Class: Acmesmith::ChallengeResponders::Route53

Inherits:

Base

• Object
• Base
• Acmesmith::ChallengeResponders::Route53

Defined in:

lib/acmesmith/challenge_responders/route53.rb

Defined Under Namespace

Classes: AmbiguousHostedZones, HostedZoneNotFound

Instance Method Summary

• #cap_respond_all? ⇒ Boolean
• #cleanup_all(*domain_and_challenges) ⇒ Object
• #initialize(aws_access_key: nil, assume_role: nil, hosted_zone_map: {}, restore_to_original_records: false, substitution_map: {}) ⇒ Route53 constructor

  A new instance of Route53.

• #respond_all(*domain_and_challenges) ⇒ Object
• #support?(type) ⇒ Boolean

Methods inherited from Base

#applicable?, #cleanup, #respond

Constructor Details

#initialize(aws_access_key: nil, assume_role: nil, hosted_zone_map: {}, restore_to_original_records: false, substitution_map: {}) ⇒ Route53

Returns a new instance of Route53.

# File 'lib/acmesmith/challenge_responders/route53.rb', line 20

def initialize(aws_access_key: nil, assume_role: nil, hosted_zone_map: {}, restore_to_original_records: false, substitution_map: {})
  aws_options = {region: 'us-east-1'}.tap do |opt| 
    opt[:credentials] = Aws::Credentials.new(aws_access_key['access_key_id'], aws_access_key['secret_access_key'], aws_access_key['session_token']) if aws_access_key
  end

  @route53 = Aws::Route53::Client.new(aws_options.dup.tap do |opt|
    case
    when assume_role
      opt[:credentials] = Aws::AssumeRoleCredentials.new(
        client: Aws::STS::Client.new(aws_options),
        **({role_session_name: "acmesmith-#{$$}"}.merge(assume_role.map{ |k,v| [k.to_sym,v] }.to_h)),
      )
    end
  end)

  @hosted_zone_map = hosted_zone_map
  @hosted_zone_cache = {}

  @restore_to_original_records = restore_to_original_records
  @original_records = {}

  @substitution_map = substitution_map.map { |k,v| [canonical_fqdn(k), v] }.to_h
end

Instance Method Details

#cap_respond_all? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/acmesmith/challenge_responders/route53.rb', line 16

def cap_respond_all?
  true
end

#cleanup_all(*domain_and_challenges) ⇒ Object

# File 'lib/acmesmith/challenge_responders/route53.rb', line 66

def cleanup_all(*domain_and_challenges)
  domain_and_challenges = apply_substitution_for_domain_and_challenges(domain_and_challenges)

  challenges_by_hosted_zone = domain_and_challenges.group_by { |(domain, _)| find_hosted_zone(domain) }

  zone_and_batches = challenges_by_hosted_zone.map do |zone_id, dcs|
    [
      zone_id,
      change_batch_for_challenges(
        dcs,
        action: 'DELETE',
        comment: '(cleanup)',
        post_changes: changes_to_restore_original_records(zone_id, *dcs),
      ),
    ]
  end

  request_changing_rrset(zone_and_batches, comment: 'to remove challenge responses')
end

#respond_all(*domain_and_challenges) ⇒ Object

# File 'lib/acmesmith/challenge_responders/route53.rb', line 44

def respond_all(*domain_and_challenges)
  domain_and_challenges = apply_substitution_for_domain_and_challenges(domain_and_challenges)

  save_original_records(*domain_and_challenges) if @restore_to_original_records

  challenges_by_hosted_zone = domain_and_challenges.group_by { |(domain, _)| find_hosted_zone(domain) }

  zone_and_batches = challenges_by_hosted_zone.map do |zone_id, dcs|
    [
      zone_id,
      change_batch_for_challenges(
        dcs,
        action: 'UPSERT',
        pre_changes: changes_to_delete_original_cname(zone_id, *dcs),
      ),
    ]
  end

  change_ids = request_changing_rrset(zone_and_batches, comment: 'for challenge response')
  wait_for_sync(change_ids)
end

#support?(type) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/acmesmith/challenge_responders/route53.rb', line 11

def support?(type)
  # Acme::Client::Resources::Challenges::DNS01
  type == 'dns-01'
end