kingsly_certbot 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: f918cc872b94fb857145acf72d39d5d832afcdc9e245df04da9162b98282d80f
4
+ data.tar.gz: efb37de505cc61020707ab4c3ed3ada16e5bedc110bedd0ac8806237f04d0754
5
+ SHA512:
6
+ metadata.gz: a65a4a465a7cdabe2dabdd6267f1d05da358b58c067169972e4c3ae58bf845c280f99d403c4adda0c5eaeba4a9bfa103c48ead02c5800dc804ce83526d3ae5cf
7
+ data.tar.gz: bea614d762a02c1b459abcb051031ee1f05356294c616e0650e615fb38a00586a3f3656173e1bf1eabf4c19127ca51ec60ac2d724385fa2b1b362557fb050786
data/.gitignore ADDED
@@ -0,0 +1,57 @@
1
+ # rspec failure tracking
2
+ .rspec_status
3
+
4
+ *.idea/
5
+ # swap files
6
+ *.swp
7
+
8
+ *.gem
9
+ *.rbc
10
+ /.config
11
+ /coverage/
12
+ /InstalledFiles
13
+ /pkg/
14
+ /spec/reports/
15
+ /spec/examples.txt
16
+ /test/tmp/
17
+ /test/version_tmp/
18
+ /tmp/
19
+
20
+ # Used by dotenv library to load environment variables.
21
+ # .env
22
+
23
+ ## Specific to RubyMotion:
24
+ .dat*
25
+ .repl_history
26
+ build/
27
+ *.bridgesupport
28
+ build-iPhoneOS/
29
+ build-iPhoneSimulator/
30
+
31
+ ## Specific to RubyMotion (use of CocoaPods):
32
+ #
33
+ # We recommend against adding the Pods directory to your .gitignore. However
34
+ # you should judge for yourself, the pros and cons are mentioned at:
35
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
36
+ #
37
+ # vendor/Pods/
38
+
39
+ ## Documentation cache and generated files:
40
+ /.yardoc/
41
+ /_yardoc/
42
+ /doc/
43
+ /rdoc/
44
+
45
+ ## Environment normalization:
46
+ /.bundle/
47
+ /vendor
48
+ /lib/bundler/man/
49
+
50
+ # for a library or gem, you might want to ignore these files since the code is
51
+ # intended to run in multiple environments; otherwise, check them in:
52
+ # Gemfile.lock
53
+ # .ruby-version
54
+ # .ruby-gemset
55
+
56
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
57
+ .rvmrc
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.rubocop.yml ADDED
@@ -0,0 +1,32 @@
1
+ Metrics/LineLength:
2
+ Max: 200
3
+
4
+ Style/FrozenStringLiteralComment:
5
+ Exclude:
6
+ - 'spec/*'
7
+
8
+ Style/Documentation:
9
+ Enabled: false
10
+
11
+ Style/CommandLiteral:
12
+ Enabled: false
13
+
14
+ Metrics/BlockLength:
15
+ Exclude:
16
+ - 'spec/*'
17
+
18
+ Metrics/PerceivedComplexity:
19
+ Max: 8
20
+
21
+ Metrics/MethodLength:
22
+ Max: 30
23
+
24
+ Metrics/CyclomaticComplexity:
25
+ Max: 7
26
+
27
+ Metrics/AbcSize:
28
+ Max: 36
29
+
30
+ Metrics/ParameterLists:
31
+ Exclude:
32
+ - 'lib/kingsly_certbot/kingsly_client.rb'
data/.ruby-gemset ADDED
@@ -0,0 +1,2 @@
1
+ kingsly-certbot
2
+ -global
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.5.1
data/.travis.yml ADDED
@@ -0,0 +1,13 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+
6
+ rvm:
7
+ - 2.5.3
8
+
9
+ before_install: gem install bundler -v 2.0.1
10
+
11
+ script:
12
+ - bundle
13
+ - bundle exec rake
data/CHANGELOG.md ADDED
File without changes
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ # Specify your gem's dependencies in kingsly_certbot.gemspec
6
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,71 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ kingsly_certbot (0.1.0)
5
+ sentry-raven (~> 2.9.0)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ addressable (2.6.0)
11
+ public_suffix (>= 2.0.2, < 4.0)
12
+ ast (2.4.0)
13
+ crack (0.4.3)
14
+ safe_yaml (~> 1.0.0)
15
+ diff-lcs (1.3)
16
+ faraday (0.15.4)
17
+ multipart-post (>= 1.2, < 3)
18
+ hashdiff (0.3.8)
19
+ jaro_winkler (1.5.2)
20
+ multipart-post (2.0.0)
21
+ parallel (1.13.0)
22
+ parser (2.6.0.0)
23
+ ast (~> 2.4.0)
24
+ powerpack (0.1.2)
25
+ public_suffix (3.0.3)
26
+ rainbow (3.0.0)
27
+ rake (10.5.0)
28
+ rspec (3.8.0)
29
+ rspec-core (~> 3.8.0)
30
+ rspec-expectations (~> 3.8.0)
