def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return for endpoint in endpoints: exists = endpoint_service.get_by_dnsname(endpoint['dnsname']) certificate_name = endpoint.pop('certificate_name', None) certificate = endpoint.pop('certificate', None) if certificate_name: current_app.logger.debug(certificate_name) cert = cert_service.get_by_name(certificate_name) elif certificate: cert = cert_service.get_by_body(certificate['body']) if not cert: cert = cert_service.import_certificate(**certificate) if not cert: current_app.logger.error( "Unable to find associated certificate, be sure that certificates are sync'ed before endpoints" ) continue endpoint['certificate'] = cert policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) endpoint['source'] = source if not exists: endpoint_service.create(**endpoint) new += 1 else: endpoint_service.update(exists.id, **endpoint) updated += 1 _disassociate_endpoints_from_source(endpoints, source)
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return new, updated for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port( endpoint["dnsname"], endpoint["port"]) certificate_name = endpoint.pop("certificate_name") endpoint["certificate"] = certificate_service.get_by_name( certificate_name) if not endpoint["certificate"]: current_app.logger.error( "Certificate Not Found. Name: {0} Endpoint: {1}".format( certificate_name, endpoint["name"])) continue policy = endpoint.pop("policy") policy_ciphers = [] for nc in policy["ciphers"]: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy["ciphers"] = policy_ciphers endpoint["policy"] = endpoint_service.get_or_create_policy(**policy) endpoint["source"] = source if not exists: current_app.logger.debug( "Endpoint Created: Name: {name}".format(name=endpoint["name"])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format(source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning("Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'".format(source.label)) return for endpoint in endpoints: exists = endpoint_service.get_by_dnsname(endpoint['dnsname']) certificate_name = endpoint.pop('certificate_name', None) certificate = endpoint.pop('certificate', None) if certificate_name: current_app.logger.debug(certificate_name) cert = cert_service.get_by_name(certificate_name) elif certificate: cert = cert_service.get_by_body(certificate['body']) if not cert: cert = cert_service.import_certificate(**certificate) if not cert: current_app.logger.error( "Unable to find associated certificate, be sure that certificates are sync'ed before endpoints") continue endpoint['certificate'] = cert policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append(endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) if not exists: endpoint_service.create(**endpoint) new += 1 else: endpoint_service.update(exists.id, **endpoint) updated += 1 _disassociate_endpoints_from_source(endpoints, source)
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format(source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning("Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'".format(source.label)) return new, updated for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port(endpoint['dnsname'], endpoint['port']) certificate_name = endpoint.pop('certificate_name') endpoint['certificate'] = certificate_service.get_by_name(certificate_name) if not endpoint['certificate']: current_app.logger.error( "Certificate Not Found. Name: {0} Endpoint: {1}".format(certificate_name, endpoint['name'])) continue policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append(endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) endpoint['source'] = source if not exists: current_app.logger.debug("Endpoint Created: Name: {name}".format(name=endpoint['name'])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated
def sync_endpoints(source): new, updated, updated_by_hash = 0, 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return new, updated, updated_by_hash for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port( endpoint["dnsname"], endpoint["port"]) certificate_name = endpoint.pop("certificate_name") endpoint["certificate"] = certificate_service.get_by_name( certificate_name) # if get cert by name failed, we attempt a search via serial number and hash comparison # and link the endpoint certificate to Lemur certificate if not endpoint["certificate"]: certificate_attached_to_endpoint = None try: certificate_attached_to_endpoint = s.get_certificate_by_name( certificate_name, source.options) except NotImplementedError: current_app.logger.warning( "Unable to describe server certificate for endpoints in source {0}:" " plugin has not implemented 'get_certificate_by_name'". format(source.label)) sentry.captureException() if certificate_attached_to_endpoint: lemur_matching_cert, updated_by_hash_tmp = find_cert( certificate_attached_to_endpoint) updated_by_hash += updated_by_hash_tmp if lemur_matching_cert: endpoint["certificate"] = lemur_matching_cert[0] if len(lemur_matching_cert) > 1: current_app.logger.error( "Too Many Certificates Found{0}. Name: {1} Endpoint: {2}" .format(len(lemur_matching_cert), certificate_name, endpoint["name"])) metrics.send("endpoint.certificate.conflict", "gauge", len(lemur_matching_cert), metric_tags={ "cert": certificate_name, "endpoint": endpoint["name"], "acct": s.get_option("accountNumber", source.options) }) if not endpoint["certificate"]: current_app.logger.error({ "message": "Certificate Not Found", "certificate_name": certificate_name, "endpoint_name": endpoint["name"], "dns_name": endpoint.get("dnsname"), "account": s.get_option("accountNumber", source.options), }) metrics.send("endpoint.certificate.not.found", "counter", 1, metric_tags={ "cert": certificate_name, "endpoint": endpoint["name"], "acct": s.get_option("accountNumber", source.options), "dnsname": endpoint.get("dnsname") }) continue policy = endpoint.pop("policy") policy_ciphers = [] for nc in policy["ciphers"]: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy["ciphers"] = policy_ciphers endpoint["policy"] = endpoint_service.get_or_create_policy(**policy) endpoint["source"] = source if not exists: current_app.logger.debug( "Endpoint Created: Name: {name}".format(name=endpoint["name"])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated, updated_by_hash