def get_endpoint_certificate_names(self, endpoint): options = endpoint.source.options account_number = self.get_option("accountNumber", options) region = get_region_from_dns(endpoint.dnsname) certificate_names = [] if endpoint.type == "elb": elb_details = elb.get_elbs(account_number=account_number, region=region, LoadBalancerNames=[endpoint.name],) for lb_description in elb_details["LoadBalancerDescriptions"]: for listener_description in lb_description["ListenerDescriptions"]: listener = listener_description.get("Listener") if not listener.get("SSLCertificateId"): continue certificate_names.append(iam.get_name_from_arn(listener.get("SSLCertificateId"))) elif endpoint.type == "elbv2": listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb.get_load_balancer_arn_from_endpoint(endpoint.name, account_number=account_number, region=region), ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: certificate_names.append(iam.get_name_from_arn(certificate["CertificateArn"])) return certificate_names
def get_endpoint_certificate_names(self, endpoint): options = endpoint.source.options account_number = self.get_option("accountNumber", options) region = get_region_from_dns(endpoint.dnsname) certificate_names = [] if endpoint.type == "elb": elb_details = elb.get_elbs( account_number=account_number, region=region, LoadBalancerNames=[endpoint.name], ) for lb_description in elb_details["LoadBalancerDescriptions"]: for listener_description in lb_description[ "ListenerDescriptions"]: listener = listener_description.get("Listener") if not listener.get("SSLCertificateId"): continue certificate_names.append( iam.get_name_from_arn( listener.get("SSLCertificateId"))) elif endpoint.type == "elbv2": listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb.get_load_balancer_arn_from_endpoint( endpoint.name, account_number=account_number, region=region), ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: certificate_names.append( iam.get_name_from_arn(certificate["CertificateArn"])) elif endpoint.type == "cloudfront": cert_id_to_name = iam.get_certificate_id_to_name( account_number=account_number) dist = cloudfront.get_distribution(account_number=account_number, distribution_id=endpoint.name) loaded = get_distribution_endpoint(account_number, cert_id_to_name, dist) if loaded: certificate_names.append(loaded["certificate_name"]) else: raise NotImplementedError() return certificate_names
def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2(account_number=account_number, region=region, LoadBalancerArn=elb_dict['LoadBalancerArn']) for listener in listeners['Listeners']: if not listener.get('Certificates'): continue for certificate in listener['Certificates']: endpoint = dict( name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elbv2', port=listener['Port'], certificate_name=iam.get_name_from_arn(certificate['CertificateArn']) ) if listener['SslPolicy']: policy = elb.describe_ssl_policies_v2([listener['SslPolicy']], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def get_elb_endpoints(account_number, region, elb_dict): """ Retrieves endpoint information from elb response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] for listener in elb_dict['ListenerDescriptions']: if not listener['Listener'].get('SSLCertificateId'): continue if listener['Listener']['SSLCertificateId'] == 'Invalid-Certificate': continue endpoint = dict(name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elb', port=listener['Listener']['LoadBalancerPort'], certificate_name=iam.get_name_from_arn( listener['Listener']['SSLCertificateId'])) if listener['PolicyNames']: policy = elb.describe_load_balancer_policies( elb_dict['LoadBalancerName'], listener['PolicyNames'], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy(policy) endpoints.append(endpoint) return endpoints
def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb_dict['LoadBalancerArn']) for listener in listeners['Listeners']: if not listener.get('Certificates'): continue for certificate in listener['Certificates']: endpoint = dict(name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elbv2', port=listener['Port'], certificate_name=iam.get_name_from_arn( certificate['CertificateArn'])) if listener['SslPolicy']: policy = elb.describe_ssl_policies_v2( [listener['SslPolicy']], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def get_elb_endpoints(account_number, region, elb_dict): """ Retrieves endpoint information from elb response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] for listener in elb_dict['ListenerDescriptions']: if not listener['Listener'].get('SSLCertificateId'): continue if listener['Listener']['SSLCertificateId'] == 'Invalid-Certificate': continue endpoint = dict( name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elb', port=listener['Listener']['LoadBalancerPort'], certificate_name=iam.get_name_from_arn(listener['Listener']['SSLCertificateId']) ) if listener['PolicyNames']: policy = elb.describe_load_balancer_policies(elb_dict['LoadBalancerName'], listener['PolicyNames'], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy(policy) current_app.logger.debug("Found new endpoint. Endpoint: {}".format(endpoint)) endpoints.append(endpoint) return endpoints
def test_get_name_from_arn(): from lemur.plugins.lemur_aws.iam import get_name_from_arn arn = "arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625" assert (get_name_from_arn(arn) == "tttt2.netflixtest.net-NetflixInc-20150624-20150625") arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/tttt2.netflixtest.net-NetflixInc-20150624-20150625" assert (get_name_from_arn(arn) == "tttt2.netflixtest.net-NetflixInc-20150624-20150625") arn = "arn:aws:iam::123456789012:server-certificate/cloudfront/2/tttt2.netflixtest.net-NetflixInc-20150624-20150625" assert (get_name_from_arn(arn) == "tttt2.netflixtest.net-NetflixInc-20150624-20150625") arn = "arn:aws:acm:us-west-2:123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625" assert (get_name_from_arn(arn) == "tttt2.netflixtest.net-NetflixInc-20150624-20150625")