31
+ rspec-mocks (~> 3.8.0)
32
+ rspec-core (3.8.0)
33
+ rspec-support (~> 3.8.0)
34
+ rspec-expectations (3.8.2)
35
+ diff-lcs (>= 1.2.0, < 2.0)
36
+ rspec-support (~> 3.8.0)
37
+ rspec-mocks (3.8.0)
38
+ diff-lcs (>= 1.2.0, < 2.0)
39
+ rspec-support (~> 3.8.0)
40
+ rspec-support (3.8.0)
41
+ rubocop (0.63.1)
42
+ jaro_winkler (~> 1.5.1)
43
+ parallel (~> 1.10)
44
+ parser (>= 2.5, != 2.5.1.1)
45
+ powerpack (~> 0.1)
46
+ rainbow (>= 2.2.2, < 4.0)
47
+ ruby-progressbar (~> 1.7)
48
+ unicode-display_width (~> 1.4.0)
49
+ ruby-progressbar (1.10.0)
50
+ safe_yaml (1.0.4)
51
+ sentry-raven (2.9.0)
52
+ faraday (>= 0.7.6, < 1.0)
53
+ unicode-display_width (1.4.1)
54
+ webmock (3.5.1)
55
+ addressable (>= 2.3.6)
56
+ crack (>= 0.3.2)
57
+ hashdiff
58
+
59
+ PLATFORMS
60
+ ruby
61
+
62
+ DEPENDENCIES
63
+ bundler (~> 2.0.1)
64
+ kingsly_certbot!
65
+ rake (~> 10.5.0)
66
+ rspec (~> 3.8.0)
67
+ rubocop (~> 0.63.1)
68
+ webmock (~> 3.5.1)
69
+
70
+ BUNDLED WITH
71
+ 2.0.1
data/LICENSE ADDED
@@ -0,0 +1,201 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "[]"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright [yyyy] [name of copyright owner]
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,22 @@
1
+ # Kingsly::Certbot
2
+
3
+ kingsly-certbot would update the local certs and update them from the ones generated by kingsly
4
+
5
+ ## Installation
6
+
7
+ TODO: Write installion instructions here
8
+
9
+ ## Usage
10
+
11
+ TODO: Write usage instructions here
12
+
13
+ ## Development
14
+
15
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
16
+
17
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
18
+
19
+ ## Contributing
20
+
21
+ Bug reports and pull requests are welcome on GitHub at https://github.com/gojekfarm/kingsly-certbot
22
+
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+ require 'rubocop/rake_task'
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+ RuboCop::RakeTask.new
9
+
10
+ task(:default).enhance(%i[rubocop spec])
data/bin/console ADDED
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'kingsly/certbot'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start(__FILE__)
@@ -0,0 +1,21 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'kingsly_certbot'
5
+
6
+ # kingsly-certbot --config /opt/kingsly-certbot/kingsly-certbot.conf
7
+ log_dir = ENV['LOG_DIR'] || '/var/log'
8
+ $logger = if Dir.exists?(log_dir)
9
+ Logger.new("#{log_dir}/kingsly-certbot.log", level: ENV['LOG_LEVEL'] || 'info')
10
+ else
11
+ Logger.new(STDOUT)
12
+ end
13
+ certbot = begin
14
+ KingslyCertbot::Runner.new(ARGV)
15
+ rescue StandardError => e
16
+ $logger.fatal(e)
17
+ $logger.fatal(e.backtrace.join("\n"))
18
+ return 1
19
+ end
20
+
21
+ certbot.configure.execute
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,9 @@
1
+ SENTRY_DSN:
2
+ ENVIRONMENT: 'development'
3
+ TOP_LEVEL_DOMAIN: 'go-life.co.id'
4
+ SUB_DOMAIN: 'delete-thirty-one'
5
+ KINGSLY_SERVER_HOST: 'integration-kingsly.golabs.io'
6
+ KINGSLY_SERVER_USER: '****'
7
+ KINGSLY_SERVER_PASSWORD: '****'
8
+ SERVER_TYPE: 'ipsec'
9
+ IPSEC_ROOT: ~/ipsec
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'kingsly_certbot/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'kingsly_certbot'
9
+ spec.version = KingslyCertbot::VERSION
10
+ spec.authors = ['FOSS at GO-JEK']
11
+ spec.email = ['foss+tech@go-jek.com']
12
+ spec.homepage = 'https://github.com/gojekfarm/kingsly'
13
+ spec.licenses = ['Apache-2.0']
14
+
15
+ spec.summary = 'kingsly-certbot would update the local certs and update them from the ones generated by kingsly'
16
+
17
+ # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
18
+ # to allow pushing to a single host or delete this section to allow pushing to any host.
