "PENDING"
|
46
|
+
sleep(10)
|
47
|
+
change_status = @client.get_change({id: change_id}).change_info.status
|
48
|
+
end
|
49
|
+
change_status == "NSYNC"
|
50
|
+
|
51
|
+
rescue => e
|
52
|
+
raise Encryptbot::Error::Route53DNSError, e
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
data/lib/encryptbot/version.rb
CHANGED
data/lib/encryptbot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encryptbot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- danlewis
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: aws-sdk-route53
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: bundler
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,7 +108,7 @@ dependencies:
|
|
94
108
|
- - "~>"
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: '10.0'
|
97
|
-
description: Manage
|
111
|
+
description: Manage Let's Encrypt wildcard certificates on Heroku
|
98
112
|
email:
|
99
113
|
- ''
|
100
114
|
executables: []
|
@@ -119,10 +133,11 @@ files:
|
|
119
133
|
- lib/encryptbot/railtie.rb
|
120
134
|
- lib/encryptbot/services/cloudflare.rb
|
121
135
|
- lib/encryptbot/services/dyn.rb
|
136
|
+
- lib/encryptbot/services/route53.rb
|
122
137
|
- lib/encryptbot/slack.rb
|
123
138
|
- lib/encryptbot/version.rb
|
124
139
|
- lib/tasks/encryptbot.rake
|
125
|
-
homepage:
|
140
|
+
homepage: https://github.com/danlewis/encryptbot
|
126
141
|
licenses:
|
127
142
|
- MIT
|
128
143
|
metadata: {}
|
@@ -145,5 +160,5 @@ rubyforge_project:
|
|
145
160
|
rubygems_version: 2.6.13
|
146
161
|
signing_key:
|
147
162
|
specification_version: 4
|
148
|
-
summary: Manage
|
163
|
+
summary: Manage Let's Encrypt wildcard certificates on Heroku
|
149
164
|
test_files: []
|