firespring_dev_commands 2.1.25 → 2.1.27.pre.alpha.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/firespring_dev_commands/certificate.rb +59 -0
- data/lib/firespring_dev_commands/docker/status.rb +20 -0
- data/lib/firespring_dev_commands/docker.rb +38 -0
- data/lib/firespring_dev_commands/templates/certificate.rb +41 -0
- data/lib/firespring_dev_commands/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f810ca7ab797bb1ec56674b67d42de056d5f88cd95a8e9c45b67d26a3570d19
|
|
4
|
+
data.tar.gz: 487bdc8a74717f11bb48b5b81a33093fde87ddb2b44d97cdf84a0372e3b93627
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 212273f4a640214bf8001c12419f33bb6dc621dc37a29b95e75d06c5b5e4bd3f7b7231c003cd032ed1be1c2dc0667d3474fb74892a7577ddd57eca248d96ab09
|
|
7
|
+
data.tar.gz: 480720fd9de858a1ce969644958e61238e866fef1126fb91909992eca3301275d04fd42df45c1f34a7c5126758172a4c89f7bfc0ea3c1b8e2528816de97dbfba
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
module Dev
|
|
2
|
+
# Class contains methods for requesting a certificate from route53.
|
|
3
|
+
# You must have a hosted zone defined for the desired domain
|
|
4
|
+
class Certificate
|
|
5
|
+
attr_accessor :domains, :email
|
|
6
|
+
|
|
7
|
+
def initialize(domains, email)
|
|
8
|
+
@domains = Array(domains)
|
|
9
|
+
@email = email
|
|
10
|
+
raise 'No certificate domains specified' if domains.empty?
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Request the certificate using the route53 docker image
|
|
14
|
+
# Certificate is stored in /etc/letsencrypt
|
|
15
|
+
def request
|
|
16
|
+
puts
|
|
17
|
+
puts 'Getting SSL Certs For:'
|
|
18
|
+
puts domains.join("\n")
|
|
19
|
+
puts
|
|
20
|
+
puts 'This process can take up to 10 minutes'
|
|
21
|
+
puts
|
|
22
|
+
puts Time.now
|
|
23
|
+
|
|
24
|
+
# TODO: Really should use the docker api for this
|
|
25
|
+
cmd = %w(docker run -it --rm --name certbot)
|
|
26
|
+
cmd << '-e' << 'AWS_ACCESS_KEY_ID'
|
|
27
|
+
cmd << '-e' << 'AWS_SECRET_ACCESS_KEY'
|
|
28
|
+
cmd << '-e' << 'AWS_SESSION_TOKEN'
|
|
29
|
+
cmd << '-v' << '/etc/letsencrypt:/etc/letsencrypt'
|
|
30
|
+
cmd << 'certbot/dns-route53:latest'
|
|
31
|
+
cmd << 'certonly'
|
|
32
|
+
cmd << '-n'
|
|
33
|
+
cmd << '--agree-tos'
|
|
34
|
+
cmd << '--dns-route53'
|
|
35
|
+
cmd << '-d' << domains.join(',')
|
|
36
|
+
cmd << '--email' << email
|
|
37
|
+
cmd << '--server' << 'https://acme-v02.api.letsencrypt.org/directory'
|
|
38
|
+
puts cmd.join(' ')
|
|
39
|
+
Dev::Common.new.run_command(cmd)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Saves the latest version of the certificate into the given dest_dir
|
|
43
|
+
def save(dest_dir)
|
|
44
|
+
raise "directory #{dest_dir} must be an existing directory" unless File.directory?(dest_dir)
|
|
45
|
+
|
|
46
|
+
domain = domains.first.sub(/^\*\./, '')
|
|
47
|
+
directories = Dir.glob("/etc/letsencrypt/live/#{domain}*/")
|
|
48
|
+
no_suffix = directories.delete("/etc/letsencrypt/live/#{domain}/")
|
|
49
|
+
biggest_suffix = directories.max
|
|
50
|
+
source_dir = biggest_suffix || no_suffix
|
|
51
|
+
raise "unable to determine certificate directory for #{domain}" unless source_dir
|
|
52
|
+
|
|
53
|
+
FileUtils.cp("#{source_dir}privkey.pem", dest_dir, verbose: true)
|
|
54
|
+
FileUtils.cp("#{source_dir}cert.pem", dest_dir, verbose: true)
|
|
55
|
+
FileUtils.cp("#{source_dir}chain.pem", dest_dir, verbose: true)
|
|
56
|
+
FileUtils.cp("#{source_dir}fullchain.pem", dest_dir, verbose: true)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