19
+ if spec.respond_to?(:metadata)
20
+ # spec.metadata['allowed_push_host'] = 'https://rubygems.org'
21
+
22
+ spec.metadata['source_code_uri'] = 'https://github.com/gojekfarm/kingsly-certbot'
23
+ spec.metadata['changelog_uri'] = 'https://github.com/gojekfarm/kingsly-certbot/blob/master/CHANGELOG.md'
24
+ else
25
+ raise 'RubyGems 2.0 or newer is required to protect against ' \
26
+ 'public gem pushes.'
27
+ end
28
+
29
+ # Specify which files should be added to the gem when it is released.
30
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
31
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
32
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
33
+ end
34
+ spec.bindir = 'bin'
35
+ spec.executables = ['kingsly-certbot']
36
+ spec.require_paths = ['lib']
37
+
38
+ spec.add_development_dependency 'bundler', '~> 2.0', '>= 2.0.1'
39
+ spec.add_development_dependency 'rake', '~> 10.5', '>= 10.5.0'
40
+ spec.add_development_dependency 'rspec', '~> 3.8', '>= 3.8.0'
41
+ spec.add_development_dependency 'rubocop', '~> 0.63.1'
42
+ spec.add_development_dependency 'webmock', '~> 3.5', '>= 3.5.1'
43
+ spec.add_runtime_dependency 'sentry-raven', '~> 2.9', '>= 2.9.0'
44
+ end
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'fileutils'
4
+
5
+ module KingslyCertbot
6
+ class CertBundle
7
+ attr_reader :tld, :subdomain, :private_key, :full_chain
8
+
9
+ def initialize(tld, subdomain, private_key, full_chain)
10
+ @tld = tld
11
+ @subdomain = subdomain
12
+ @private_key = private_key
13
+ @full_chain = full_chain
14
+ end
15
+
16
+ def ==(other)
17
+ return false if other.class != self.class
18
+
19
+ state == other.state
20
+ end
21
+
22
+ def hash
23
+ state.hash
24
+ end
25
+
26
+ protected
27
+
28
+ def state
29
+ [tld, subdomain, private_key, full_chain]
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ module KingslyCertbot
4
+ class Configuration
5
+ VARS = [:kingsly_server_host, :kingsly_server_user, :kingsly_server_password, :top_level_domain, :sub_domain,
6
+ :kingsly_http_read_timeout, :kingsly_http_open_timeout, :sentry_dsn, :environment, :server_type, :ipsec_root]
7
+ attr_accessor *VARS
8
+
9
+ def initialize(params = {})
10
+ @kingsly_http_read_timeout = 120
11
+ @kingsly_http_open_timeout = 5
12
+ @sentry_dsn = params['SENTRY_DSN']
13
+ @environment = params['ENVIRONMENT'] || 'development'
14
+ @top_level_domain = params['TOP_LEVEL_DOMAIN']
15
+ @sub_domain = params['SUB_DOMAIN']
16
+ @kingsly_server_host = params['KINGSLY_SERVER_HOST']
17
+ @kingsly_server_user = params['KINGSLY_SERVER_USER']
18
+ @kingsly_server_password = params['KINGSLY_SERVER_PASSWORD']
19
+ @server_type = params['SERVER_TYPE']
20
+ @ipsec_root = params['IPSEC_ROOT'] || '/'
21
+ end
22
+
23
+ def validate!
