Class: Acmesmith::Storages::GoogleCloudStorage

Inherits:

Base

Object
Base
Acmesmith::Storages::GoogleCloudStorage

show all

Defined in:: lib/acmesmith/storages/google_cloud_storage.rb

Instance Attribute Summary collapse

#bucket ⇒ Object readonly

Returns the value of attribute bucket.
#compute_engine_service_account ⇒ Object readonly

Returns the value of attribute compute_engine_service_account.
#prefix ⇒ Object readonly

Returns the value of attribute prefix.
#private_key_json_file ⇒ Object readonly

Returns the value of attribute private_key_json_file.

Instance Method Summary collapse

Constructor Details

#initialize(bucket:, prefix:, compute_engine_service_account: nil, private_key_json_file: nil) ⇒ `GoogleCloudStorage`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 14

def initialize(bucket:, prefix:, compute_engine_service_account:nil, private_key_json_file:nil)
  @bucket = bucket
  @prefix = prefix
  if @prefix && !@prefix.end_with?('/')
    @prefix += '/'
  end
  @compute_engine_service_account = compute_engine_service_account
  @private_key_json_file = private_key_json_file

  @scope = 'https://www.googleapis.com/auth/devstorage.read_write'
  @api = Google::Apis::StorageV1::StorageService.new
  if @compute_engine_service_account
    @api.authorization = Google::Auth.get_application_default(@scope)
  elsif @private_key_json_file
    credential = load_json_key(@private_key_json_file)
    @api.authorization = Signet::OAuth2::Client.new(
      token_credential_uri: "https://accounts.google.com/o/oauth2/token",
      audience: "https://accounts.google.com/o/oauth2/token",
      scope: @scope,
      issuer: credential[:email_address],
      signing_key: credential[:private_key])
  else
    raise "You need to specify authentication options (compute_engine_service_account or private_key_json_file)"
  end
  @api.authorization.fetch_access_token!
end

Instance Attribute Details

#bucket ⇒ `Object` (readonly)

Returns the value of attribute bucket.



12
13
14

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 12

def bucket
  @bucket
end

#compute_engine_service_account ⇒ `Object` (readonly)

Returns the value of attribute compute_engine_service_account.



12
13
14

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 12

def compute_engine_service_account
  @compute_engine_service_account
end

#prefix ⇒ `Object` (readonly)

Returns the value of attribute prefix.



12
13
14

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 12

def prefix
  @prefix
end

#private_key_json_file ⇒ `Object` (readonly)

Returns the value of attribute private_key_json_file.



12
13
14

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 12

def private_key_json_file
  @private_key_json_file
end

Instance Method Details

#account_key_exist? ⇒ `Boolean`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 53

def account_key_exist?
  begin
    get_account_key
  rescue NotExist
    return false
  else
    return true
  end
end

#get_account_key ⇒ `Object`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 41

def get_account_key
  obj = @api.get_object(bucket, account_key_key)
  media = get_media(obj.media_link)
  AccountKey.new media
rescue Google::Apis::ClientError => e
  if e.status_code == 404
    raise NotExist.new("Account key doesn't exist")
  else
    raise e
  end
end

#get_certificate(common_name, version: 'current') ⇒ `Object`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 97

def get_certificate(common_name, version: 'current')
  version = certificate_current(common_name) if version == 'current'

  certificate = get_media(@api.get_object(bucket, certificate_key(common_name, version)).media_link)
  chain       = get_media(@api.get_object(bucket, chain_key(common_name, version)).media_link)
  private_key = get_media(@api.get_object(bucket, private_key_key(common_name, version)).media_link)
  Certificate.new(certificate, chain, private_key)
rescue Google::Apis::ClientError => e
  if e.status_code == 404
    raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
  else
    raise e
  end
end

#get_current_certificate_version(common_name) ⇒ `Object`



134
135
136

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 134

def get_current_certificate_version(common_name)
  certificate_current(common_name)
end

#list_certificate_versions(common_name) ⇒ `Object`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 123

def list_certificate_versions(common_name)
  cert_ver_prefix = "#{prefix}certs/#{common_name}/"
  objects = @api.fetch_all do |token, s|
    s.list_objects(bucket, prefix: cert_ver_prefix, page_token: token)
  end
  objects.map { |obj|
    regexp = /\A#{Regexp.escape(cert_ver_prefix)}/
    obj.name.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '')
  }.uniq.reject { |_| _ == 'current' }
end

#list_certificates ⇒ `Object`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 112

def list_certificates
  certs_prefix = "#{prefix}certs/"
  objects = @api.fetch_all do |token, s|
    s.list_objects(bucket, prefix: certs_prefix, page_token: token)
  end
  objects.map{ |obj|
    regexp = /\A#{Regexp.escape(certs_prefix)}/
    obj.name.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '')
  }.uniq
end

#put_account_key(key, passphrase = nil) ⇒ `Object`

Raises:

(AlreadyExist)

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 63

def put_account_key(key, passphrase = nil)
  raise AlreadyExist if account_key_exist?
  obj = Google::Apis::StorageV1::Object.new(
    name: account_key_key,
    content_type: 'application/x-pem-file'
  )
  @api.insert_object(bucket, obj, upload_source: StringIO.new(key.export(passphrase)))
end

#put_certificate(cert, passphrase = nil, update_current: true) ⇒ `Object`

# File 'lib/acmesmith/storages/google_cloud_storage.rb', line 72

def put_certificate(cert, passphrase = nil, update_current: true)
  h = cert.export(passphrase)

  put = -> (key, body) do
    obj = Google::Apis::StorageV1::Object.new(
      name: key,
      content_type: 'application/x-pem-file',
    )
    @api.insert_object(bucket, obj, upload_source: StringIO.new(body))
  end

  put.call certificate_key(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n"
  put.call chain_key(cert.common_name, cert.version), "#{h[:chain].rstrip}\n"
  put.call fullchain_key(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n"
  put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n"

  if update_current
    @api.insert_object(
      bucket,
      Google::Apis::StorageV1::Object.new(name: certificate_current_key(cert.common_name), content_type: 'text/plain'),
      upload_source: StringIO.new(cert.version),
    )
  end
end

Class: Acmesmith::Storages::GoogleCloudStorage

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(bucket:, prefix:, compute_engine_service_account: nil, private_key_json_file: nil) ⇒ GoogleCloudStorage

Instance Attribute Details

#bucket ⇒ Object (readonly)

#compute_engine_service_account ⇒ Object (readonly)

#prefix ⇒ Object (readonly)

#private_key_json_file ⇒ Object (readonly)

Instance Method Details

#account_key_exist? ⇒ Boolean

#get_account_key ⇒ Object

#get_certificate(common_name, version: 'current') ⇒ Object

#get_current_certificate_version(common_name) ⇒ Object

#list_certificate_versions(common_name) ⇒ Object

#list_certificates ⇒ Object

#put_account_key(key, passphrase = nil) ⇒ Object

#put_certificate(cert, passphrase = nil, update_current: true) ⇒ Object