terrafying-components 1.14.4 → 1.14.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/letsencrypt.rb +41 -14
  3. data/lib/terrafying/components/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a218bd82579c325e41040507e71620e224d8f4d8904d7933b55bb10b557f2318
4
- data.tar.gz: 11b0e4b72b006cb3c52875ec25ef54418f0eb50c49909756521b3f359d44b930
3
+ metadata.gz: 8fca07c0816615cc1f57e19b641aec5ab42e3d9663c69a357ff4f3a5793fad34
4
+ data.tar.gz: 1a654cca318f984dd39dfd6a30fa9c6198cca31b020e172ad21c760c92dc24d6
5
5
  SHA512:
6
- metadata.gz: 7c8e3597864ba5fa7954d9586b815f74054d32dcdb12db4b84ab1cba8674da68e5a972bed6f6f3d97e1e19d969cfc4edecacda50b7d51f3d4b286c40e4e10d70
7
- data.tar.gz: e6e2b218019db3afeded9ebb4c90dc2e4459b29b2f936ebea15242fa2bc16b99f35093b74b90fec1ca539fde8ebbb314b688298983b4fcfc3b693ed83fa610fe
6
+ metadata.gz: 5a0c2161f62f20fb914f02c6a1b074cd12d3010bf3f45475ff147133736418ba7b9dfb705faadc15585270f5f4d8e1a7c592290c6ba6f467a573bc0af65f0555
7
+ data.tar.gz: 0214fa43da5f25b99531bdd5433095b66a4ba4a3e444c7248f44f1f51b8cc8ae6ea81014820ec8621f6ce089c1d6fb35b0ab7f65baa7c9067ebcc76d3edf10b4
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -16,8 +16,8 @@ module Terrafying
16
16
  def self.find(name, bucket, options = {})
17
17
  LetsEncrypt.new.find name, bucket, options
18
18
  end
19
- def self.renew(name, bucket, options = {})
20
- LetsEncrypt.new.renew name, bucket, options
19
+ def self.renew(name, bucket, domains, options = {})
20
+ LetsEncrypt.new.renew name, bucket, domains, options
21
21
  end
22
22
 
23
23
  def initialize
@@ -176,6 +176,18 @@ module Terrafying
176
176
  certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem)
177
177
  }.merge(cert_options)
178
178
 
179
+ csr_version = "${sha256(tls_cert_request.#{key_ident}.cert_request_pem)}"
180
+
181
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-csr",
182
+ bucket: @bucket,
183
+ key: object_key(name, :csr, csr_version),
184
+ content: output_of(:tls_cert_request, key_ident, :cert_request_pem)
185
+
186
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-csr-latest",
187
+ bucket: @bucket,
188
+ key: object_key(name, :csr, 'latest'),
189
+ content: csr_version
190
+
179
191
  key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
180
192
 
181
193
  ctx.resource :aws_s3_bucket_object, "#{key_ident}-key",
@@ -188,23 +200,23 @@ module Terrafying
188
200
  key: object_key(name, :key, 'latest'),
189
201
  content: key_version
190
202
 
191
- cert_version = "${sha256(acme_certificate.#{key_ident}.certificate_pem)}"
203
+ cert_version = "${sha256(acme_certificate.#{key_ident}.certificate_pem)}"
192
204
 
193
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
194
- bucket: @bucket,
195
- key: object_key(name, :cert, cert_version),
196
- content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
197
- lifecycle: { ignore_changes: [ "content" ] } # the lambda will be updating it
205
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
206
+ bucket: @bucket,
207
+ key: object_key(name, :cert, cert_version),
208
+ content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
209
+ lifecycle: { ignore_changes: [ "content" ] } # the lambda will be updating it
198
210
 
199
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
200
- bucket: @bucket,
201
- key: object_key(name, :cert, 'latest'),
202
- content: cert_version
211
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
212
+ bucket: @bucket,
213
+ key: object_key(name, :cert, 'latest'),
214
+ content: cert_version
203
215
 
204
- reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
216
+ reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
205
217
  end
206
218
 
207
- def renew(name, bucket, options={})
219
+ def renew(name, bucket, domains, options={})
208
220
  options = {
209
221
  prefix: "",
210
222
  provider: :staging,
@@ -212,6 +224,7 @@ module Terrafying
212
224
 
213
225
  @name = name
214
226
  @bucket = bucket
227
+ @domains = domains
215
228
  @prefix = options[:prefix]
216
229
 
217
230
  resource :aws_lambda_function, "#{@name}_lambda", {
@@ -275,6 +288,20 @@ module Terrafying
275
288
  "arn:aws:s3:::#{@bucket}"
276
289
  ],
277
290
  Effect: "Allow"
291
+ },
292
+ {
293
+ Action: [
294
+ "route53:ListHostedZones",
295
+ "route53:GetChange",
296
+ "route53:ChangeResourceRecordSets",
297
+ ],
298
+ Resource: [
299
+ domains.map { | domain |
300
+ "arn:aws:route53:::hostedzone/#{domain.zone.id}"
301
+ },
302
+ "arn:aws:route53:::change/*",
303
+ ],
304
+ Effect: "Allow"
278
305
  }
279
306
  ]
280
307
  }
data/lib/terrafying/components/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Terrafying
4
4
  module Components
5
- VERSION = '1.14.4'
5
+ VERSION = '1.14.5'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.14.4
4
+ version: 1.14.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-12-12 00:00:00.000000000 Z
11
+ date: 2019-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake