def test_get_cert_from_arn(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_cert_from_arn cert = Certificate(EXTERNAL_VALID_STR) upload_cert('123456789012', cert, PRIVATE_KEY_STR) body, chain = get_cert_from_arn( 'arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625' ) assert body.replace('\n', '') == EXTERNAL_VALID_STR.replace('\n', '')
def upload(self, name, body, private_key, cert_chain, options, **kwargs): iam.upload_cert(name, body, private_key, self.get_option('path', options), cert_chain=cert_chain, account_number=self.get_option('accountNumber', options))
def test_get_cert_from_arn(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_cert_from_arn upload_cert('123456789012', 'testCert', EXTERNAL_VALID_STR.decode('utf-8'), PRIVATE_KEY_STR.decode('utf-8')) body, chain = get_cert_from_arn( 'arn:aws:iam::123456789012:server-certificate/testCert') assert body.replace('\n', '') == EXTERNAL_VALID_STR.decode('utf-8').replace( '\n', '')
def upload(self, name, body, private_key, cert_chain, options, **kwargs): try: iam.upload_cert(find_value('accountNumber', options), name, body, private_key, cert_chain=cert_chain) except BotoServerError as e: if e.error_code != 'EntityAlreadyExists': raise Exception(e) e = find_value('elb', options) if e: elb.attach_certificate(kwargs['accountNumber'], ['region'], e['name'], e['port'], e['certificateId'])
def upload(self, name, body, private_key, cert_chain, options, **kwargs): try: iam.upload_cert( name, body, private_key, self.get_option("path", options), cert_chain=cert_chain, account_number=self.get_option("accountNumber", options), ) except ClientError: capture_exception()
def upload(self, name, body, private_key, cert_chain, options, **kwargs): try: iam.upload_cert(self.get_option('accountNumber', options), name, body, private_key, cert_chain=cert_chain) except BotoServerError as e: if e.error_code != 'EntityAlreadyExists': raise Exception(e) e = self.get_option('elb', options) if e: iam.attach_certificate(kwargs['accountNumber'], ['region'], e['name'], e['port'], e['certificateId'])
def upload(self, name, body, private_key, cert_chain, options, **kwargs): if private_key: try: iam.upload_cert(find_value('accountNumber', options), name, body, private_key, cert_chain=cert_chain) except BotoServerError as e: if e.error_code != 'EntityAlreadyExists': raise Exception(e) e = find_value('elb', options) if e: elb.attach_certificate(kwargs['accountNumber'], ['region'], e['name'], e['port'], e['certificateId']) else: raise Exception("Unable to upload to AWS, private key is required")
def test_get_all_server_certs(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_all_certificates upload_cert('123456789012', 'testCert', EXTERNAL_VALID_STR, SAN_CERT_KEY) certs = get_all_certificates('123456789012') assert len(certs) == 1
def test_get_all_server_certs(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_all_server_certs cert = Certificate(EXTERNAL_VALID_STR) upload_cert('123456789012', cert, PRIVATE_KEY_STR) certs = get_all_server_certs('123456789012') assert len(certs) == 1
def test_get_cert_from_arn(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_cert_from_arn cert = Certificate(EXTERNAL_VALID_STR) upload_cert('123456789012', cert, PRIVATE_KEY_STR) body, chain = get_cert_from_arn('arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625') assert body.replace('\n', '') == EXTERNAL_VALID_STR.replace('\n', '')
def test_get_cert_from_arn(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_cert_from_arn upload_cert('123456789012', 'testCert', EXTERNAL_VALID_STR.decode('utf-8'), PRIVATE_KEY_STR.decode('utf-8')) body, chain = get_cert_from_arn('arn:aws:iam::123456789012:server-certificate/testCert') assert body.replace('\n', '') == EXTERNAL_VALID_STR.decode('utf-8').replace('\n', '')
def test_get_all_server_certs(app): from lemur.plugins.lemur_aws.iam import upload_cert, get_all_server_certs upload_cert('123456789012', 'testCert', EXTERNAL_VALID_STR.decode('utf-8'), PRIVATE_KEY_STR.decode('utf-8')) certs = get_all_server_certs('123456789012') assert len(certs) == 1
def test_create_elb_with_https_listener_miscellaneous(app, aws_credentials): from lemur.plugins.lemur_aws import iam, elb endpoint_name = "example-lbv2" account_number = "123456789012" region_ue1 = "us-east-1" client = boto3.client("elbv2", region_name="us-east-1") ec2 = boto3.resource("ec2", region_name="us-east-1") # Create VPC vpc = ec2.create_vpc(CidrBlock="172.28.7.0/24") # Create LB (elbv2) in above VPC assert create_load_balancer(client, ec2, vpc.id, endpoint_name) # Create target group target_group_arn = create_target_group(client, vpc.id) assert target_group_arn # Test get_load_balancer_arn_from_endpoint lb_arn = elb.get_load_balancer_arn_from_endpoint( endpoint_name, account_number=account_number, region=region_ue1) assert lb_arn # Test describe_listeners_v2 listeners = elb.describe_listeners_v2(account_number=account_number, region=region_ue1, LoadBalancerArn=lb_arn) assert listeners assert not listeners["Listeners"] # Upload cert response = iam.upload_cert("LemurTestCert", "testCert", "cert1", "cert2", account_number=account_number) assert response cert_arn = response["ServerCertificateMetadata"]["Arn"] assert cert_arn # Create https listener using above cert listeners = client.create_listener( LoadBalancerArn=lb_arn, Protocol="HTTPS", Port=443, Certificates=[{ "CertificateArn": cert_arn }], DefaultActions=[{ "Type": "forward", "TargetGroupArn": target_group_arn }], ) assert listeners listener_arn = listeners["Listeners"][0]["ListenerArn"] assert listener_arn assert listeners["Listeners"] for listener in listeners["Listeners"]: if listener["Port"] == 443: assert listener["Certificates"] assert cert_arn == listener["Certificates"][0]["CertificateArn"] # Test get_listener_arn_from_endpoint assert listener_arn == elb.get_listener_arn_from_endpoint( endpoint_name, 443, account_number=account_number, region=region_ue1, )