def get_outputs(self): "Get all Outputs of a Resource" acm_client = DNSValidatedACMCertClient( self.account_ctx, self.resource.domain_name, self.cert_aws_region, ) cert_arn = acm_client.get_certificate_arn() return {'ViewerCertificateArn': cert_arn}
def provision(self): """ Creates a certificate if one does not exists, then adds DNS validation records to the Route53 Hosted Zone. """ if not self.enabled: return if self.resource.external_resource == True: return acm_client = DNSValidatedACMCertClient(self.account_ctx, self.resource.domain_name, self.cert_aws_region) # Create the certificate if it does not exists cert_arn = acm_client.get_certificate_arn() if cert_arn == None: action = 'Create' elif self.paco_ctx.nocache == True: action = 'Update' else: action = 'Cache' self.paco_ctx.log_action_col( 'Provision', action, self.account_ctx.get_name() + '.' + self.cert_aws_region, f'boto3: {self.resource.domain_name}: alt-names: {self.resource.subject_alternative_names}', col_2_size=9) cert_arn = acm_client.request_certificate( cert_arn, self.resource.private_ca, self.resource.subject_alternative_names) self.cert_arn_cache = cert_arn # Private CA Certs are automatically validated. No need for DNS. if self.resource.private_ca == None: validation_records = None while validation_records == None: validation_records = acm_client.get_domain_validation_records( cert_arn) if len(validation_records ) == 0 or 'ResourceRecord' not in validation_records[0]: self.paco_ctx.log_action_col('Waiting', 'DNS', self.account_ctx.get_name() + '.' + self.cert_aws_region, 'DNS validation record: ' + self.resource.domain_name, col_2_size=9) time.sleep(2) validation_records = None acm_client.create_domain_validation_records(cert_arn) if self.resource.external_resource == False: acm_client.wait_for_certificate_validation(cert_arn)
def provision(self): """ Creates a certificate if one does not exists, then adds DNS validation records to the Route53 Hosted Zone. """ for acm_config in self.cert_config_list: cert_config = acm_config['config'] if cert_config.is_enabled() == False: continue if cert_config.external_resource == True: return if 'cert_arn_cache' in acm_config.keys(): continue cert_domain = cert_config.domain_name acm_client = DNSValidatedACMCertClient(acm_config['account_ctx'], cert_domain, acm_config['region']) # Create the certificate if it does not exists cert_arn = acm_client.get_certificate_arn() if cert_arn == None: action = 'Create' else: action = 'Cache' self.paco_ctx.log_action_col( 'Provision', action, acm_config['account_ctx'].get_name() + '.' + acm_config['region'], 'boto3: ' + cert_config.domain_name + ': alt-names: {}'.format( cert_config.subject_alternative_names), col_2_size=9) cert_arn = acm_client.request_certificate( cert_arn, cert_config.private_ca, cert_config.subject_alternative_names) acm_config['cert_arn_cache'] = cert_arn # Private CA Certs are automatically validated. No need for DNS. if cert_config.private_ca == None: validation_records = None while validation_records == None: validation_records = acm_client.get_domain_validation_records( cert_arn) if len( validation_records ) == 0 or 'ResourceRecord' not in validation_records[0]: self.paco_ctx.log_action_col( 'Waiting', 'DNS', acm_config['account_ctx'].get_name() + '.' + acm_config['region'], 'DNS validation record: ' + cert_config.domain_name, col_2_size=9) time.sleep(2) validation_records = None acm_client.create_domain_validation_records(cert_arn)
def provision(self): """ Creates a certificate if one does not exists, then adds DNS validation records to the Route53 Hosted Zone. """ for acm_config in self.cert_config_list: cert_config = acm_config['config'] if cert_config.is_enabled() == False: continue if cert_config.external_resource == True: return if 'cert_arn_cache' in acm_config.keys(): continue cert_domain = cert_config.domain_name acm_client = DNSValidatedACMCertClient(acm_config['account_ctx'], cert_domain, acm_config['region']) # Create the certificate if it does not exists self.paco_ctx.log_action_col( 'Provision', acm_config['account_ctx'].get_name(), 'ACM', acm_config['region'] + ': ' + cert_config.domain_name + ': alt-names: {}'.format( cert_config.subject_alternative_names)) cert_arn = acm_client.request_certificate( cert_config.subject_alternative_names) acm_config['cert_arn_cache'] = cert_arn validation_records = None while validation_records == None: validation_records = acm_client.get_domain_validation_records( cert_arn) if len(validation_records ) == 0 or 'ResourceRecord' not in validation_records[0]: print("Waiting for DNS Validation records ...") self.paco_ctx.log_action_col( 'Waiting', acm_config['account_ctx'].get_name(), 'ACM', acm_config['region'] + ': ' + cert_config.domain_name) time.sleep(1) validation_records = None acm_client.create_domain_validation_records(cert_arn)
def resolve_ref(self, ref): if ref.last_part == 'arn': group_id = '.'.join(ref.parts[:-1]) cert_id = ref.parts[-2] res_config = self.get_cert_config(group_id, cert_id) if 'cert_arn_cache' in res_config.keys(): return res_config['cert_arn_cache'] acm_client = DNSValidatedACMCertClient( res_config['account_ctx'], res_config['config'].domain_name, ref.region) if acm_client: cert_arn = acm_client.get_certificate_arn() if cert_arn == None: self.provision() cert_arn = acm_client.get_certificate_arn() if res_config['config'].external_resource == False: acm_client.wait_for_certificate_validation(cert_arn) return cert_arn else: raise StackException(PacoErrorCode.Unknown) raise StackException(PacoErrorCode.Unknown)