def handler(event: typing.Any, context: typing.Any) -> typing.Mapping[str, typing.Any]:
client = boto3.client("s3")
storage = S3Storage(bucket=S3Storage.Bucket(os.environ["BUCKET"], client))
authenticators = [HTTP01Authenticator(storage=storage)]
params: typing.Any = {
"acme_account_email": os.environ["ACME_ACCOUNT_EMAIL"],
"acme_directory_url": os.environ["ACME_DIRECTORY_URL"],
"storage": storage,
}
if event["action"] == "renew":
certificates = [
certificate for certificate, _ in find_certificates_to_renew(storage)
]
failure = []
for certificate in certificates:
try:
renew(certificate=certificate, authenticators=authenticators, **params)
except Exception as exc:
logger.error(str(exc))
failure.append(certificate.name)
if len(failure) == len(certificates):
raise RuntimeError(f"All renew operations failed: {failure}")
elif event["action"] == "issue":
issue(domains=[event["domain"]], authenticators=authenticators, **params)
elif event["action"] == "revoke":
cert = storage.get_certificate(name=event["domain"])
assert cert
revoke(certificate=cert, **params)
return {"statusCode": 200}
def _minio_bucket(minio, minio_boto3_settings, minio_settings):
client = boto3.client("s3", **minio_boto3_settings)
name = minio_settings["BUCKET"]
client.create_bucket(Bucket=name)
policy = {
"Version":
"2012-10-17",
"Statement": [{
"Sid":
"AddPerm",
"Effect":
"Allow",
"Principal":
"*",
"Action": ["s3:GetObject"],
"Resource": [f"arn:aws:s3:::{name}/.well-known/acme-challenge/*"],
}],
}
client.put_bucket_policy(Bucket=name, Policy=json.dumps(policy))
return S3Storage.Bucket(name, client)
def bucket(s3, minio_settings):
name = minio_settings["BUCKET"]
s3.create_bucket(
Bucket=name,
CreateBucketConfiguration={"LocationConstraint": "ap-southeast-2"})
policy = {
"Version":
"2012-10-17",
"Statement": [{
"Sid":
"AddPerm",
"Effect":
"Allow",
"Principal":
"*",
"Action": ["s3:GetObject"],
"Resource": [f"arn:aws:s3:::{name}/.well-known/acme-challenge/*"],
}],
}
s3.put_bucket_policy(Bucket=name, Policy=json.dumps(policy))
return S3Storage.Bucket(name, s3)