def queue_all_deprovision_tasks_for_operation(operation_id: int,
                                              correlation_id: str):
    if correlation_id is None:
        raise RuntimeError("correlation_id must be set")
    if operation_id is None:
        raise RuntimeError("operation_id must be set")
    task_pipeline = (route53.remove_ALIAS_records.s(
        operation_id, correlation_id=correlation_id).then(
            route53.remove_TXT_records,
            operation_id,
            correlation_id=correlation_id).then(
                cloudfront.disable_distribution,
                operation_id,
                correlation_id=correlation_id).then(
                    cloudfront.wait_for_distribution_disabled,
                    operation_id,
                    correlation_id=correlation_id,
                ).then(
                    cloudfront.delete_distribution,
                    operation_id=operation_id,
                    correlation_id=correlation_id,
                ).then(iam.delete_server_certificate,
                       operation_id,
                       correlation_id=correlation_id).then(
                           finalize.deprovision,
                           operation_id,
                           correlation_id=correlation_id))
    huey.enqueue(task_pipeline)
Exemplo n.º 2
0
def queue_all_migration_deprovision_tasks_for_operation(
    operation_id: int, correlation_id: str
):
    if correlation_id is None:
        raise RuntimeError("correlation_id must be set")
    if operation_id is None:
        raise RuntimeError("operation_id must be set")
    correlation = {"correlation_id": correlation_id}
    task_pipeline = update_operations.deprovision.s(operation_id, **correlation)
    huey.enqueue(task_pipeline)
Exemplo n.º 3
0
def queue_all_cdn_renewal_tasks_for_operation(operation_id, **kwargs):
    correlation = {"correlation_id": "Renewal"}
    task_pipeline = (
        letsencrypt.generate_private_key.s(operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(cloudfront.update_certificate, operation_id, **correlation)
        .then(iam.delete_previous_server_certificate, operation_id, **correlation)
        .then(update_operations.provision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
def queue_all_provision_tasks_for_operation(operation_id: int,
                                            correlation_id: str):
    if correlation_id is None:
        raise RuntimeError("correlation_id must be set")
    if operation_id is None:
        raise RuntimeError("operation_id must be set")
    task_pipeline = (letsencrypt.create_user.s(
        operation_id, correlation_id=correlation_id).then(
            letsencrypt.generate_private_key,
            operation_id,
            correlation_id=correlation_id,
        ).then(letsencrypt.initiate_challenges,
               operation_id,
               correlation_id=correlation_id).then(
                   route53.create_TXT_records,
                   operation_id,
                   correlation_id=correlation_id).then(
                       route53.wait_for_changes,
                       operation_id,
                       correlation_id=correlation_id).then(
                           letsencrypt.answer_challenges,
                           operation_id,
                           correlation_id=correlation_id).then(
                               letsencrypt.retrieve_certificate,
                               operation_id,
                               correlation_id=correlation_id,
                           ).then(
                               iam.upload_server_certificate,
                               operation_id,
                               correlation_id=correlation_id).then(
                                   cloudfront.create_distribution,
                                   operation_id,
                                   correlation_id=correlation_id).then(
                                       cloudfront.wait_for_distribution,
                                       operation_id,
                                       correlation_id=correlation_id,
                                   ).then(
                                       route53.create_ALIAS_records,
                                       operation_id,
                                       correlation_id=correlation_id).then(
                                           route53.wait_for_changes,
                                           operation_id,
                                           correlation_id=correlation_id).then(
                                               finalize.provision,
                                               operation_id,
                                               correlation_id=correlation_id))
    huey.enqueue(task_pipeline)
Exemplo n.º 5
0
def queue_all_alb_deprovision_tasks_for_operation(
    operation_id: int, correlation_id: str
):
    if correlation_id is None:
        raise RuntimeError("correlation_id must be set")
    if operation_id is None:
        raise RuntimeError("operation_id must be set")
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        update_operations.cancel_pending_provisioning.s(operation_id, **correlation)
        .then(route53.remove_ALIAS_records, operation_id, **correlation)
        .then(route53.remove_TXT_records, operation_id, **correlation)
        .then(alb.remove_certificate_from_alb, operation_id, **correlation)
        .then(iam.delete_server_certificate, operation_id, **correlation)
        .then(update_operations.deprovision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
def cdn_instance_needing_renewal(clean_db, tasks):
    """
    create a cdn service instance that needs renewal.
    This includes walking it through the first few ACME steps to create a user so we can reuse that user.
    """
    renew_service_instance = CDNServiceInstanceFactory.create(
        id="4321",
        domain_names=["example.com", "foo.com"],
        domain_internal="fake1234.cloudfront.net",
        route53_alias_hosted_zone="Z2FDTNDATAQYW2",
        cloudfront_distribution_id="FakeDistributionId",
        cloudfront_origin_hostname="origin_hostname",
    )

