def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) arn = iam.create_arn_from_cert(account_number, region, certificate.name) if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) else: elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) if endpoint.type == "cloudfront": cert = iam.get_certificate(certificate.name, account_number=account_number) if not cert: return None cert_id = cert["ServerCertificateMetadata"]["ServerCertificateId"] cloudfront.attach_certificate(endpoint.name, cert_id, account_number=account_number) return if endpoint.type not in ["elb", "elbv2"]: raise NotImplementedError() # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) if endpoint.registry_type == 'iam': arn = iam.create_arn_from_cert(account_number, region, certificate.name, endpoint.certificate_path) else: raise Exception( f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry" ) if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) elif endpoint.type == "elb": elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def test_create_arn_from_cert(): from lemur.plugins.lemur_aws.iam import create_arn_from_cert account_number = '123456789012' certificate_name = 'tttt2.netflixtest.net-NetflixInc-20150624-20150625' region = '' # not used arn = "arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "" assert (create_arn_from_cert(account_number, region, certificate_name, path) == arn) arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront" assert (create_arn_from_cert(account_number, region, certificate_name, path) == arn) arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront/2" assert (create_arn_from_cert(account_number, region, certificate_name, path) == arn)
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option('accountNumber', options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) arn = iam.create_arn_from_cert(account_number, region, certificate.name) elb.attach_certificate(endpoint.name, endpoint.port, arn, account_number=account_number, region=region)
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option('accountNumber', options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) arn = iam.create_arn_from_cert(account_number, region, certificate.name) if endpoint.type == 'elbv2': listener_arn = elb.get_listener_arn_from_endpoint(endpoint.name, endpoint.port, account_number=account_number, region=region) elb.attach_certificate_v2(listener_arn, endpoint.port, [{'CertificateArn': arn}], account_number=account_number, region=region) else: elb.attach_certificate(endpoint.name, endpoint.port, arn, account_number=account_number, region=region)
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) if endpoint.registry_type == 'iam': arn = iam.create_arn_from_cert(account_number, region, certificate.name, endpoint.certificate_path) else: raise Exception( f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry" ) return if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) else: elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def test_create_arn_from_cert(): from lemur.plugins.lemur_aws.iam import create_arn_from_cert account_number = '123456789012' certificate_name = 'tttt2.netflixtest.net-NetflixInc-20150624-20150625' partition_commercial = 'aws' partition_gov = 'aws-us-gov' partition_cn = 'aws-cn' arn = "arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "" assert ( create_arn_from_cert(account_number, partition_commercial, certificate_name, path) == arn ) arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront" assert ( create_arn_from_cert(account_number, partition_commercial, certificate_name, path) == arn ) arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront/2" assert ( create_arn_from_cert(account_number, partition_commercial, certificate_name, path) == arn ) arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront/2" assert ( create_arn_from_cert(account_number, partition_commercial, certificate_name, path) == arn ) arn = "arn:aws-us-gov:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront/2" assert ( create_arn_from_cert(account_number, partition_gov, certificate_name, path) == arn ) arn = "arn:aws-cn:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" path = "cloudfront/2" assert ( create_arn_from_cert(account_number, partition_cn, certificate_name, path) == arn )