terrafying-components 1.13.3 → 1.13.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64976275b2690bf56d75eec4fcbe4be079a280c9b715b8fa4ea10ec18d4db4f9
|
4
|
+
data.tar.gz: c0a422c6ae06013e0320463638b0cf5753e0e78827a7037e1c7d8def82010441
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: beb5d7ddc9200c57836111d8326f83aa9e804ab988342f6ee5f72d58466a0e3a8ede5266a2b93196de9f4bc93d1b8ecef999940c9796d6818c474d157c501df0
|
7
|
+
data.tar.gz: 641c76f7d9180bf326628ee14ee2e2f44388fbfde0cf03b35cead6ffc283c947ef1d200cd981be109813781118402ba3474a8a048e0c7e7cf5b2b29e9e2d2e69
|
@@ -35,14 +35,33 @@ module Terrafying
|
|
35
35
|
"arn:aws:s3:::#{@bucket}#{key}"
|
36
36
|
end
|
37
37
|
|
38
|
-
def object_url(name, type)
|
39
|
-
|
40
|
-
key = output_of(:aws_s3_bucket_object, name, :key).to_s
|
38
|
+
def object_url(name, type, version: '')
|
39
|
+
key = object_key(name, type, version)
|
41
40
|
|
42
41
|
File.join('s3://', "#{@bucket}#{key}")
|
43
42
|
end
|
44
43
|
|
45
|
-
def
|
44
|
+
def find_keypair(name)
|
45
|
+
reference_keypair(
|
46
|
+
nil, name,
|
47
|
+
key_version: aws.s3_object(@bucket, object_key(name, :key, 'latest')[1..-1]),
|
48
|
+
cert_version: aws.s3_object(@bucket, object_key(name, :cert, 'latest')[1..-1]),
|
49
|
+
)
|
50
|
+
end
|
51
|
+
|
52
|
+
def reference_keypair(ctx, name, key_version:, cert_version:)
|
53
|
+
resources = []
|
54
|
+
|
55
|
+
if ctx != nil
|
56
|
+
resources += [
|
57
|
+
"aws_s3_bucket_object.#{object_name(name, :key)}",
|
58
|
+
"aws_s3_bucket_object.#{object_name(name, :cert)}"
|
59
|
+
]
|
60
|
+
if ctx == self
|
61
|
+
resources << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
46
65
|
ref = {
|
47
66
|
name: name,
|
48
67
|
ca: self,
|
@@ -51,13 +70,10 @@ module Terrafying
|
|
51
70
|
key: File.join('/etc/ssl', @name, name, 'key')
|
52
71
|
},
|
53
72
|
source: {
|
54
|
-
cert: object_url(name, :cert),
|
55
|
-
key: object_url(name, :key)
|
73
|
+
cert: object_url(name, :cert, version: cert_version),
|
74
|
+
key: object_url(name, :key, version: key_version)
|
56
75
|
},
|
57
|
-
resources:
|
58
|
-
"aws_s3_bucket_object.#{object_name(name, :key)}",
|
59
|
-
"aws_s3_bucket_object.#{object_name(name, :cert)}"
|
60
|
-
],
|
76
|
+
resources: resources,
|
61
77
|
iam_statement: {
|
62
78
|
Effect: 'Allow',
|
63
79
|
Action: [
|
@@ -72,10 +88,6 @@ module Terrafying
|
|
72
88
|
}
|
73
89
|
}
|
74
90
|
|
75
|
-
if self == ctx
|
76
|
-
ref[:resources] << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
|
77
|
-
end
|
78
|
-
|
79
91
|
ref
|
80
92
|
end
|
81
93
|
|
@@ -13,6 +13,9 @@ module Terrafying
|
|
13
13
|
def self.create(name, bucket, options = {})
|
14
14
|
LetsEncrypt.new.create name, bucket, options
|
15
15
|
end
|
16
|
+
def self.find(name, bucket, options = {})
|
17
|
+
LetsEncrypt.new.find name, bucket, options
|
18
|
+
end
|
16
19
|
|
17
20
|
def initialize
|
18
21
|
super
|
@@ -80,6 +83,43 @@ module Terrafying
|
|
80
83
|
|
81
84
|
@source = object_url(@name, :cert)
|
82
85
|
|
86
|
+
resource :aws_s3_bucket_object, "#{@name}-metadata",
|
87
|
+
bucket: @bucket,
|
88
|
+
key: File.join('', @prefix, @name, '.metadata'),
|
89
|
+
content: {
|
90
|
+
provider: options[:provider].to_s,
|
91
|
+
public_certificate: options[:public_certificate],
|
92
|
+
use_external_dns: options[:use_external_dns],
|
93
|
+
}.to_json
|
94
|
+
|
95
|
+
self
|
96
|
+
end
|
97
|
+
|
98
|
+
def find(name, bucket, prefix: "")
|
99
|
+
@name = name
|
100
|
+
@bucket = bucket
|
101
|
+
@prefix = prefix
|
102
|
+
|
103
|
+
# load the rest of the config from an s3 metadata file
|
104
|
+
metadata_obj = aws.s3_object(@bucket, [@prefix, @name, '.metadata'].compact.reject(&:empty?).join('/'))
|
105
|
+
metadata = JSON.parse(metadata_obj, symbolize_names: true)
