terrafying-components 1.13.3 → 1.13.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32a2bad05156dae855836601faec56b249714a39ce3e10fd6a2e8a7e243c2938
-  data.tar.gz: 3e4cca4a730906e7c8c05e61a51f0ac1c48d9aefad179e1679b266100c333310
+  metadata.gz: 64976275b2690bf56d75eec4fcbe4be079a280c9b715b8fa4ea10ec18d4db4f9
+  data.tar.gz: c0a422c6ae06013e0320463638b0cf5753e0e78827a7037e1c7d8def82010441
 SHA512:
-  metadata.gz: ec61a270a02495adf1be9bbfc8fc377aa950158c3b2c408b745b77afffd7053970424547d51696478efe1adf31fe70648a2d322fd60f6e9453b0b3b2129aa81e
-  data.tar.gz: 3cf064638697581bf1c0ee95f8e79003fe29dc716c9e86978e653a13b90e83ef7ca3e774ac4d88c79ce455a880a9da11eab30e70200bf637f04a92c71fefc465
+  metadata.gz: beb5d7ddc9200c57836111d8326f83aa9e804ab988342f6ee5f72d58466a0e3a8ede5266a2b93196de9f4bc93d1b8ecef999940c9796d6818c474d157c501df0
+  data.tar.gz: 641c76f7d9180bf326628ee14ee2e2f44388fbfde0cf03b35cead6ffc283c947ef1d200cd981be109813781118402ba3474a8a048e0c7e7cf5b2b29e9e2d2e69

data/lib/terrafying/components/ca.rb

@@ -35,14 +35,33 @@ module Terrafying
         "arn:aws:s3:::#{@bucket}#{key}"
       end
 
-      def object_url(name, type)
-        name = object_name(name, type)
-        key = output_of(:aws_s3_bucket_object, name, :key).to_s
+      def object_url(name, type, version: '')
+        key = object_key(name, type, version)
 
         File.join('s3://', "#{@bucket}#{key}")
       end
 
-      def reference_keypair(ctx, name)
+      def find_keypair(name)
+        reference_keypair(
+          nil, name,
+          key_version: aws.s3_object(@bucket, object_key(name, :key, 'latest')[1..-1]),
+          cert_version: aws.s3_object(@bucket, object_key(name, :cert, 'latest')[1..-1]),
+        )
+      end
+
+      def reference_keypair(ctx, name, key_version:, cert_version:)
+        resources = []
+
+        if ctx != nil
+          resources += [
+            "aws_s3_bucket_object.#{object_name(name, :key)}",
+            "aws_s3_bucket_object.#{object_name(name, :cert)}"
+          ]
+          if ctx == self
+            resources << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
+          end
+        end
+
         ref = {
           name: name,
           ca: self,
@@ -51,13 +70,10 @@ module Terrafying
             key: File.join('/etc/ssl', @name, name, 'key')
           },
           source: {
-            cert: object_url(name, :cert),
-            key: object_url(name, :key)
+            cert: object_url(name, :cert, version: cert_version),
+            key: object_url(name, :key, version: key_version)
           },
-          resources: [
-            "aws_s3_bucket_object.#{object_name(name, :key)}",
-            "aws_s3_bucket_object.#{object_name(name, :cert)}"
-          ],
+          resources: resources,
           iam_statement: {
             Effect: 'Allow',
             Action: [
@@ -72,10 +88,6 @@ module Terrafying
           }
         }
 
-        if self == ctx
-          ref[:resources] << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
-        end
-
         ref
       end
 

data/lib/terrafying/components/letsencrypt.rb

@@ -13,6 +13,9 @@ module Terrafying
       def self.create(name, bucket, options = {})
         LetsEncrypt.new.create name, bucket, options
       end
+      def self.find(name, bucket, options = {})
+        LetsEncrypt.new.find name, bucket, options
+      end
 
       def initialize
         super
@@ -80,6 +83,43 @@ module Terrafying
 
         @source = object_url(@name, :cert)
 