    current_cert = CertificateFactory.create(
        id=1001,
        service_instance=renew_service_instance,
        expires_at=datetime.now() + timedelta(days=29),
        iam_server_certificate_id="certificate_id",
        iam_server_certificate_name="certificate_name",
        iam_server_certificate_arn="certificate_arn",
        private_key_pem="SOMEPRIVATEKEY",
    )
    renew_service_instance.current_certificate = current_cert

    db.session.add(renew_service_instance)
    db.session.add(current_cert)
    db.session.commit()
    db.session.expunge_all()

    # create an operation, since that's what our task pipelines know to look for
    operation = OperationFactory.create(
        service_instance=renew_service_instance)
    db.session.refresh(operation)
    db.session.commit()

    huey.enqueue(create_user.s(operation.id))
    tasks.run_queued_tasks_and_enqueue_dependents()
    huey.enqueue(generate_private_key.s(operation.id))
    tasks.run_queued_tasks_and_enqueue_dependents()

    # delete the operation to simplify checks on operations later
    db.session.delete(operation)
    db.session.commit()
    return renew_service_instance
Exemplo n.º 7
0
def queue_all_cdn_update_tasks_for_operation(operation_id, correlation_id):
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        letsencrypt.generate_private_key.s(operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(cloudfront.update_distribution, operation_id, **correlation)
        .then(cloudfront.wait_for_distribution, operation_id, **correlation)
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(iam.delete_previous_server_certificate, operation_id, **correlation)
        .then(update_operations.update_complete, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
Exemplo n.º 8
0
def queue_all_alb_update_tasks_for_operation(operation_id, correlation_id):
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        letsencrypt.generate_private_key.s(operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(alb.select_alb, operation_id, **correlation)
        .then(alb.add_certificate_to_alb, operation_id, **correlation)
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(alb.remove_certificate_from_previous_alb, operation_id, **correlation)
        .then(iam.delete_previous_server_certificate, operation_id, **correlation)
        .then(update_operations.provision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
Exemplo n.º 9
0
def queue_all_alb_provision_tasks_for_operation(operation_id: int, correlation_id: str):
    if correlation_id is None:
        raise RuntimeError("correlation_id must be set")
    if operation_id is None:
        raise RuntimeError("operation_id must be set")
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        letsencrypt.create_user.s(operation_id, **correlation)
        .then(letsencrypt.generate_private_key, operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(alb.select_alb, operation_id, **correlation)
        .then(alb.add_certificate_to_alb, operation_id, **correlation)
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(update_operations.provision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
Exemplo n.º 10
0
def queue_all_cdn_broker_migration_tasks_for_operation(operation_id, correlation_id):
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        cloudfront.remove_s3_bucket_from_cdn_broker_instance.s(
            operation_id, **correlation
        )
        .then(cloudfront.add_logging_to_bucket, operation_id, **correlation)
        .then(letsencrypt.create_user, operation_id, **correlation)
        .then(letsencrypt.generate_private_key, operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(cloudfront.update_certificate, operation_id, **correlation)
        .then(iam.delete_previous_server_certificate, operation_id, **correlation)
        .then(update_operations.provision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)
Exemplo n.º 11
0
def queue_all_domain_broker_migration_tasks_for_operation(operation_id, correlation_id):
    correlation = {"correlation_id": correlation_id}
    task_pipeline = (
        letsencrypt.create_user.s(operation_id, **correlation)
        .then(letsencrypt.generate_private_key, operation_id, **correlation)
        .then(letsencrypt.initiate_challenges, operation_id, **correlation)
        # create alias records here is probably not necessary, but belt + suspenders
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(route53.create_TXT_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(letsencrypt.answer_challenges, operation_id, **correlation)
        .then(letsencrypt.retrieve_certificate, operation_id, **correlation)
        .then(iam.upload_server_certificate, operation_id, **correlation)
        .then(alb.select_alb, operation_id, **correlation)
        .then(alb.add_certificate_to_alb, operation_id, **correlation)
        .then(route53.create_ALIAS_records, operation_id, **correlation)
        .then(route53.wait_for_changes, operation_id, **correlation)
        .then(alb.remove_certificate_from_previous_alb, operation_id, **correlation)
        .then(iam.delete_previous_server_certificate, operation_id, **correlation)
        .then(update_operations.provision, operation_id, **correlation)
    )
    huey.enqueue(task_pipeline)