|
106
|
+
|
107
|
+
@acme_provider = @acme_providers[metadata[:provider].to_sym]
|
108
|
+
@use_external_dns = metadata[:use_external_dns]
|
109
|
+
@ca_cert_acl = metadata[:public_certificate] ? 'public-read' : 'private'
|
110
|
+
|
111
|
+
account_key_obj = data :aws_s3_bucket_object, "#{@name}-account",
|
112
|
+
bucket: @bucket,
|
113
|
+
key: File.join('', @prefix, @name, 'account.key')
|
114
|
+
|
115
|
+
@account_key = account_key_obj["body"]
|
116
|
+
|
117
|
+
open(@acme_provider[:ca_cert], 'rb') do |cert|
|
118
|
+
@ca_cert = cert.read
|
119
|
+
end
|
120
|
+
|
121
|
+
@source = object_url(@name, :cert)
|
122
|
+
|
83
123
|
self
|
84
124
|
end
|
85
125
|
|
@@ -128,17 +168,27 @@ module Terrafying
|
|
128
168
|
certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem)
|
129
169
|
}.merge(cert_options)
|
130
170
|
|
171
|
+
key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
|
131
172
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-key",
|
132
173
|
bucket: @bucket,
|
133
|
-
key:
|
174
|
+
key: object_key(name, :key, key_version),
|
134
175
|
content: output_of(:tls_private_key, key_ident, :private_key_pem)
|
176
|
+
ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
|
177
|
+
bucket: @bucket,
|
178
|
+
key: object_key(name, :key, 'latest'),
|
179
|
+
content: key_version
|
135
180
|
|
181
|
+
cert_version = "${sha256(acme_certificate.#{key_ident}.certificate_pem)}"
|
136
182
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
|
137
183
|
bucket: @bucket,
|
138
|
-
key:
|
184
|
+
key: object_key(name, :cert, cert_version),
|
139
185
|
content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert
|
186
|
+
ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
|
187
|
+
bucket: @bucket,
|
188
|
+
key: object_key(name, :cert, 'latest'),
|
189
|
+
content: cert_version
|
140
190
|
|
141
|
-
reference_keypair(ctx, name)
|
191
|
+
reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
|
142
192
|
end
|
143
193
|
end
|
144
194
|
end
|
@@ -158,17 +158,27 @@ module Terrafying
|
|
158
158
|
validity_period_hours: options[:validity_in_hours],
|
159
159
|
allowed_uses: options[:allowed_uses]
|
160
160
|
|
161
|
+
key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
|
161
162
|
ctx.resource :aws_s3_bucket_object, object_name(name, :key),
|
162
163
|
bucket: @bucket,
|
163
|
-
key: object_key(name, :key,
|
164
|
+
key: object_key(name, :key, key_version),
|
164
165
|
content: output_of(:tls_private_key, key_ident, :private_key_pem)
|
166
|
+
ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
|
167
|
+
bucket: @bucket,
|
168
|
+
key: object_key(name, :key, 'latest'),
|
169
|
+
content: key_version
|
165
170
|
|
171
|
+
cert_version = "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"
|
166
172
|
ctx.resource :aws_s3_bucket_object, object_name(name, :cert),
|
167
173
|
bucket: @bucket,
|
168
|
-
key: object_key(name, :cert,
|
174
|
+
key: object_key(name, :cert, cert_version),
|
169
175
|
content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem)
|
176
|
+
ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
|
177
|
+
bucket: @bucket,
|
178
|
+
key: object_key(name, :cert, 'latest'),
|
179
|
+
content: cert_version
|
170
180
|
|
171
|
-
reference_keypair(ctx, name)
|
181
|
+
reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
|
172
182
|
end
|
173
183
|
end
|
174
184
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: terrafying-components
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.13.
|
4
|
+
version: 1.13.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- uSwitch Limited
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-08-
|
11
|
+
date: 2019-08-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|