def provision(self):
"""
Creates a certificate if one does not exists, then adds DNS validation records
to the Route53 Hosted Zone.
"""
for acm_config in self.cert_config_list:
cert_config = acm_config['config']
if cert_config.is_enabled() == False:
continue
if cert_config.external_resource == True:
return
if 'cert_arn_cache' in acm_config.keys():
continue
cert_domain = cert_config.domain_name
acm_client = DNSValidatedACMCertClient(acm_config['account_ctx'],
cert_domain,
acm_config['region'])
# Create the certificate if it does not exists
cert_arn = acm_client.get_certificate_arn()
if cert_arn == None:
action = 'Create'
else:
action = 'Cache'
self.paco_ctx.log_action_col(
'Provision',
action,
acm_config['account_ctx'].get_name() + '.' +
acm_config['region'],
'boto3: ' + cert_config.domain_name + ': alt-names: {}'.format(
cert_config.subject_alternative_names),
col_2_size=9)
cert_arn = acm_client.request_certificate(
cert_arn, cert_config.private_ca,
cert_config.subject_alternative_names)
acm_config['cert_arn_cache'] = cert_arn
# Private CA Certs are automatically validated. No need for DNS.
if cert_config.private_ca == None:
validation_records = None
while validation_records == None:
validation_records = acm_client.get_domain_validation_records(
cert_arn)
if len(
validation_records
) == 0 or 'ResourceRecord' not in validation_records[0]:
self.paco_ctx.log_action_col(
'Waiting',
'DNS',
acm_config['account_ctx'].get_name() + '.' +
acm_config['region'],
'DNS validation record: ' +
cert_config.domain_name,
col_2_size=9)
time.sleep(2)
validation_records = None
acm_client.create_domain_validation_records(cert_arn)
def get_outputs(self):
"Get all Outputs of a Resource"
acm_client = DNSValidatedACMCertClient(
self.account_ctx,
self.resource.domain_name,
self.cert_aws_region,
)
cert_arn = acm_client.get_certificate_arn()
return {'ViewerCertificateArn': cert_arn}
def resolve_ref(self, ref):
if ref.last_part == 'arn':
group_id = '.'.join(ref.parts[:-1])
cert_id = ref.parts[-2]
res_config = self.get_cert_config(group_id, cert_id)
if 'cert_arn_cache' in res_config.keys():
return res_config['cert_arn_cache']
acm_client = DNSValidatedACMCertClient(
res_config['account_ctx'], res_config['config'].domain_name,
ref.region)
if acm_client:
cert_arn = acm_client.get_certificate_arn()
if cert_arn == None:
self.provision()
cert_arn = acm_client.get_certificate_arn()
if res_config['config'].external_resource == False:
acm_client.wait_for_certificate_validation(cert_arn)
return cert_arn
else:
raise StackException(PacoErrorCode.Unknown)
raise StackException(PacoErrorCode.Unknown)
def provision(self):
"""
Creates a certificate if one does not exists, then adds DNS validation records
to the Route53 Hosted Zone.
"""
if not self.enabled:
return
if self.resource.external_resource == True:
return
acm_client = DNSValidatedACMCertClient(self.account_ctx,
self.resource.domain_name,
self.cert_aws_region)
# Create the certificate if it does not exists
cert_arn = acm_client.get_certificate_arn()
if cert_arn == None:
action = 'Create'
elif self.paco_ctx.nocache == True:
action = 'Update'
else:
action = 'Cache'
self.paco_ctx.log_action_col(
'Provision',
action,
self.account_ctx.get_name() + '.' + self.cert_aws_region,
f'boto3: {self.resource.domain_name}: alt-names: {self.resource.subject_alternative_names}',
col_2_size=9)
cert_arn = acm_client.request_certificate(
cert_arn, self.resource.private_ca,
self.resource.subject_alternative_names)
self.cert_arn_cache = cert_arn
# Private CA Certs are automatically validated. No need for DNS.
if self.resource.private_ca == None:
validation_records = None
while validation_records == None:
validation_records = acm_client.get_domain_validation_records(
cert_arn)
if len(validation_records
) == 0 or 'ResourceRecord' not in validation_records[0]:
self.paco_ctx.log_action_col('Waiting',
'DNS',
self.account_ctx.get_name() +
'.' + self.cert_aws_region,
'DNS validation record: ' +
self.resource.domain_name,
col_2_size=9)
time.sleep(2)
validation_records = None
acm_client.create_domain_validation_records(cert_arn)
if self.resource.external_resource == False:
acm_client.wait_for_certificate_validation(cert_arn)