zachfi · November 10, 2016 20:43
diff --git a/letsenncrypt_dns_hook.py b/letsenncrypt_dns_hook.py
 #! /usr/bin/env python3
 # vim: set fileencoding=UTF-8

 """ letsencrypt_dns_hook.py: Used as a hook script for dehydrated.sh during
 validation for a given name to modify the route53 DNS records necessary to
 provide proof of domain ownership.
 """

 __author__    = "Zach Leslie"
 __copyright__ = "Copyright 2016, OtoAnalytics"
 __license__   = "Apache2"
 __version__   = "1.0.1"
 __maintainer__ = "Zach Leslie"


 import logging
 import sys
 import boto3
 import time


 class LetsEncryptRoute53HookThing():
    def __init__(self, *, certname, token, external_zone, external_zone_id):
        self.external_zone = external_zone
        self.external_zone_id = external_zone_id

        self.route53 = boto3.client('route53')
        self.hostname, self.domain = certname.split(self.external_zone, 1)
        self.fakezone = certname.split('.', 1)[-1]
        self.certname = certname
        self.token = token

    def create_txt_record(self):
        results = self.route53.change_resource_record_sets(
            HostedZoneId=self.external_zone_id,
            ChangeBatch={
                'Changes': [
                    {
                        'Action': 'UPSERT',
                        'ResourceRecordSet': {
                            'Name': '_acme-challenge.%s' % self.fakezone,
                            'Type': 'TXT',
                            'TTL': 0,
                            'ResourceRecords': [
                                {
                                    'Value': '"%s"' % str(self.token)
                                }
                            ]
                        }
                    },
                    {
                        'Action': 'UPSERT',
                        'ResourceRecordSet': {
                            'Name': '_acme-challenge.%s' % self.certname,
                            'Type': 'TXT',
                            'TTL': 0,
                            'ResourceRecords': [
                                {
                                    'Value': '"%s"' % str(self.token)
                                }
                            ]
                        }
                    }
                ]
            }
        )

        logging.info('sleeping 20 seconds')
        time.sleep(20)

    def delete_txt_record(self):
        results = self.route53.change_resource_record_sets(
            HostedZoneId=self.external_zone_id,
            ChangeBatch={
                'Changes': [
                    {
                        'Action': 'DELETE',
                        'ResourceRecordSet': {
                            'Name': '_acme-challenge.%s' % self.fakezone,
                            'Type': 'TXT',
                            'TTL': 0,
                            'ResourceRecords': [
                                {
                                    'Value': '"%s"' % str(self.token)
                                }
                            ]
                        }
                    },
                    {
                        'Action': 'DELETE',
                        'ResourceRecordSet': {
                            'Name': '_acme-challenge.%s' % self.certname,
                            'Type': 'TXT',
                            'TTL': 0,
                            'ResourceRecords': [
                                {
                                    'Value': '"%s"' % str(self.token)
                                }
                            ]
                        }
                    }
                ]
            }
        )

    def deploy_certificate(self):
        pass

    def unchanged_cert(self):
        pass


 def main(args):
    logger = logging.getLogger()
    print(args)

    operation = args[1]
    certname = args[2]
    token = args[4]

    le = LetsEncryptRoute53HookThing(
        certname=certname,
        token=token,
        external_zone='example.com',
        external_zone_id='1234',
    )

    ops = {
        'deploy_challenge': le.create_txt_record,
        'clean_challenge': le.delete_txt_record,
        'deploy_cert': le.deploy_certificate,
        'unchanged_cert': le.unchanged_cert,
    }

    logger.info('route53 hook executing %s' % operation)
    ops[operation]()


 if __name__ == '__main__':
    main(sys.argv)
	#! /usr/bin/env python3
	# vim: set fileencoding=UTF-8

	""" letsencrypt_dns_hook.py: Used as a hook script for dehydrated.sh during
	validation for a given name to modify the route53 DNS records necessary to
	provide proof of domain ownership.
	"""

	__author__ = "Zach Leslie"
	__copyright__ = "Copyright 2016, OtoAnalytics"
	__license__ = "Apache2"
	__version__ = "1.0.1"
	__maintainer__ = "Zach Leslie"


	import logging
	import sys
	import boto3
	import time


	class LetsEncryptRoute53HookThing():
	def __init__(self, *, certname, token, external_zone, external_zone_id):
	self.external_zone = external_zone
	self.external_zone_id = external_zone_id

	self.route53 = boto3.client('route53')
	self.hostname, self.domain = certname.split(self.external_zone, 1)
	self.fakezone = certname.split('.', 1)[-1]
	self.certname = certname
	self.token = token

	def create_txt_record(self):
	results = self.route53.change_resource_record_sets(
	HostedZoneId=self.external_zone_id,
	ChangeBatch={
	'Changes': [
	{
	'Action': 'UPSERT',
	'ResourceRecordSet': {
	'Name': '_acme-challenge.%s' % self.fakezone,
	'Type': 'TXT',
	'TTL': 0,
	'ResourceRecords': [
	{
	'Value': '"%s"' % str(self.token)
	}
	]
	}
	},
	{
	'Action': 'UPSERT',
	'ResourceRecordSet': {
	'Name': '_acme-challenge.%s' % self.certname,
	'Type': 'TXT',
	'TTL': 0,
	'ResourceRecords': [
	{
	'Value': '"%s"' % str(self.token)
	}
	]
	}
	}
	]
	}
	)

	logging.info('sleeping 20 seconds')
	time.sleep(20)

	def delete_txt_record(self):
	results = self.route53.change_resource_record_sets(
	HostedZoneId=self.external_zone_id,
	ChangeBatch={
	'Changes': [
	{
	'Action': 'DELETE',
	'ResourceRecordSet': {
	'Name': '_acme-challenge.%s' % self.fakezone,
	'Type': 'TXT',
	'TTL': 0,
	'ResourceRecords': [
	{
	'Value': '"%s"' % str(self.token)
	}
	]
	}
	},
	{
	'Action': 'DELETE',
	'ResourceRecordSet': {
	'Name': '_acme-challenge.%s' % self.certname,
	'Type': 'TXT',
	'TTL': 0,
	'ResourceRecords': [
	{
	'Value': '"%s"' % str(self.token)
	}
	]
	}
	}
	]
	}
	)

	def deploy_certificate(self):
	pass

	def unchanged_cert(self):
	pass


	def main(args):
	logger = logging.getLogger()
	print(args)

	operation = args[1]
	certname = args[2]
	token = args[4]

	le = LetsEncryptRoute53HookThing(
	certname=certname,
	token=token,
	external_zone='example.com',
	external_zone_id='1234',
	)

	ops = {
	'deploy_challenge': le.create_txt_record,
	'clean_challenge': le.delete_txt_record,
	'deploy_cert': le.deploy_certificate,
	'unchanged_cert': le.unchanged_cert,
	}

	logger.info('route53 hook executing %s' % operation)
	ops[operation]()


	if __name__ == '__main__':
	main(sys.argv)