encryptbot 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 120d3113425408842a8291c2bfd9e6dcc9111835
-  data.tar.gz: 75dd6eac6066e637675f8b4eadf7f30e7efd59ba
+  metadata.gz: b0a9f893513d61a64f0e9fd85fc4fb76caba5727
+  data.tar.gz: 6db386732ad8535b01cb59ea4548137d7359c087
 SHA512:
-  metadata.gz: 5b82fa59488ad68ad7debe96cfbc6e705ebeb4df1a930d5fde61c037afe4c77811380ac3a198c734f0cfd6f29dbb40970ca1c01e7218f6481d29720b95b6e37f
-  data.tar.gz: 193d5bd943f3870a520eb46ee0ecace9d79112bc1fcc2c7cce4427e75c9b45caf0771b1f56c04c7a5573623af643b300d5217c0c9864e2de7630ec4a376c4e82
+  metadata.gz: d2cc083be332bdc1c57b2be181763704d34158ad0d10f68e285abd9926cf5f09c005f99d37ca86d069abf0433849ac79d3448184e37f8fab8a95c1b18521ee25
+  data.tar.gz: 0a31ac1f915522e9da4cbb55ee669e7bd7443f6c17b3a573dab00a0ae753ea3db8e6d36009f1c8d0811e09924f8e56c343a829560710c6be5dc993efc3606269

data/Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    encryptbot (0.1.0)
+    encryptbot (0.1.1)
       acme-client
+      aws-sdk-route53
       faraday
       platform-api
       slack-notifier
@@ -12,6 +13,17 @@ GEM
   specs:
     acme-client (2.0.0)
       faraday (~> 0.9, >= 0.9.1)
+    aws-eventstream (1.0.1)
+    aws-partitions (1.94.0)
+    aws-sdk-core (3.21.3)
+      aws-eventstream (~> 1.0)
+      aws-partitions (~> 1.0)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-route53 (1.9.0)
+      aws-sdk-core (~> 3)
+      aws-sigv4 (~> 1.0)
+    aws-sigv4 (1.0.2)
     erubis (2.7.0)
     excon (0.62.0)
     faraday (0.15.2)
@@ -21,6 +33,7 @@ GEM
       excon
       moneta
       multi_json (>= 1.9.2)
+    jmespath (1.4.0)
     moneta (0.8.1)
     multi_json (1.13.1)
     multipart-post (2.0.0)

data/README.md

@@ -1,11 +1,11 @@
 # Encryptbot
 
-Encryptbot creates and renews your Lets Encrypt SSL certificate on Heroku allowing for multiple wildcards.
+Encryptbot creates and renews your Let's Encrypt SSL certificate on Heroku allowing for multiple wildcards.
 
 The gem will:
 
-- Create Lets Encrypt
-- Add Lets Encrypt DNS Challenge TXT records to your DNS provider (cloudflare and Dyn supported)
+- Create Let's Encrypt
+- Add Let's Encrypt DNS Challenge TXT records to your DNS provider (Cloudflare and Dyn supported)
 - Add certificate to your Heroku SNI endpoint
 - Send Slack notifications if the process fails.
 
@@ -42,6 +42,10 @@ Encryptbot.configure do |config|
   config.dyn_password = "dyn_password"
   config.slack_webhook = "slack_webhook_url"
   config.slack_bot_username = "name_for_slack_bot"
+  config.route53_hosted_zone_id = "Z123456"
+  config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
+  config.route53_access_key_id = "aws_api_key"
+  config.route53_secret_access_key = "aws_api_secret"
   config.domains = [
     {domain: "*.domain1.com", service: "cloudflare"},
     {domain: "*.domain2.com", service: "dyn"},

data/encryptbot.gemspec

@@ -9,9 +9,9 @@ Gem::Specification.new do |spec|
   spec.authors       = ["danlewis"]
   spec.email         = [""]
 
-  spec.summary       = %q{Manage Lets Encrypt Wildcard certs to heroku}
-  spec.description   = %q{Manage Lets Encrypt Wildcard certs to heroku}
-  spec.homepage      = ""
+  spec.summary       = %q{Manage Let's Encrypt wildcard certificates on Heroku}
+  spec.description   = %q{Manage Let's Encrypt wildcard certificates on Heroku}
+  spec.homepage      = "https://github.com/danlewis/encryptbot"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "platform-api"
   spec.add_dependency "faraday"
   spec.add_dependency "slack-notifier"
+  spec.add_dependency "aws-sdk-route53"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "rake", "~> 10.0"
 end

data/lib/encryptbot/cert.rb

@@ -47,6 +47,8 @@ module Encryptbot
           content: dns_challenge.record_content
         }
         case @domain_list.detect{|t| t[:domain].gsub("*.", "") == domain }[:service]
+        when "route53"
+          Encryptbot::Services::Route53.new(domain, dns_entry).add_challenge
         when "cloudflare"
           Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
         when "dyn"