+        resource :aws_s3_bucket_object, "#{@name}-metadata",
+                 bucket: @bucket,
+                 key: File.join('', @prefix, @name, '.metadata'),
+                 content: {
+                   provider: options[:provider].to_s,
+                   public_certificate: options[:public_certificate],
+                   use_external_dns: options[:use_external_dns],
+                 }.to_json
+
+        self
+      end
+
+      def find(name, bucket, prefix: "")
+        @name = name
+        @bucket = bucket
+        @prefix = prefix
+
+        # load the rest of the config from an s3 metadata file
+        metadata_obj = aws.s3_object(@bucket, [@prefix, @name, '.metadata'].compact.reject(&:empty?).join('/'))
+        metadata = JSON.parse(metadata_obj, symbolize_names: true)
+
+        @acme_provider = @acme_providers[metadata[:provider].to_sym]
+        @use_external_dns = metadata[:use_external_dns]
+        @ca_cert_acl = metadata[:public_certificate] ? 'public-read' : 'private'
+
+        account_key_obj = data :aws_s3_bucket_object, "#{@name}-account",
+                               bucket: @bucket,
+                               key: File.join('', @prefix, @name, 'account.key')
+
+        @account_key = account_key_obj["body"]
+
+        open(@acme_provider[:ca_cert], 'rb') do |cert|
+          @ca_cert = cert.read
+        end
+
+        @source = object_url(@name, :cert)
+
         self
       end
 
@@ -128,17 +168,27 @@ module Terrafying
                      certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem)
                    }.merge(cert_options)
 
+        key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
         ctx.resource :aws_s3_bucket_object, "#{key_ident}-key",
                      bucket: @bucket,
-                     key: File.join('', @prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", 'key'),
+                     key: object_key(name, :key, key_version),
                      content: output_of(:tls_private_key, key_ident, :private_key_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :key, 'latest'),
+                     content: key_version
 
+        cert_version = "${sha256(acme_certificate.#{key_ident}.certificate_pem)}"
         ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
                      bucket: @bucket,
-                     key: File.join('', @prefix, @name, name, "${sha256(acme_certificate.#{key_ident}.certificate_pem)}", 'cert'),
+                     key: object_key(name, :cert, cert_version),
                      content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :cert, 'latest'),
+                     content: cert_version
 
-        reference_keypair(ctx, name)
+        reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
       end
     end
   end

data/lib/terrafying/components/selfsignedca.rb

@@ -158,17 +158,27 @@ module Terrafying
                      validity_period_hours: options[:validity_in_hours],
                      allowed_uses: options[:allowed_uses]
 
+        key_version = "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"
         ctx.resource :aws_s3_bucket_object, object_name(name, :key),
                      bucket: @bucket,
-                     key: object_key(name, :key, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"),
+                     key: object_key(name, :key, key_version),
                      content: output_of(:tls_private_key, key_ident, :private_key_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-key-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :key, 'latest'),
+                     content: key_version
 
+        cert_version = "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"
         ctx.resource :aws_s3_bucket_object, object_name(name, :cert),
                      bucket: @bucket,
-                     key: object_key(name, :cert, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"),
+                     key: object_key(name, :cert, cert_version),
                      content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem)
+        ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert-latest",
+                     bucket: @bucket,
+                     key: object_key(name, :cert, 'latest'),
+                     content: cert_version
 
-        reference_keypair(ctx, name)
+        reference_keypair(ctx, name, key_version: key_version, cert_version: cert_version)
       end
     end
   end

data/lib/terrafying/components/version.rb

@@ -2,6 +2,6 @@
 
 module Terrafying
   module Components
-    VERSION = '1.13.3'
+    VERSION = '1.13.4'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 1.13.3
+  version: 1.13.4
 platform: ruby
 authors:
 - uSwitch Limited
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-15 00:00:00.000000000 Z
+date: 2019-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake