def get(self, destination_id):
"""
.. http:get:: /destinations/1
Get a specific account
**Example request**:
.. sourcecode:: http
GET /destinations/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"description": "test",
"options": [{
"name": "accountNumber",
"required": true,
"value": "111111111111111",
"helpMessage": "Must be a valid AWS account number!",
"validation": "/^[0-9]{12,12}$/",
"type": "str"
}],
"id": 4,
"plugin": {
"pluginOptions": [{
"name": "accountNumber",
"required": true,
"value": "111111111111111",
"helpMessage": "Must be a valid AWS account number!",
"validation": "/^[0-9]{12,12}$/",
"type": "str"
}],
"description": "Allow the uploading of certificates to AWS IAM",
"slug": "aws-destination",
"title": "AWS"
},
"label": "test546"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return service.get(destination_id)
def get(self, destination_id):
"""
.. http:get:: /destinations/1
Get a specific account
**Example request**:
.. sourcecode:: http
GET /destinations/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"description": "test",
"options": [{
"name": "accountNumber",
"required": true,
"value": "111111111111111",
"helpMessage": "Must be a valid AWS account number!",
"validation": "/^[0-9]{12,12}$/",
"type": "str"
}],
"id": 4,
"plugin": {
"pluginOptions": [{
"name": "accountNumber",
"required": true,
"value": "111111111111111",
"helpMessage": "Must be a valid AWS account number!",
"validation": "/^[0-9]{12,12}$/",
"type": "str"
}],
"description": "Allow the uploading of certificates to AWS IAM",
"slug": "aws-destination",
"title": "AWS"
},
"label": "test546"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return service.get(destination_id)
def cleanup(self, token_path, validation_target):
destination = destination_service.get(validation_target)
if destination is None:
current_app.logger.info(
'Couldn\'t find the destination with name {}, won\'t cleanup the challenge'
.format(validation_target))
destination_plugin = plugins.get(destination.plugin_name)
destination_plugin.delete_acme_token(token_path, destination.options)
current_app.logger.info("Cleaned up HTTP-01 challenge token.")
def certificate_check_destination(cert_id, dest_id):
"""
This celery task checks a certificate, destination pair
to verify that the certficate has been uploaded and uploads
it if it hasn't
:return:
"""
function = f"{__name__}.{sys._getframe().f_code.co_name}"
logger = logging.getLogger(function)
task_id = None
if celery.current_task:
task_id = celery.current_task.request.id
log_data = {
"task_id": task_id,
}
if task_id and is_task_active(function, task_id, None):
logger.debug("Skipping task: Task is already active", extra=log_data)
return log_data
cert = certificate_service.get(cert_id)
dest = destinations_service.get(dest_id)
if not cert:
raise RuntimeError(
f"certificate (id={cert_id}) does not exist in database")
# populate log data
log_data["certificate"] = cert.name
log_data["destination"] = str(dest)
logger.debug("verifying certificate/destination pair", extra=log_data)
uploaded = dest.plugin.verify(cert.name, dest.options)
if not uploaded:
logger.info("uploading certificate to destination", extra=log_data)
dest.plugin.upload(cert.name, cert.body, cert.private_key, cert.chain,
dest.options)
logger.info("certificate uploaded to destination", extra=log_data)
metrics.send(f"{function}.destination_missing_cert_resolved",
"counter", 1)
# at this point, the certificate MUST exist on the destination
logger.debug("certificate/destination pair valid", extra=log_data)
metrics.send(f"{function}.destination_certificate_valid", "counter", 1)
return log_data
def deploy(self, challenge, acme_client, validation_target):
if not isinstance(challenge.chall, challenges.HTTP01):
raise AcmeChallengeMissmatchError(
'The provided challenge is not of type HTTP01, but instead of type {}'
.format(challenge.__class__.__name__))
destination = destination_service.get(validation_target)
if destination is None:
raise Exception(
'Couldn\'t find the destination with name {}. Cant complete HTTP01 challenge'
.format(validation_target))
destination_plugin = plugins.get(destination.plugin_name)
response, validation = challenge.response_and_validation(
acme_client.net.key)
destination_plugin.upload_acme_token(challenge.chall.path, validation,
destination.options)
current_app.logger.info("Uploaded HTTP-01 challenge token.")
return response
