def generate_chain(chain, session): result = b'' for cert in chain: result += read_file_from_url(cert, aws_session=session) return result
from urllib.parse import urlparse import yaml from ex_py_commons.session import boto_session from ex_py_commons.file import read_file_from_url, \ concatenate_files_from_urls class Default(dict): def __missing__(self, key): return '{' + key + '}' role_arn = os.environ.get('ROLE_ARN') config_url = os.environ['CONFIG_URL'] session = boto_session(role_arn) config = yaml.load(read_file_from_url(config_url, aws_session=session)) haproxy_config_replacements = Default() key_path = '/bootstrap/key.pem' with open(key_path, 'wb') as f: url = config['SSL']['server_key'] f.write(read_file_from_url(url, aws_session=session)) passphrase = config['SSL']['server_key_passphrase'] if urlparse(passphrase).scheme != '': passphrase = read_file_from_url(passphrase, aws_session=session).decode() # haproxy doesn't support key with passprhase so remove it check_call(['openssl', 'rsa', '-in', key_path, '-passin', 'pass:'******'-out', key_path]) # haproxy crt requires Cert -> Key -> Chain
import os, subprocess, yaml from ex_py_commons.session import boto_session from ex_py_commons.file import read_file_from_url def generate_chain(chain, session): result = b'' for cert in chain: result += read_file_from_url(cert, aws_session=session) return result role_arn = os.environ.get('ROLE_ARN') config = os.environ['CONFIG'] session = boto_session(role_arn) config = yaml.load(read_file_from_url(config, aws_session=session)) with open('/bootstrap/haproxy.cfg', 'wb') as haproxy_config: url = config['HAPROXY']['config'] haproxy_config.write(read_file_from_url(url, aws_session=session)) cert_path = '/bootstrap/certificate.pem' with open(cert_path, 'wb') as cert: url = config['SSL']['certificate'] cert.write(read_file_from_url(url, aws_session=session)) key_path = '/bootstrap/key.pem' with open(key_path, 'wb') as key: url = config['SSL']['certificate_authority'] key.write(read_file_from_url(url, aws_session=session)) passphrase = config['SSL']['certificate_authority_passphrase']