24
+ %i[top_level_domain sub_domain kingsly_server_host kingsly_server_user kingsly_server_password server_type].each do |mandatory|
25
+ raise "Missing mandatory config '#{mandatory}'" if send(mandatory).nil? || send(mandatory) == ''
26
+ end
27
+ raise "Unsupported server_type '#{server_type}'" unless ['ipsec'].include?(server_type)
28
+
29
+ self
30
+ end
31
+
32
+ def to_s
33
+ str = ''
34
+ VARS.each do |key|
35
+ value = self.send(key)
36
+ value = "****" if key == :kingsly_server_password
37
+ str+="#{key.to_s}: '#{value}'\n"
38
+ end
39
+ str
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ module KingslyCertbot
4
+ class IpSecCertAdapter
5
+ attr_reader :cert_backup_dir, :cert_private_dir, :certs_dir
6
+
7
+ def initialize(cert_bundle, root = '/')
8
+ raise 'passed parameter not of type CertBundle' if cert_bundle.class != KingslyCertbot::CertBundle
9
+
10
+ @cert_bundle = cert_bundle
11
+ root = root.end_with?('/') ? root : "#{root}/"
12
+ @cert_backup_dir = "#{root}etc/ipsec.d/backup"
13
+ @cert_private_dir = "#{root}etc/ipsec.d/private"
14
+ @certs_dir = "#{root}etc/ipsec.d/certs"
15
+ end
16
+
17
+ def update_assets
18
+ cert_filename = "#{@cert_bundle.subdomain}.#{@cert_bundle.tld}.pem"
19
+ private_key_filepath = "#{cert_private_dir}/#{cert_filename}"
20
+ cert_filepath = "#{certs_dir}/#{cert_filename}"
21
+
22
+ if File.exist?(private_key_filepath) && File.exist?(cert_filepath)
23
+ existing_private_key_content = File.read(private_key_filepath)
24
+ existing_cert_content = File.read(cert_filepath)
25
+ if existing_private_key_content == @cert_bundle.private_key && existing_cert_content == @cert_bundle.full_chain
26
+ $logger.info('New certificate file is same as old cert file, skipping updating certificates')
27
+ return
28
+ else
29
+ time = Time.now.strftime('%Y%m%d_%H%M%S')
30
+ backup_dir = "#{cert_backup_dir}/#{time}"
31
+ $logger.info("Taking backup of existing certificates to #{backup_dir}")
32
+
33
+ FileUtils.mkdir_p(backup_dir)
34
+ FileUtils.mv(private_key_filepath, "#{backup_dir}/#{cert_filename}.private", force: true)
35
+ FileUtils.mv(cert_filepath, "#{backup_dir}/#{cert_filename}.certs", force: true)
36
+ end
37
+ end
38
+
39
+ FileUtils.mkdir_p(cert_private_dir) unless Dir.exist?(cert_private_dir)
40
+ File.open(private_key_filepath, 'w') do |f|
41
+ f.write(@cert_bundle.private_key)
42
+ end
43
+
44
+ FileUtils.mkdir_p(certs_dir) unless Dir.exist?(certs_dir)
45
+ File.open(cert_filepath, 'w') do |f|
46
+ f.write(@cert_bundle.full_chain)
47
+ end
48
+ end
49
+
50
+ def restart_service
51
+ result = %x(ipsec restart)
52
+ $logger.error("ipsec restart command failed with exitstatus: '#{result.exitstatus}'") unless result.success?
53
+ result.success?