def get_certificates(self, options, **kwargs): certs = [] arns = iam.get_all_server_certs( self.get_option('accountNumber', options)) for arn in arns: cert_body, cert_chain = iam.get_cert_from_arn(arn) cert_name = iam.get_name_from_arn(arn) cert = dict(body=cert_body, chain=cert_chain, name=cert_name) certs.append(cert) return certs
def get_certificates(self, options, **kwargs): certs = [] arns = iam.get_all_server_certs(find_value('accountNumber', options)) for arn in arns: cert_body, cert_chain = iam.get_cert_from_arn(arn) cert_name = iam.get_name_from_arn(arn) cert = dict(public_certificate=cert_body, intermediate_certificate=cert_chain, name=cert_name) certs.append(cert) return certs
def get_certificates(self, options, **kwargs): certs = [] arns = iam.get_all_server_certs(find_value('accountNumber', options)) for arn in arns: cert_body, cert_chain = iam.get_cert_from_arn(arn) cert_name = iam.get_name_from_arn(arn) cert = dict( public_certificate=cert_body, intermediate_certificate=cert_chain, name=cert_name ) certs.append(cert) return certs
def get_certificates(self, options, **kwargs): certs = [] arns = iam.get_all_server_certs(self.get_option('accountNumber', options)) for arn in arns: cert_body, cert_chain = iam.get_cert_from_arn(arn) cert_name = iam.get_name_from_arn(arn) cert = dict( body=cert_body, chain=cert_chain, name=cert_name ) certs.append(cert) return certs
def get_elb_endpoints(account_number, region, elb_dict): """ Retrieves endpoint information from elb response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] for listener in elb_dict["ListenerDescriptions"]: if not listener["Listener"].get("SSLCertificateId"): continue if listener["Listener"]["SSLCertificateId"] == "Invalid-Certificate": continue endpoint = dict( name=elb_dict["LoadBalancerName"], dnsname=elb_dict["DNSName"], type="elb", port=listener["Listener"]["LoadBalancerPort"], certificate_name=iam.get_name_from_arn( listener["Listener"]["SSLCertificateId"]), certificate_path=iam.get_path_from_arn( listener["Listener"]["SSLCertificateId"]), registry_type=iam.get_registry_type_from_arn( listener["Listener"]["SSLCertificateId"]), ) if listener["PolicyNames"]: policy = elb.describe_load_balancer_policies( elb_dict["LoadBalancerName"], listener["PolicyNames"], account_number=account_number, region=region, ) endpoint["policy"] = format_elb_cipher_policy(policy) current_app.logger.debug( "Found new endpoint. Endpoint: {}".format(endpoint)) endpoints.append(endpoint) return endpoints
def get_endpoints(self, options, **kwargs): endpoints = [] account_number = self.get_option('accountNumber', options) regions = self.get_option('regions', options) if not regions: regions = ec2.get_regions(account_number=account_number) else: regions = regions.split(',') for region in regions: elbs = elb.get_all_elbs(account_number=account_number, region=region) current_app.logger.info( "Describing load balancers in {0}-{1}".format( account_number, region)) for e in elbs: for listener in e['ListenerDescriptions']: if not listener['Listener'].get('SSLCertificateId'): continue if listener['Listener'][ 'SSLCertificateId'] == 'Invalid-Certificate': continue endpoint = dict( name=e['LoadBalancerName'], dnsname=e['DNSName'], type='e', port=listener['Listener']['LoadBalancerPort'], certificate_name=iam.get_name_from_arn( listener['Listener']['SSLCertificateId'])) if listener['PolicyNames']: policy = elb.describe_load_balancer_policies( e['LoadBalancerName'], listener['PolicyNames'], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy(policy) endpoints.append(endpoint) return endpoints
def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb_dict["LoadBalancerArn"], ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: endpoint = dict( name=elb_dict["LoadBalancerName"], dnsname=elb_dict["DNSName"], type="elbv2", port=listener["Port"], certificate_name=iam.get_name_from_arn( certificate["CertificateArn"]), certificate_path=iam.get_path_from_arn( certificate["CertificateArn"]), registry_type=iam.get_registry_type_from_arn( certificate["CertificateArn"]), ) if listener["SslPolicy"]: policy = elb.describe_ssl_policies_v2( [listener["SslPolicy"]], account_number=account_number, region=region) endpoint["policy"] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def get_endpoints(self, options, **kwargs): endpoints = [] account_number = self.get_option('accountNumber', options) regions = self.get_option('regions', options) if not regions: regions = get_regions(account_number=account_number) else: regions = regions.split(',') for region in regions: elbs = get_all_elbs(account_number=account_number, region=region) current_app.logger.info("Describing load balancers in {0}-{1}".format(account_number, region)) for elb in elbs: for listener in elb['ListenerDescriptions']: if not listener['Listener'].get('SSLCertificateId'): continue if listener['Listener']['SSLCertificateId'] == 'Invalid-Certificate': continue endpoint = dict( name=elb['LoadBalancerName'], dnsname=elb['DNSName'], type='elb', port=listener['Listener']['LoadBalancerPort'], certificate_name=iam.get_name_from_arn(listener['Listener']['SSLCertificateId']) ) if listener['PolicyNames']: policy = describe_load_balancer_policies(elb['LoadBalancerName'], listener['PolicyNames'], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy(policy) endpoints.append(endpoint) return endpoints
def test_get_name_from_arn(): from lemur.plugins.lemur_aws.iam import get_name_from_arn arn = 'arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625' assert get_name_from_arn( arn) == 'tttt2.netflixtest.net-NetflixInc-20150624-20150625'
def test_get_name_from_arn(): from lemur.plugins.lemur_aws.iam import get_name_from_arn arn = 'arn:aws:iam::123456789012:server-certificate/tttt2.netflixtest.net-NetflixInc-20150624-20150625' assert get_name_from_arn(arn) == 'tttt2.netflixtest.net-NetflixInc-20150624-20150625'