data/lib/encryptbot/configuration.rb

@@ -14,6 +14,10 @@ module Encryptbot
       @dyn_customer_name = nil
       @dyn_username = nil
       @dyn_password = nil
+      @route53_hosted_zone_id = nil
+      @route53_acme_record_name = nil
+      @route53_access_key_id = nil
+      @route53_secret_access_key = nil
       @acme_email = nil
       @slack_webhook = nil
       @slack_bot_username = "encryptbot"
@@ -23,7 +27,7 @@ module Encryptbot
 
     def valid?
       heroku_app && heroku_token && acme_email && domains.any? &&
-      (cloudflare_api_key || dyn_customer_name)
+      (cloudflare_api_key || dyn_customer_name || route53_api_key)
     end
 
   end

data/lib/encryptbot/exceptions.rb

@@ -20,6 +20,9 @@ module Encryptbot
     class CloudflareDNSError < EncryptbotError; end
     # Exception raised when adding TXT record to Dyn
     class DynDNSError < EncryptbotError; end
+    # Exception raised when route 53 fails to update
+    class Route53DNSError < EncryptbotError; end
+    # Exception raised when unknown error
     class UnknownServiceError < EncryptbotError; end
     # Exception raised as order was failed - this happens when the DNS Challenge failed
     class InvalidOrderError < EncryptbotError; end

data/lib/encryptbot/services/route53.rb

@@ -0,0 +1,58 @@
+# Route 53 acts a single service for domains to be verified, hence the domain is not used
+require "aws-sdk-route53"
+
+module Encryptbot
+  module Services
+    class Route53
+
+      attr_accessor :domain, :dns_entry, :client, :hosted_zone_id, :aws_acme_record_name
+
+      def initialize(domain, dns_entry)
+        @dns_entry = dns_entry
+        @hosted_zone_id = Encryptbot.configuration.route53_hosted_zone_id
+        @acme_name = Encryptbot.configuration.route53_acme_record_name
+        @client = Aws::Route53::Client.new({
+          region: "global",
+          credentials: Aws::Credentials.new(
+            Encryptbot.configuration.route53_access_key_id,
+            Encryptbot.configuration.route53_secret_access_key
+        )})
+      end
+
+      def add_challenge
+        begin
+          response = @client.change_resource_record_sets({
+            change_batch: {
+              changes: [
+                action: "UPSERT",
+                resource_record_set: {
+                  name: @aws_acme_record_name,
+                  resource_records: [
+                    {
+                      value: "\"#{@dns_entry[:content]}\"",
+                    },
+                  ],
+                  ttl: 0,
+                  type: "TXT",
+                }
+              ],
+              comment: "ACME Challege update",
+            },
+            hosted_zone_id: @hosted_zone_id
+          })
+          change_id = response.change_info.id
+          change_status = response.change_info.status
+          while change_status == "PENDING"
+            sleep(10)
+            change_status = @client.get_change({id: change_id}).change_info.status
+          end
+          change_status == "NSYNC"
+
+        rescue => e
+          raise Encryptbot::Error::Route53DNSError, e
+        end
+
+      end
+    end
+  end
+end

data/lib/encryptbot/version.rb

@@ -1,3 +1,3 @@
 module Encryptbot
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/lib/encryptbot.rb

@@ -3,6 +3,7 @@ require "encryptbot/cert"
 require "encryptbot/version"
 require "encryptbot/services/cloudflare"
 require "encryptbot/services/dyn"
+require "encryptbot/services/route53"
 
 if defined?(Rails)
   require "encryptbot/railtie"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: encryptbot
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - danlewis
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-05-24 00:00:00.000000000 Z
+date: 2018-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-route53
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -94,7 +108,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
-description: Manage Lets Encrypt Wildcard certs to heroku
+description: Manage Let's Encrypt wildcard certificates on Heroku
 email:
 - ''
 executables: []
@@ -119,10 +133,11 @@ files:
 - lib/encryptbot/railtie.rb
 - lib/encryptbot/services/cloudflare.rb
 - lib/encryptbot/services/dyn.rb
+- lib/encryptbot/services/route53.rb
 - lib/encryptbot/slack.rb
 - lib/encryptbot/version.rb
 - lib/tasks/encryptbot.rake
-homepage: ''
+homepage: https://github.com/danlewis/encryptbot
 licenses:
 - MIT
 metadata: {}
@@ -145,5 +160,5 @@ rubyforge_project:
 rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
-summary: Manage Lets Encrypt Wildcard certs to heroku
+summary: Manage Let's Encrypt wildcard certificates on Heroku
 test_files: []