54
+ rescue StandardError => e
55
+ $logger.fatal("ipsec restart command failed with error message: '#{e.message}'")
56
+ raise e
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,41 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'json'
5
+ require 'base64'
6
+
7
+ module KingslyCertbot
8
+ class KingslyClient
9
+ def self.get_cert_bundle(kingsly_server_host:,
10
+ kingsly_server_user:,
11
+ kingsly_server_password:,
12
+ top_level_domain:,
13
+ sub_domain:,
14
+ kingsly_http_read_timeout: 120,
15
+ kingsly_http_open_timeout: 5)
16
+
17
+ body = {
18
+ 'top_level_domain' => top_level_domain,
19
+ 'sub_domain' => sub_domain
20
+ }
21
+ uri = URI.parse("http://#{kingsly_server_host}/v1/cert_bundles")
22
+
23
+ http = Net::HTTP.new(uri.host, '80')
24
+
25
+ http.read_timeout = kingsly_http_read_timeout
26
+ http.open_timeout = kingsly_http_open_timeout
27
+
28
+ headers = {}
29
+ headers['Authorization'] = 'Basic ' + Base64.encode64("#{kingsly_server_user}:#{kingsly_server_password}").chop
30
+ headers['Content-Type'] = 'application/json'
31
+ resp = http.start do |http_request|
32
+ http_request.post(uri.path, JSON.dump(body), headers)
33
+ end
34
+
35
+ raise 'Authentication failure with kingsly, Please check your authentication configuration' if resp.code == '401'
36
+
37
+ body = JSON.parse(resp.body)
38
+ CertBundle.new(top_level_domain, sub_domain, body['private_key'], body['full_chain'])
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,66 @@
1
+ # frozen_string_literal: true
2
+
3
+ module KingslyCertbot
4
+ class Runner
5
+ attr_reader :configuration
6
+
7
+ def initialize(args)
8
+ raise 'Argument passed is not of type Array' if args.class != Array
9
+ raise '--config argument missing' if args[0] == nil || args[0].strip == ''
10
+ raise "Unknown argument '#{args[0]}'" if args[0] != '--config'
11
+ raise "Config file does not exist at '#{args[1]}'" unless File.exist?(args[1])
12
+
13
+ @config_path = args[1]
14
+ end
15
+
16
+ def configure
17
+ begin
18
+ local_config = YAML.load_file(@config_path)
19
+ $logger.info("Loaded config file from #{@config_path}")
20
+ rescue Psych::SyntaxError => e
21
+ raise StandardError, "Invalid YAML config file '#{@config_path}', original message: '#{e.message}'"
22
+ end
23
+
24
+ @configuration = KingslyCertbot::Configuration.new(local_config)
25
+ $logger.info("Loaded configuration: #{@configuration.to_s}")
26
+ Raven.configure do |config|
27
+ config.dsn = @configuration.sentry_dsn
28
+ config.encoding = 'json'
29
+ config.environments = %w[production integration]
30
+ config.current_environment = @configuration.environment
31
+ config.logger = $logger
32
+ config.release = KingslyCertbot::VERSION
33
+ end
34
+ self
35
+ end
36
+
37
+ def execute
38
+ @configuration.validate!
39
+ $logger.info("Querying Kingsly server for certificate to domain #{@configuration.sub_domain}.#{@configuration.top_level_domain}")
40
+ cert_bundle = KingslyClient.get_cert_bundle(
41
+ kingsly_server_host: @configuration.kingsly_server_host,
42
+ kingsly_server_user: @configuration.kingsly_server_user,
43
+ kingsly_server_password: @configuration.kingsly_server_password,
44
+ top_level_domain: @configuration.top_level_domain,
45
+ sub_domain: @configuration.sub_domain,
46
+ kingsly_http_read_timeout: @configuration.kingsly_http_read_timeout,
47
+ kingsly_http_open_timeout: @configuration.kingsly_http_open_timeout
48
+ )
49
+ $logger.info("Updating assets for server type #{@configuration.server_type}")
50
+ adapter = case @configuration.server_type
51
+ when 'ipsec'
52
+ IpSecCertAdapter.new(cert_bundle, @configuration.ipsec_root)
53
+ else
54
+ raise "Unsupported server type #{@configuration.server_type}"
55
+ end
56
+ adapter.update_assets
57
+ adapter.restart_service
58
+ $logger.info("Updated assets for server type #{@configuration.server_type}")
59
+ rescue StandardError => e
60
+ $logger.error('FAILED - Kingsly Certbot execution failed for following reason:')
61
+ $logger.error(e.message)
62
+ $logger.error e.backtrace.join("\n")
63
+ Raven.capture_exception(e, 'Failed in KingslyCertbot::Runner.execute operation')
64
+ end
65
+ end
66
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module KingslyCertbot
4
+ VERSION = '0.1.0'
5
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'sentry-raven'
4
+ require 'yaml'
5
+ require 'psych'
6
+
7
