Add AWS S3 bucket deploy hook

2025-05-08 22:12:44 +00:00 · 2018-03-09 16:39:13 +00:00 · 2018-03-09 16:39:13 +00:00 · 161bc77093
commit 161bc77093
parent 639f402b69
2 changed files with 86 additions and 1 deletions
--- a/common/aws.sh
+++ b/common/aws.sh
@ -9,6 +9,9 @@
 #
 #   R53: _aws r53 <verb> <path> [query] [xml]
 #        _aws r53 GET /2013-04-01/hostedzone maxitems=2
+#
+#   S3:  _aws s3 <verb> <bucket> <path> <region> [query] [headers] [data]
+#        _aws s3 PUT a-bucket /prefix/notes.txt us-east-1 <notes.txt

 _aws() {
  _svc="$1" # _args=...
@ -44,6 +47,32 @@ _aws_svc_r53() {
    '' "$_xml"
 }

+_aws_svc_s3() {
+  _verb="$1" _bucket="$2" _path="$3" _region="$4" _query="$5" _headers="$6"
+
+  if [ -t 0 ]; then
+    _data="$7"
+  else
+    unset _data
+    while read -r _line; do
+      _data="$_data$_line$n"
+    done
+    _data="$_data$_line"
+  fi
+
+  _hash="x-amz-content-sha256:$(printf %s "$_data" | _digest sha256 hex)"
+  if _contains "$_bucket" '.'; then
+    _host="s3.$_region.amazonaws.com"
+    _path="/$_bucket$_path"
+  else
+    _host="$_bucket.s3.$_region.amazonaws.com"
+  fi
+
+  _aws_wrap '<Error' \
+    "$_verb" "$_host" "$_path" "$_query" "$_region/s3" \
+    "$_hash$n$_headers" "$_data"
+}
+
 # core

 _aws_wrap() {
@ -134,7 +163,8 @@ _aws_req4() {
  case "$(printf %s "$_verb" | tr '[:upper:]' '[:lower:]')" in
  get) _get "$_url" ;;
  post) _post "$_data" "$_url" ;;
-  *) _err '_aws only supports get and post' ;;
+  put) _post "$_data" "$_url" '' PUT ;;
+  *) _err '_aws only supports get, post and put' ;;
  esac
 }

--- a/deploy/aws_s3.sh
+++ b/deploy/aws_s3.sh
@ -0,0 +1,55 @@
+#!/usr/bin/env sh
+
+#Here is a script to deploy cert to an Amazon S3 bucket.
+
+#returns 0 means success, otherwise error.
+
+# shellcheck source=common/aws.sh
+. "$LE_WORKING_DIR/common/aws.sh"
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+aws_s3_deploy() {
+  _cdomain="$1" _ckey="$2" _ccert="$3" _cca="$4" _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  _bucket="${AWS_S3_BUCKET:-$(_readdomainconf Aws_S3_Bucket)}"
+  _prefix="${AWS_S3_PREFIX:-$(_readdomainconf Aws_S3_Prefix)}"
+  _region="${AWS_S3_REGION:-$(_readdomainconf Aws_S3_Region)}"
+
+  if [ -z "$_bucket" ]; then
+    _err "no S3 bucket to use when deploying $_cdomain"
+    return 1
+  fi
+  if [ -z "$_region" ]; then
+    _err "no S3 region to use when deploying $_cdomain"
+    return 1
+  fi
+
+  _savedomainconf Aws_S3_Bucket "$_bucket"
+  _savedomainconf Aws_S3_Prefix "$_prefix"
+  _savedomainconf Aws_S3_Region "$_region"
+
+  _debug _bucket "$_bucket"
+  _debug _prefix "$_prefix"
+  _debug _region "$_region"
+
+  _prefix="$(printf '/%s/' "$_prefix" | sed "s:%cn:$_cdomain:g; s://\+:/:g")"
+
+  _debug _prefix "$_prefix"
+
+  for _file in "$_ckey" "$_ccert" "$_cca" "$_cfullchain"; do
+    if ! _aws s3 PUT "$_bucket" "$_prefix${_file##*/}" "$_region" <"$_file" >/dev/null; then
+      _err "unable to deploy $_file to s3://$_bucket$_prefix in $_region"
+      _ret=2
+    fi
+  done
+
+  return $_ret
+}