tkuchiki
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 424 additions & 1 deletion b/‎README.md‎
Lines changed: 424 additions & 1 deletion
diff --git a/‎acm.go‎
Lines changed: 199 additions & 0 deletions b/‎acm.go‎
Lines changed: 199 additions & 0 deletions
diff --git a/‎alb.go‎
Lines changed: 187 additions & 0 deletions b/‎alb.go‎
Lines changed: 187 additions & 0 deletions
@@ -12,3 +12,5 @@
 
 # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
 .glide/
+
+**.pem
@@ -0,0 +1,199 @@
+package certutils
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/acm"
+	"github.com/olekukonko/tablewriter"
+)
+
+type ACM struct {
+	client *acm.ACM
+}
+
+type ACMDescription struct {
+	arn                     string
+	nameTag                 string
+	status                  string
+	inUseBy                 []string
+	notAfter                time.Time
+	domainName              string
+	subjectAlternativeNames []string
+}
+
+func NewACM(sess *session.Session) *ACM {
+	return &ACM{
+		client: acm.New(sess),
+	}
+}
+
+func createACMImportCertificateInput(cert, chain, pkey []byte) *acm.ImportCertificateInput {
+	return &acm.ImportCertificateInput{
+		Certificate:      cert,
+		CertificateChain: chain,
+		PrivateKey:       pkey,
+	}
+}
+
+func (a *ACM) Import(cert, chain, pkey []byte) (string, string, error) {
+	out, err := a.client.ImportCertificate(createACMImportCertificateInput(cert, chain, pkey))
+
+	return *out.CertificateArn, fmt.Sprintf("Imported %s", *out.CertificateArn), err
+}
+
+func createACMListCertificatesInput(statuses []string, maxItems int64, nextToken string) *acm.ListCertificatesInput {
+	linput := &acm.ListCertificatesInput{}
+
+	if len(statuses) > 0 {
+		linput.SetCertificateStatuses(aws.StringSlice(statuses))
+	}
+
+	if maxItems > 0 {
+		linput.SetMaxItems(maxItems)
+	}
+
+	if nextToken != "" {
+		linput.SetNextToken(nextToken)
+	}
+
+	return linput
+}
+
+func (a *ACM) listTags(arn string) (*acm.ListTagsForCertificateOutput, error) {
+	input := &acm.ListTagsForCertificateInput{}
+	input.SetCertificateArn(arn)
+
+	return a.client.ListTagsForCertificate(input)
+}
+
+func (a *ACM) getNameTag(arn string) (string, error) {
+	out, err := a.listTags(arn)
+	if err != nil {
+		return "", err
+	}
+
+	for _, tag := range out.Tags {
+		if strings.ToLower(aws.StringValue(tag.Key)) == "name" {
+			return *tag.Value, nil
+		}
+	}
+
+	return "", fmt.Errorf("Name tag not found")
+}
+
+func (a *ACM) List(statuses string, maxItems int64, nextToken string) ([]ACMDescription, error) {
+	cout, err := a.client.ListCertificates(createACMListCertificatesInput(SplitStatuses(statuses), maxItems, nextToken))
+
+	descs := make([]ACMDescription, 0, len(cout.CertificateSummaryList))
+	for _, summary := range cout.CertificateSummaryList {
+		dcout, err := a.client.DescribeCertificate(&acm.DescribeCertificateInput{
+			CertificateArn: summary.CertificateArn,
+		})
+		if err != nil {
+			return []ACMDescription{}, err
+		}
+
+		cert := dcout.Certificate
+		nameTag, _ := a.getNameTag(*cert.CertificateArn)
+
+		desc := ACMDescription{
+			arn:                     *cert.CertificateArn,
+			nameTag:                 nameTag,
+			status:                  *cert.Status,
+			inUseBy:                 aws.StringValueSlice(cert.InUseBy),
+			notAfter:                aws.TimeValue(cert.NotAfter),
+			domainName:              *cert.DomainName,