+ require 'kingsly_certbot/version'
8
+ require 'kingsly_certbot/configuration'
9
+ require 'kingsly_certbot/cert_bundle'
10
+ require 'kingsly_certbot/kingsly_client'
11
+ require 'kingsly_certbot/ip_sec_cert_adapter'
12
+ require 'kingsly_certbot/runner'
13
+
14
+ module KingslyCertbot
15
+ end
metadata ADDED
@@ -0,0 +1,186 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kingsly_certbot
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - FOSS at GO-JEK
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-01-31 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 2.0.1
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '2.0'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 2.0.1
33
+ - !ruby/object:Gem::Dependency
34
+ name: rake
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '10.5'
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ version: 10.5.0
43
+ type: :development
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: '10.5'
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: 10.5.0
53
+ - !ruby/object:Gem::Dependency
54
+ name: rspec
55
+ requirement: !ruby/object:Gem::Requirement
56
+ requirements:
57
+ - - "~>"
58
+ - !ruby/object:Gem::Version
59
+ version: '3.8'
60
+ - - ">="
61
+ - !ruby/object:Gem::Version
62
+ version: 3.8.0
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '3.8'
70
+ - - ">="
71
+ - !ruby/object:Gem::Version
72
+ version: 3.8.0
73
+ - !ruby/object:Gem::Dependency
74
+ name: rubocop
75
+ requirement: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - "~>"
78
+ - !ruby/object:Gem::Version
79
+ version: 0.63.1
80
+ type: :development
81
+ prerelease: false
82
+ version_requirements: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - "~>"
85
+ - !ruby/object:Gem::Version
86
+ version: 0.63.1
87
+ - !ruby/object:Gem::Dependency
88
+ name: webmock
89
+ requirement: !ruby/object:Gem::Requirement
90
+ requirements:
91
+ - - "~>"
92
+ - !ruby/object:Gem::Version
93
+ version: '3.5'
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: 3.5.1
97
+ type: :development
98
+ prerelease: false
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.5'
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: 3.5.1
107
+ - !ruby/object:Gem::Dependency
108
+ name: sentry-raven
109
+ requirement: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - "~>"
112
+ - !ruby/object:Gem::Version
113
+ version: '2.9'
114
+ - - ">="
115
+ - !ruby/object:Gem::Version
116
+ version: 2.9.0
117
+ type: :runtime
118
+ prerelease: false
119
+ version_requirements: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - "~>"
122
+ - !ruby/object:Gem::Version
123
+ version: '2.9'
124
+ - - ">="
125
+ - !ruby/object:Gem::Version
126
+ version: 2.9.0
127
+ description:
128
+ email:
129
+ - foss+tech@go-jek.com
130
+ executables:
131
+ - kingsly-certbot
132
+ extensions: []
133
+ extra_rdoc_files: []
134
+ files:
135
+ - ".gitignore"
136
+ - ".rspec"
137
+ - ".rubocop.yml"
138
+ - ".ruby-gemset"
139
+ - ".ruby-version"
140
+ - ".travis.yml"
141
+ - CHANGELOG.md
142
+ - Gemfile
143
+ - Gemfile.lock
144
+ - LICENSE
145
+ - README.md
146
+ - Rakefile
147
+ - bin/console
148
+ - bin/kingsly-certbot
149
+ - bin/setup
150
+ - kingsly-config.yaml.sample
151
+ - kingsly_certbot.gemspec
152
+ - lib/kingsly_certbot.rb
153
+ - lib/kingsly_certbot/cert_bundle.rb
154
+ - lib/kingsly_certbot/configuration.rb
155
+ - lib/kingsly_certbot/ip_sec_cert_adapter.rb
156
+ - lib/kingsly_certbot/kingsly_client.rb
157
+ - lib/kingsly_certbot/runner.rb
158
+ - lib/kingsly_certbot/version.rb
159
+ homepage: https://github.com/gojekfarm/kingsly
160
+ licenses:
161
+ - Apache-2.0
162
+ metadata:
163
+ source_code_uri: https://github.com/gojekfarm/kingsly-certbot
164
+ changelog_uri: https://github.com/gojekfarm/kingsly-certbot/blob/master/CHANGELOG.md
165
+ post_install_message:
166
+ rdoc_options: []
167
+ require_paths:
168
+ - lib
169
+ required_ruby_version: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ required_rubygems_version: !ruby/object:Gem::Requirement
175
+ requirements:
176
+ - - ">="
177
+ - !ruby/object:Gem::Version
178
+ version: '0'
179
+ requirements: []
180
+ rubyforge_project:
181
+ rubygems_version: 2.7.6
182
+ signing_key:
183
+ specification_version: 4
184
+ summary: kingsly-certbot would update the local certs and update them from the ones
185
+ generated by kingsly
186
+ test_files: []