RubyGems - terrafying-components - Versions diffs - 1.13.3 → 1.13.4 - Mend

terrafying-components 1.13.3 → 1.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/terrafying/components/ca.rb +26 -14
data/lib/terrafying/components/letsencrypt.rb +53 -3
data/lib/terrafying/components/selfsignedca.rb +13 -3
data/lib/terrafying/components/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32a2bad05156dae855836601faec56b249714a39ce3e10fd6a2e8a7e243c2938
-  data.tar.gz: 3e4cca4a730906e7c8c05e61a51f0ac1c48d9aefad179e1679b266100c333310
+  metadata.gz: 64976275b2690bf56d75eec4fcbe4be079a280c9b715b8fa4ea10ec18d4db4f9
+  data.tar.gz: c0a422c6ae06013e0320463638b0cf5753e0e78827a7037e1c7d8def82010441
 SHA512:
-  metadata.gz: ec61a270a02495adf1be9bbfc8fc377aa950158c3b2c408b745b77afffd7053970424547d51696478efe1adf31fe70648a2d322fd60f6e9453b0b3b2129aa81e
-  data.tar.gz: 3cf064638697581bf1c0ee95f8e79003fe29dc716c9e86978e653a13b90e83ef7ca3e774ac4d88c79ce455a880a9da11eab30e70200bf637f04a92c71fefc465
+  metadata.gz: beb5d7ddc9200c57836111d8326f83aa9e804ab988342f6ee5f72d58466a0e3a8ede5266a2b93196de9f4bc93d1b8ecef999940c9796d6818c474d157c501df0
+  data.tar.gz: 641c76f7d9180bf326628ee14ee2e2f44388fbfde0cf03b35cead6ffc283c947ef1d200cd981be109813781118402ba3474a8a048e0c7e7cf5b2b29e9e2d2e69

data/lib/terrafying/components/ca.rb CHANGED Viewed

@@ -35,14 +35,33 @@ module Terrafying
         "arn:aws:s3:::#{@bucket}#{key}"
       end
-      def object_url(name, type)
-        name = object_name(name, type)
-        key = output_of(:aws_s3_bucket_object, name, :key).to_s
+      def object_url(name, type, version: '')
+        key = object_key(name, type, version)
         File.join('s3://', "#{@bucket}#{key}")
       end
-      def reference_keypair(ctx, name)
+      def find_keypair(name)
+        reference_keypair(
+          nil, name,
+          key_version: aws.s3_object(@bucket, object_key(name, :key, 'latest')[1..-1]),
+          cert_version: aws.s3_object(@bucket, object_key(name, :cert, 'latest')[1..-1]),
+        )
+      end
+      def reference_keypair(ctx, name, key_version:, cert_version:)
+        resources = []
+        if ctx != nil
+          resources += [
+            "aws_s3_bucket_object.#{object_name(name, :key)}",
+            "aws_s3_bucket_object.#{object_name(name, :cert)}"
+          ]
+          if ctx == self
+            resources << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
+          end
+        end
         ref = {
           name: name,
           ca: self,
@@ -51,13 +70,10 @@ module Terrafying
             key: File.join('/etc/ssl', @name, name, 'key')
           },
           source: {
-            cert: object_url(name, :cert),
-            key: object_url(name, :key)
+            cert: object_url(name, :cert, version: cert_version),
+            key: object_url(name, :key, version: key_version)
           },
-          resources: [
-            "aws_s3_bucket_object.#{object_name(name, :key)}",
-            "aws_s3_bucket_object.#{object_name(name, :cert)}"
-          ],
+          resources: resources,
           iam_statement: {
             Effect: 'Allow',
             Action: [
@@ -72,10 +88,6 @@ module Terrafying
           }
         }
-        if self == ctx
-          ref[:resources] << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
-        end
         ref
       end