+			subjectAlternativeNames: aws.StringValueSlice(cert.SubjectAlternativeNames),
+		}
+
+		descs = append(descs, desc)
+	}
+
+	return descs, err
+}
+
+func (a *ACM) ListArns(statuses string, maxItems int64, nextToken string) ([]string, error) {
+	descs, err := a.List(statuses, maxItems, nextToken)
+
+	arns := make([]string, 0, len(descs))
+	for _, desc := range descs {
+		arns = append(arns, desc.arn)
+	}
+
+	return arns, err
+}
+
+func toACMTags(tags []Tag) []*acm.Tag {
+	if len(tags) <= 0 {
+		return []*acm.Tag{}
+	}
+
+	acmTags := make([]*acm.Tag, 0, len(tags))
+
+	for _, t := range tags {
+		acmTag := &acm.Tag{
+			Key:   aws.String(t.Key),
+			Value: aws.String(t.Value),
+		}
+
+		acmTags = append(acmTags, acmTag)
+	}
+
+	return acmTags
+}
+
+func createACMAddTagsToCertificateInput(arn string, tags []Tag) *acm.AddTagsToCertificateInput {
+	tinput := &acm.AddTagsToCertificateInput{}
+	tinput.SetCertificateArn(arn)
+	tinput.SetTags(toACMTags(tags))
+
+	return tinput
+}
+
+func (a *ACM) AddTags(arn string, tags []Tag) error {
+	_, err := a.client.AddTagsToCertificate(createACMAddTagsToCertificateInput(arn, tags))
+
+	return err
+}
+
+func createACMDeleteCertificateInput(arn string) *acm.DeleteCertificateInput {
+	dinput := &acm.DeleteCertificateInput{}
+
+	dinput.SetCertificateArn(arn)
+
+	return dinput
+}
+
+func (a *ACM) Delete(arn string) (string, error) {
+	_, err := a.client.DeleteCertificate(createACMDeleteCertificateInput(arn))
+
+	return fmt.Sprintf("Deleted %s", arn), err
+}
+
+func (a *ACM) ReadableList(descs []ACMDescription) {
+	table := tablewriter.NewWriter(os.Stdout)
+
+	table.SetHeader([]string{"Name tag", "Domain Name", "Additional Name", "In Use?", "Not After", "Certificate Arn"})
+	table.SetAutoMergeCells(true)
+	table.SetRowLine(true)
+
+	for _, desc := range descs {
+		inUse := "No"
+		if len(desc.inUseBy) > 0 {
+			inUse = "Yes"
+		}
+		for _, name := range desc.subjectAlternativeNames {
+			if name == desc.domainName {
+				continue
+			}
+			table.Append([]string{desc.nameTag, desc.domainName, name, inUse, desc.notAfter.String(), desc.arn})
+		}
+	}
+
+	table.Render()
+}
@@ -0,0 +1,187 @@
+package certutils
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/elbv2"
+	"github.com/olekukonko/tablewriter"
+)
+
+type ALB struct {
+	client *elbv2.ELBV2
+}
+
+type ALBDescription struct {
+	name    string
+	dnsname string
+	certs   []ALBCertificate
+}
+
+type ALBCertificate struct {
+	arn         string
+	port        int64
+	listenerArn string
+}
+
+func NewALB(sess *session.Session) *ALB {
+	return &ALB{
+		client: elbv2.New(sess),
+	}
+}
+
+func createALBDescribeListenersInput(lbArn string) *elbv2.DescribeListenersInput {
+	input := &elbv2.DescribeListenersInput{}
+
+	input.SetLoadBalancerArn(lbArn)
+
+	return input
+}
+
+func (alb *ALB) getLBs(certFilter string) ([]ALBDescription, error) {
+	input := &elbv2.DescribeLoadBalancersInput{}
+	out, err := alb.client.DescribeLoadBalancers(input)
+	lbs := make([]ALBDescription, 0, len(out.LoadBalancers))
+	for _, lb := range out.LoadBalancers {
+		albdesc := ALBDescription{}
+
+		albdesc.dnsname = *lb.DNSName
+		albdesc.name = *lb.LoadBalancerName
+
+		lout, err := alb.client.DescribeListeners(createALBDescribeListenersInput(*lb.LoadBalancerArn))
+		if err != nil {
+			return []ALBDescription{}, err
+		}
+