@@ -33,6 +33,26 @@ module Dev
|
|
|
33
33
|
EXITED,
|
|
34
34
|
DEAD
|
|
35
35
|
].freeze
|
|
36
|
+
|
|
37
|
+
# TODO: Can we use 'curses' here and overwrite the correct line?
|
|
38
|
+
def response_callback(response)
|
|
39
|
+
response.split("\n").each do |line|
|
|
40
|
+
data = JSON.parse(line)
|
|
41
|
+
if data.include?('status')
|
|
42
|
+
if data['id']
|
|
43
|
+
LOG.info "#{data['id']}: #{data['status']}"
|
|
44
|
+
else
|
|
45
|
+
LOG.info (data['status']).to_s
|
|
46
|
+
end
|
|
47
|
+
elsif data.include?('errorDetail')
|
|
48
|
+
raise data['errorDetail']['message']
|
|
49
|
+
elsif data.include?('aux')
|
|
50
|
+
next
|
|
51
|
+
else
|
|
52
|
+
raise "Unrecognized message from docker: #{data}"
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
36
56
|
end
|
|
37
57
|
end
|
|
38
58
|
end
|
|
@@ -117,6 +117,44 @@ module Dev
|
|
|
117
117
|
format('%.1f %s', size.to_f / (1024**exp), units[exp])
|
|
118
118
|
end
|
|
119
119
|
|
|
120
|
+
# Push the local version of the docker image to the defined remote repository
|
|
121
|
+
def push_image(image, name, tag = nil)
|
|
122
|
+
unless tag
|
|
123
|
+
if name.include?(':')
|
|
124
|
+
name, tag = name.split(':')
|
|
125
|
+
else
|
|
126
|
+
tag = 'latest'
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
puts "Pushing to #{name}:#{tag}"
|
|
131
|
+
image.push(::Docker.creds, repo_tag: "#{name}:#{tag}") { |response| Dev::Docker::Status.new.response_callback(response) }
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
# Push the remote version of the docker image from the defined remote repository
|
|
135
|
+
def pull_image(name, tag = nil)
|
|
136
|
+
unless tag
|
|
137
|
+
if name.include?(':')
|
|
138
|
+
name, tag = name.split(':')
|
|
139
|
+
else
|
|
140
|
+
tag = 'latest'
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
puts "\nPulling #{name}:#{tag}"
|
|
145
|
+
opts = {
|
|
146
|
+
fromImage: "#{name}:#{tag}",
|
|
147
|
+
platform: Dev::Common::Platform.new.architecture
|
|
148
|
+
}
|
|
149
|
+
::Docker::Image.create(**opts) { |response| Dev::Docker::Status.new.response_callback(response) }
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
# Remove the local version of the given docker image
|
|
153
|
+
def untag_image(image, name, tag)
|
|
154
|
+
puts "Untagging #{name}:#{tag}"
|
|
155
|
+
image.remove(name: "#{name}:#{tag}")
|
|
156
|
+
end
|
|
157
|
+
|
|
120
158
|
# Remove docker images with the "force" option set to true
|
|
121
159
|
# This will remove the images even if they are currently in use and cause unintended side effects.
|
|
122
160
|
def force_remove_images(name_and_tag)
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require_relative 'base_interface'
|
|
2
|
+
|
|
3
|
+
module Dev
|
|
4
|
+
module Template
|
|
5
|
+
# Class contains rake templates for managing configured certificates
|
|
6
|
+
class Certificate < Dev::Template::BaseInterface
|
|
7
|
+
attr_reader :names, :email, :paths
|
|
8
|
+
|
|
9
|
+
def initialize(names, email:, paths:, exclude: [])
|
|
10
|
+
@names = names
|
|
11
|
+
@email = email
|
|
12
|
+
@paths = Array(paths)
|
|
13
|
+
|
|
14
|
+
super(exclude:)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# Create the rake task for the generate method
|
|
18
|
+
def create_generate_task!
|
|
19
|
+
# Have to set a local variable to be accessible inside of the instance_eval block
|
|
20
|
+
names = @names
|
|
21
|
+
email = @email
|
|
22
|
+
paths = @paths
|
|
23
|
+
exclude = @exclude
|
|
24
|
+
|
|
25
|
+
DEV_COMMANDS_TOP_LEVEL.instance_eval do
|
|
26
|
+
return if exclude.include?(:generate)
|
|
27
|
+
|
|
28
|
+
namespace :certificate do
|
|
29
|
+
desc 'Requests a new certificate for the configured domain using the route53 validation and deposits it in the configured paths'
|
|
30
|
+
task generate: %w(init_docker ensure_aws_credentials) do
|
|
31
|
+
Dev::Docker.new.pull_image('certbot/dns-route53', 'latest')
|
|
32
|
+
c = Dev::Certificate.new(names, email)
|
|
33
|
+
c.request
|
|
34
|
+
paths.each { |path| c.save(path) }
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: firespring_dev_commands
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.27.pre.alpha.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Firespring
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -332,6 +332,7 @@ files:
|
|
|
332
332
|
- lib/firespring_dev_commands/bloom_growth/seat.rb
|
|
333
333
|
- lib/firespring_dev_commands/bloom_growth/user.rb
|
|
334
334
|
- lib/firespring_dev_commands/boolean.rb
|
|
335
|
+
- lib/firespring_dev_commands/certificate.rb
|
|
335
336
|
- lib/firespring_dev_commands/common.rb
|
|
336
337
|
- lib/firespring_dev_commands/coverage/base.rb
|
|
337
338
|
- lib/firespring_dev_commands/coverage/cobertura.rb
|
|
@@ -383,6 +384,7 @@ files:
|
|
|
383
384
|
- lib/firespring_dev_commands/target_process/user_story_history.rb
|
|
384
385
|
- lib/firespring_dev_commands/templates/aws.rb
|
|
385
386
|
- lib/firespring_dev_commands/templates/base_interface.rb
|
|
387
|
+
- lib/firespring_dev_commands/templates/certificate.rb
|
|
386
388
|
- lib/firespring_dev_commands/templates/ci.rb
|
|
387
389
|
- lib/firespring_dev_commands/templates/config.rb
|
|
388
390
|
- lib/firespring_dev_commands/templates/docker/application.rb
|
|
@@ -409,9 +411,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
409
411
|
version: '3.1'
|
|
410
412
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
411
413
|
requirements:
|
|
412
|
-
- - "
|
|
414
|
+
- - ">"
|
|
413
415
|
- !ruby/object:Gem::Version
|
|
414
|
-
version:
|
|
416
|
+
version: 1.3.1
|
|
415
417
|
requirements: []
|
|
416
418
|
rubygems_version: 3.4.10
|
|
417
419
|
signing_key:
|