def disable_distribution(operation_id: int, **kwargs):
db = kwargs["db"]
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
try:
distribution_config = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
distribution_config["DistributionConfig"]["Enabled"] = False
cloudfront.update_distribution(
DistributionConfig=distribution_config["DistributionConfig"],
Id=service_instance.cloudfront_distribution_id,
IfMatch=distribution_config["ETag"],
)
except cloudfront.exceptions.NoSuchDistribution:
return
def add_logging_to_bucket(operation_id: str, **kwargs):
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
config_response = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
dist_config = config_response["DistributionConfig"]
etag = config_response["ETag"]
if not dist_config["Logging"]["Enabled"]:
dist_config["Logging"] = {
"Enabled": True,
"IncludeCookies": False,
"Bucket": config.CDN_LOG_BUCKET,
"Prefix": f"{service_instance.id}/",
}
cloudfront.update_distribution(
DistributionConfig=dist_config,
Id=service_instance.cloudfront_distribution_id,
IfMatch=etag,
)
def update_distribution(operation_id: str, **kwargs):
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
certificate = service_instance.new_certificate
operation.step_description = "Updating CloudFront distribution"
flag_modified(operation, "step_description")
db.session.add(operation)
db.session.commit()
config_response = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
etag = config_response["ETag"]
config = config_response["DistributionConfig"]
config["ViewerCertificate"][
"IAMCertificateId"] = certificate.iam_server_certificate_id
config["Origins"]["Items"][0][
"DomainName"] = service_instance.cloudfront_origin_hostname
config["Origins"]["Items"][0][
"OriginPath"] = service_instance.cloudfront_origin_path
config["Origins"]["Items"][0]["CustomOriginConfig"][
"OriginProtocolPolicy"] = service_instance.origin_protocol_policy
config["DefaultCacheBehavior"]["ForwardedValues"][
"Cookies"] = get_cookie_policy(service_instance)
config["DefaultCacheBehavior"]["ForwardedValues"][
"Headers"] = get_header_policy(service_instance)
config["Aliases"] = get_aliases(service_instance)
config["CustomErrorResponses"] = get_custom_error_responses(
service_instance)
cloudfront.update_distribution(
DistributionConfig=config,
Id=service_instance.cloudfront_distribution_id,
IfMatch=etag,
)
service_instance.current_certificate = certificate
service_instance.new_certificate = None
db.session.add(service_instance)
db.session.commit()
def update_certificate(operation_id: str, **kwargs):
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
operation.step_description = "Updating CloudFront distribution certificate"
flag_modified(operation, "step_description")
db.session.add(operation)
db.session.commit()
config = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
config["DistributionConfig"]["ViewerCertificate"][
"IAMCertificateId"] = service_instance.new_certificate.iam_server_certificate_id
cloudfront.update_distribution(
DistributionConfig=config["DistributionConfig"],
Id=service_instance.cloudfront_distribution_id,
IfMatch=config["ETag"],
)
service_instance.current_certificate = service_instance.new_certificate
service_instance.new_certificate = None
db.session.add(service_instance)
db.session.commit()
def remove_s3_bucket_from_cdn_broker_instance(operation_id: str, **kwargs):
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
config_response = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
etag = config_response["ETag"]
config = config_response["DistributionConfig"]
acme_challenge_origin_id = None
for item in config["CacheBehaviors"].get("Items", []):
if item["PathPattern"] == "/.well-known/acme-challenge/*":
acme_challenge_origin_id = item["TargetOriginId"]
if acme_challenge_origin_id is not None:
cache_behaviors = {}
cache_behavior_items = [
item for item in config["CacheBehaviors"]["Items"]
if item["TargetOriginId"] != acme_challenge_origin_id
]
if cache_behavior_items:
cache_behaviors["Items"] = cache_behavior_items
cache_behaviors["Quantity"] = len(cache_behavior_items)
origins = {}
origin_items = [
item for item in config["Origins"]["Items"]
if item["Id"] != acme_challenge_origin_id
]
if origin_items:
origins["Items"] = origin_items
origins["Quantity"] = len(origin_items)
config["Origins"] = origins
config["CacheBehaviors"] = cache_behaviors
config[
"Comment"] = "external domain service https://cloud-gov/external-domain-broker"
cloudfront.update_distribution(
DistributionConfig=config,
Id=service_instance.cloudfront_distribution_id,
IfMatch=etag,
)
def disable_distribution(operation_id: int, **kwargs):
operation = Operation.query.get(operation_id)
service_instance = operation.service_instance
operation.step_description = "Disabling CloudFront distribution"
flag_modified(operation, "step_description")
db.session.add(operation)
db.session.commit()
if service_instance.cloudfront_distribution_id is None:
return
try:
distribution_config = cloudfront.get_distribution_config(
Id=service_instance.cloudfront_distribution_id)
distribution_config["DistributionConfig"]["Enabled"] = False
cloudfront.update_distribution(
DistributionConfig=distribution_config["DistributionConfig"],
Id=service_instance.cloudfront_distribution_id,
IfMatch=distribution_config["ETag"],
)
except cloudfront.exceptions.NoSuchDistribution:
return