+		for _, l := range lout.Listeners {
+			for _, cert := range l.Certificates {
+				if certFilter != "" && certFilter != *cert.CertificateArn {
+					continue
+				}
+
+				albcert := ALBCertificate{
+					arn:         *cert.CertificateArn,
+					port:        *l.Port,
+					listenerArn: *l.ListenerArn,
+				}
+				albdesc.certs = append(albdesc.certs, albcert)
+			}
+		}
+
+		if len(albdesc.certs) < 1 {
+			continue
+		}
+
+		lbs = append(lbs, albdesc)
+	}
+	return lbs, err
+}
+
+func (alb *ALB) List(certFilter string) ([]ALBDescription, error) {
+	return alb.getLBs(certFilter)
+}
+
+func (alb *ALB) getListener(name string) (*elbv2.Listener, error) {
+	lbinput := &elbv2.DescribeLoadBalancersInput{}
+	names := []string{name}
+	lbinput.SetNames(aws.StringSlice(names))
+	lbout, err := alb.client.DescribeLoadBalancers(lbinput)
+	if err != nil {
+		return &elbv2.Listener{}, err
+	}
+
+	if len(lbout.LoadBalancers) < 1 {
+		return &elbv2.Listener{}, fmt.Errorf("Listener not found")
+	}
+
+	linput := &elbv2.DescribeListenersInput{}
+	linput.SetLoadBalancerArn(*lbout.LoadBalancers[0].LoadBalancerArn)
+
+	lout, err := alb.client.DescribeListeners(linput)
+	if err != nil {
+		return &elbv2.Listener{}, err
+	}
+
+	if len(lout.Listeners) < 1 {
+		return &elbv2.Listener{}, fmt.Errorf("Listener not found")
+	}
+
+	return lout.Listeners[0], nil
+}
+
+func createALBModifyListenerInput(listenerArn, certArn string) *elbv2.ModifyListenerInput {
+	input := &elbv2.ModifyListenerInput{}
+
+	cert := &elbv2.Certificate{}
+	cert.SetCertificateArn(certArn)
+
+	certs := []*elbv2.Certificate{cert}
+
+	input.SetCertificates(certs)
+
+	input.SetListenerArn(listenerArn)
+
+	return input
+}
+
+func (alb *ALB) Update(name string, certArn string) error {
+	l, err := alb.getListener(name)
+	if err != nil {
+		return err
+	}
+
+	_, err = alb.client.ModifyListener(createALBModifyListenerInput(*l.ListenerArn, certArn))
+
+	return err
+}
+
+func albUpdateMsg(name string, port int64, src, dest string) string {
+	return fmt.Sprintf("Updated %s:%d %s -> %s", name, port, src, dest)
+}
+
+func (alb *ALB) BulkUpdate(srcCertArn, destCertArn string, dryRun bool) ([]string, error) {
+	lbs, err := alb.getLBs(srcCertArn)
+	if err != nil {
+		return []string{}, err
+	}
+
+	updates := make([]string, 0)
+	if dryRun {
+		updates = append(updates, dryRunMsg()...)
+	}
+
+	for _, lb := range lbs {
+		for _, cert := range lb.certs {
+			if dryRun {
+				updates = append(updates, albUpdateMsg(lb.name, cert.port, srcCertArn, destCertArn))
+			} else {
+				_, err := alb.client.ModifyListener(createALBModifyListenerInput(cert.listenerArn, destCertArn))
+
+				if err != nil {
+					return []string{}, err
+				}
+				updates = append(updates, albUpdateMsg(lb.name, cert.port, srcCertArn, destCertArn))
+			}
+		}
+	}
+
+	return updates, nil
+}
+
+func (alb *ALB) ReadableList(descs []ALBDescription) {
+	table := tablewriter.NewWriter(os.Stdout)
+
+	table.SetHeader([]string{"Name", "Port", "Listener SSL Certificate"})
+	table.SetAutoMergeCells(true)
+	table.SetRowLine(true)
+
+	for _, desc := range descs {
+		for _, cert := range desc.certs {
+			table.Append([]string{desc.name, fmt.Sprint(cert.port), cert.arn})
+		}
+	}
+
+	table.Render()
+}
-Original file line number
+Diff line change
 # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
 .glide/
++
 +**.pem