data/lib/terrafying/components/letsencrypt.rb CHANGED Viewed

@@ -13,6 +13,9 @@ module Terrafying
       def self.create(name, bucket, options = {})
         LetsEncrypt.new.create name, bucket, options
       end
+      def self.find(name, bucket, options = {})
+        LetsEncrypt.new.find name, bucket, options
+      end
       def initialize
         super
@@ -80,6 +83,43 @@ module Terrafying
         @source = object_url(@name, :cert)
+        resource :aws_s3_bucket_object, "#{@name}-metadata",
+                 bucket: @bucket,
+                 key: File.join('', @prefix, @name, '.metadata'),
+                 content: {
+                   provider: options[:provider].to_s,
+                   public_certificate: options[:public_certificate],
+                   use_external_dns: options[:use_external_dns],
+                 }.to_json
+        self
+      end
+      def find(name, bucket, prefix: "")
+        @name = name
+        @bucket = bucket
+        @prefix = prefix
+        # load the rest of the config from an s3 metadata file
+        metadata_obj = aws.s3_object(@bucket, [@prefix, @name, '.metadata'].compact.reject(&:empty?).join('/'))
+        metadata = JSON.parse(metadata_obj, symbolize_names: true)
+        @acme_provider = @acme_providers[metadata[:provider].to_sym]
+        @use_external_dns = metadata[:use_external_dns]
+        @ca_cert_acl = metadata[:public_certificate] ? 'public-read' : 'private'
+        account_key_obj = data :aws_s3_bucket_object, "#{@name}-account",
+                               bucket: @bucket,
+                               key: File.join('', @prefix, @name, 'account.key')
+        @account_key = account_key_obj["body"]
+        open(@acme_provider[:ca_cert], 'rb') do |cert|
+          @ca_cert = cert.read
+        end
+        @source = object_url(@name, :cert)
         self
       end
@@ -128,17 +168,27 @@ module Terrafying
                      certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem)
                    }.merge(cert_options)
+        key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
         ctx.resource :aws_s3_bucket_object, "#{key_ident}-key",
                      bucket: @bucket,
-                     key: File.join('', @prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", 'key'),
+                     key: object_key(name, :key, key_version),
                      content: output_of(:tls_private_key, key_ident, :private_key_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :key, 'latest'),
+                     content: key_version
+        cert_version = "${sha256(acme_certificate.#{key_ident}.certificate_pem)}"
         ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
                      bucket: @bucket,
-                     key: File.join('', @prefix, @name, name, "${sha256(acme_certificate.#{key_ident}.certificate_pem)}", 'cert'),
+                     key: object_key(name, :cert, cert_version),
                      content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :cert, 'latest'),
+                     content: cert_version
-        reference_keypair(ctx, name)
+        reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
       end
     end
   end

data/lib/terrafying/components/selfsignedca.rb CHANGED Viewed

@@ -158,17 +158,27 @@ module Terrafying
                      validity_period_hours: options[:validity_in_hours],
                      allowed_uses: options[:allowed_uses]
+        key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
         ctx.resource :aws_s3_bucket_object, object_name(name, :key),
                      bucket: @bucket,
-                     key: object_key(name, :key, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"),
+                     key: object_key(name, :key, key_version),
                      content: output_of(:tls_private_key, key_ident, :private_key_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :key, 'latest'),
+                     content: key_version
+        cert_version = "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"
         ctx.resource :aws_s3_bucket_object, object_name(name, :cert),
                      bucket: @bucket,
-                     key: object_key(name, :cert, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"),
+                     key: object_key(name, :cert, cert_version),
                      content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :cert, 'latest'),
+                     content: cert_version
-        reference_keypair(ctx, name)
+        reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
       end
     end
   end

data/lib/terrafying/components/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Terrafying
   module Components
-    VERSION = '1.13.3'
+    VERSION = '1.13.4'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 1.13.3
+  version: 1.13.4
 platform: ruby
 authors:
 - uSwitch Limited
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-15 00:00:00.000000000 Z
+date: 2019-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake