def queue_all_deprovision_tasks_for_operation(operation_id: int,
correlation_id: str):
if correlation_id is None:
raise RuntimeError("correlation_id must be set")
if operation_id is None:
raise RuntimeError("operation_id must be set")
task_pipeline = (route53.remove_ALIAS_records.s(
operation_id, correlation_id=correlation_id).then(
route53.remove_TXT_records,
operation_id,
correlation_id=correlation_id).then(
cloudfront.disable_distribution,
operation_id,
correlation_id=correlation_id).then(
cloudfront.wait_for_distribution_disabled,
operation_id,
correlation_id=correlation_id,
).then(
cloudfront.delete_distribution,
operation_id=operation_id,
correlation_id=correlation_id,
).then(iam.delete_server_certificate,
operation_id,
correlation_id=correlation_id).then(
finalize.deprovision,
operation_id,
correlation_id=correlation_id))
huey.enqueue(task_pipeline)
def queue_all_migration_deprovision_tasks_for_operation(
operation_id: int, correlation_id: str
):
if correlation_id is None:
raise RuntimeError("correlation_id must be set")
if operation_id is None:
raise RuntimeError("operation_id must be set")
correlation = {"correlation_id": correlation_id}
task_pipeline = update_operations.deprovision.s(operation_id, **correlation)
huey.enqueue(task_pipeline)
def queue_all_cdn_renewal_tasks_for_operation(operation_id, **kwargs):
correlation = {"correlation_id": "Renewal"}
task_pipeline = (
letsencrypt.generate_private_key.s(operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(cloudfront.update_certificate, operation_id, **correlation)
.then(iam.delete_previous_server_certificate, operation_id, **correlation)
.then(update_operations.provision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def queue_all_provision_tasks_for_operation(operation_id: int,
correlation_id: str):
if correlation_id is None:
raise RuntimeError("correlation_id must be set")
if operation_id is None:
raise RuntimeError("operation_id must be set")
task_pipeline = (letsencrypt.create_user.s(
operation_id, correlation_id=correlation_id).then(
letsencrypt.generate_private_key,
operation_id,
correlation_id=correlation_id,
).then(letsencrypt.initiate_challenges,
operation_id,
correlation_id=correlation_id).then(
route53.create_TXT_records,
operation_id,
correlation_id=correlation_id).then(
route53.wait_for_changes,
operation_id,
correlation_id=correlation_id).then(
letsencrypt.answer_challenges,
operation_id,
correlation_id=correlation_id).then(
letsencrypt.retrieve_certificate,
operation_id,
correlation_id=correlation_id,
).then(
iam.upload_server_certificate,
operation_id,
correlation_id=correlation_id).then(
cloudfront.create_distribution,
operation_id,
correlation_id=correlation_id).then(
cloudfront.wait_for_distribution,
operation_id,
correlation_id=correlation_id,
).then(
route53.create_ALIAS_records,
operation_id,
correlation_id=correlation_id).then(
route53.wait_for_changes,
operation_id,
correlation_id=correlation_id).then(
finalize.provision,
operation_id,
correlation_id=correlation_id))
huey.enqueue(task_pipeline)
def queue_all_alb_deprovision_tasks_for_operation(
operation_id: int, correlation_id: str
):
if correlation_id is None:
raise RuntimeError("correlation_id must be set")
if operation_id is None:
raise RuntimeError("operation_id must be set")
correlation = {"correlation_id": correlation_id}
task_pipeline = (
update_operations.cancel_pending_provisioning.s(operation_id, **correlation)
.then(route53.remove_ALIAS_records, operation_id, **correlation)
.then(route53.remove_TXT_records, operation_id, **correlation)
.then(alb.remove_certificate_from_alb, operation_id, **correlation)
.then(iam.delete_server_certificate, operation_id, **correlation)
.then(update_operations.deprovision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def cdn_instance_needing_renewal(clean_db, tasks):
"""
create a cdn service instance that needs renewal.
This includes walking it through the first few ACME steps to create a user so we can reuse that user.
"""
renew_service_instance = CDNServiceInstanceFactory.create(
id="4321",
domain_names=["example.com", "foo.com"],
domain_internal="fake1234.cloudfront.net",
route53_alias_hosted_zone="Z2FDTNDATAQYW2",
cloudfront_distribution_id="FakeDistributionId",
cloudfront_origin_hostname="origin_hostname",
)
current_cert = CertificateFactory.create(
id=1001,
service_instance=renew_service_instance,
expires_at=datetime.now() + timedelta(days=29),
iam_server_certificate_id="certificate_id",
iam_server_certificate_name="certificate_name",
iam_server_certificate_arn="certificate_arn",
private_key_pem="SOMEPRIVATEKEY",
)
renew_service_instance.current_certificate = current_cert
db.session.add(renew_service_instance)
db.session.add(current_cert)
db.session.commit()
db.session.expunge_all()
# create an operation, since that's what our task pipelines know to look for
operation = OperationFactory.create(
service_instance=renew_service_instance)
db.session.refresh(operation)
db.session.commit()
huey.enqueue(create_user.s(operation.id))
tasks.run_queued_tasks_and_enqueue_dependents()
huey.enqueue(generate_private_key.s(operation.id))
tasks.run_queued_tasks_and_enqueue_dependents()
# delete the operation to simplify checks on operations later
db.session.delete(operation)
db.session.commit()
return renew_service_instance
def queue_all_cdn_update_tasks_for_operation(operation_id, correlation_id):
correlation = {"correlation_id": correlation_id}
task_pipeline = (
letsencrypt.generate_private_key.s(operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(cloudfront.update_distribution, operation_id, **correlation)
.then(cloudfront.wait_for_distribution, operation_id, **correlation)
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(iam.delete_previous_server_certificate, operation_id, **correlation)
.then(update_operations.update_complete, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def queue_all_alb_update_tasks_for_operation(operation_id, correlation_id):
correlation = {"correlation_id": correlation_id}
task_pipeline = (
letsencrypt.generate_private_key.s(operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(alb.select_alb, operation_id, **correlation)
.then(alb.add_certificate_to_alb, operation_id, **correlation)
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(alb.remove_certificate_from_previous_alb, operation_id, **correlation)
.then(iam.delete_previous_server_certificate, operation_id, **correlation)
.then(update_operations.provision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def queue_all_alb_provision_tasks_for_operation(operation_id: int, correlation_id: str):
if correlation_id is None:
raise RuntimeError("correlation_id must be set")
if operation_id is None:
raise RuntimeError("operation_id must be set")
correlation = {"correlation_id": correlation_id}
task_pipeline = (
letsencrypt.create_user.s(operation_id, **correlation)
.then(letsencrypt.generate_private_key, operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(alb.select_alb, operation_id, **correlation)
.then(alb.add_certificate_to_alb, operation_id, **correlation)
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(update_operations.provision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def queue_all_cdn_broker_migration_tasks_for_operation(operation_id, correlation_id):
correlation = {"correlation_id": correlation_id}
task_pipeline = (
cloudfront.remove_s3_bucket_from_cdn_broker_instance.s(
operation_id, **correlation
)
.then(cloudfront.add_logging_to_bucket, operation_id, **correlation)
.then(letsencrypt.create_user, operation_id, **correlation)
.then(letsencrypt.generate_private_key, operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(cloudfront.update_certificate, operation_id, **correlation)
.then(iam.delete_previous_server_certificate, operation_id, **correlation)
.then(update_operations.provision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
def queue_all_domain_broker_migration_tasks_for_operation(operation_id, correlation_id):
correlation = {"correlation_id": correlation_id}
task_pipeline = (
letsencrypt.create_user.s(operation_id, **correlation)
.then(letsencrypt.generate_private_key, operation_id, **correlation)
.then(letsencrypt.initiate_challenges, operation_id, **correlation)
# create alias records here is probably not necessary, but belt + suspenders
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(route53.create_TXT_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(letsencrypt.answer_challenges, operation_id, **correlation)
.then(letsencrypt.retrieve_certificate, operation_id, **correlation)
.then(iam.upload_server_certificate, operation_id, **correlation)
.then(alb.select_alb, operation_id, **correlation)
.then(alb.add_certificate_to_alb, operation_id, **correlation)
.then(route53.create_ALIAS_records, operation_id, **correlation)
.then(route53.wait_for_changes, operation_id, **correlation)
.then(alb.remove_certificate_from_previous_alb, operation_id, **correlation)
.then(iam.delete_previous_server_certificate, operation_id, **correlation)
.then(update_operations.provision, operation_id, **correlation)
)
huey.enqueue(task_pipeline)
