Example #1
0
    def provision(self):
        """
        Creates a certificate if one does not exists, then adds DNS validation records
        to the Route53 Hosted Zone.
        """
        if not self.enabled:
            return
        if self.resource.external_resource == True:
            return
        acm_client = DNSValidatedACMCertClient(self.account_ctx,
                                               self.resource.domain_name,
                                               self.cert_aws_region)

        # Create the certificate if it does not exists
        cert_arn = acm_client.get_certificate_arn()
        if cert_arn == None:
            action = 'Create'
        elif self.paco_ctx.nocache == True:
            action = 'Update'
        else:
            action = 'Cache'
        self.paco_ctx.log_action_col(
            'Provision',
            action,
            self.account_ctx.get_name() + '.' + self.cert_aws_region,
            f'boto3: {self.resource.domain_name}: alt-names: {self.resource.subject_alternative_names}',
            col_2_size=9)
        cert_arn = acm_client.request_certificate(
            cert_arn, self.resource.private_ca,
            self.resource.subject_alternative_names)
        self.cert_arn_cache = cert_arn
        # Private CA Certs are automatically validated. No need for DNS.
        if self.resource.private_ca == None:
            validation_records = None
            while validation_records == None:
                validation_records = acm_client.get_domain_validation_records(
                    cert_arn)
                if len(validation_records
                       ) == 0 or 'ResourceRecord' not in validation_records[0]:
                    self.paco_ctx.log_action_col('Waiting',
                                                 'DNS',
                                                 self.account_ctx.get_name() +
                                                 '.' + self.cert_aws_region,
                                                 'DNS validation record: ' +
                                                 self.resource.domain_name,
                                                 col_2_size=9)
                    time.sleep(2)
                    validation_records = None
            acm_client.create_domain_validation_records(cert_arn)
        if self.resource.external_resource == False:
            acm_client.wait_for_certificate_validation(cert_arn)
Example #2
0
 def resolve_ref(self, ref):
     if ref.last_part == 'arn':
         group_id = '.'.join(ref.parts[:-1])
         cert_id = ref.parts[-2]
         res_config = self.get_cert_config(group_id, cert_id)
         if 'cert_arn_cache' in res_config.keys():
             return res_config['cert_arn_cache']
         acm_client = DNSValidatedACMCertClient(
             res_config['account_ctx'], res_config['config'].domain_name,
             ref.region)
         if acm_client:
             cert_arn = acm_client.get_certificate_arn()
             if cert_arn == None:
                 self.provision()
                 cert_arn = acm_client.get_certificate_arn()
             if res_config['config'].external_resource == False:
                 acm_client.wait_for_certificate_validation(cert_arn)
             return cert_arn
         else:
             raise StackException(PacoErrorCode.Unknown)
     raise StackException(PacoErrorCode.Unknown)