def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb_dict['LoadBalancerArn']) for listener in listeners['Listeners']: if not listener.get('Certificates'): continue for certificate in listener['Certificates']: endpoint = dict(name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elbv2', port=listener['Port'], certificate_name=iam.get_name_from_arn( certificate['CertificateArn'])) if listener['SslPolicy']: policy = elb.describe_ssl_policies_v2( [listener['SslPolicy']], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2(account_number=account_number, region=region, LoadBalancerArn=elb_dict['LoadBalancerArn']) for listener in listeners['Listeners']: if not listener.get('Certificates'): continue for certificate in listener['Certificates']: endpoint = dict( name=elb_dict['LoadBalancerName'], dnsname=elb_dict['DNSName'], type='elbv2', port=listener['Port'], certificate_name=iam.get_name_from_arn(certificate['CertificateArn']) ) if listener['SslPolicy']: policy = elb.describe_ssl_policies_v2([listener['SslPolicy']], account_number=account_number, region=region) endpoint['policy'] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def get_endpoint_certificate_names(self, endpoint): options = endpoint.source.options account_number = self.get_option("accountNumber", options) region = get_region_from_dns(endpoint.dnsname) certificate_names = [] if endpoint.type == "elb": elb_details = elb.get_elbs(account_number=account_number, region=region, LoadBalancerNames=[endpoint.name],) for lb_description in elb_details["LoadBalancerDescriptions"]: for listener_description in lb_description["ListenerDescriptions"]: listener = listener_description.get("Listener") if not listener.get("SSLCertificateId"): continue certificate_names.append(iam.get_name_from_arn(listener.get("SSLCertificateId"))) elif endpoint.type == "elbv2": listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb.get_load_balancer_arn_from_endpoint(endpoint.name, account_number=account_number, region=region), ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: certificate_names.append(iam.get_name_from_arn(certificate["CertificateArn"])) return certificate_names
def get_endpoint_certificate_names(self, endpoint): options = endpoint.source.options account_number = self.get_option("accountNumber", options) region = get_region_from_dns(endpoint.dnsname) certificate_names = [] if endpoint.type == "elb": elb_details = elb.get_elbs( account_number=account_number, region=region, LoadBalancerNames=[endpoint.name], ) for lb_description in elb_details["LoadBalancerDescriptions"]: for listener_description in lb_description[ "ListenerDescriptions"]: listener = listener_description.get("Listener") if not listener.get("SSLCertificateId"): continue certificate_names.append( iam.get_name_from_arn( listener.get("SSLCertificateId"))) elif endpoint.type == "elbv2": listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb.get_load_balancer_arn_from_endpoint( endpoint.name, account_number=account_number, region=region), ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: certificate_names.append( iam.get_name_from_arn(certificate["CertificateArn"])) elif endpoint.type == "cloudfront": cert_id_to_name = iam.get_certificate_id_to_name( account_number=account_number) dist = cloudfront.get_distribution(account_number=account_number, distribution_id=endpoint.name) loaded = get_distribution_endpoint(account_number, cert_id_to_name, dist) if loaded: certificate_names.append(loaded["certificate_name"]) else: raise NotImplementedError() return certificate_names
def get_elb_endpoints_v2(account_number, region, elb_dict): """ Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return: """ endpoints = [] listeners = elb.describe_listeners_v2( account_number=account_number, region=region, LoadBalancerArn=elb_dict["LoadBalancerArn"], ) for listener in listeners["Listeners"]: if not listener.get("Certificates"): continue for certificate in listener["Certificates"]: endpoint = dict( name=elb_dict["LoadBalancerName"], dnsname=elb_dict["DNSName"], type="elbv2", port=listener["Port"], certificate_name=iam.get_name_from_arn( certificate["CertificateArn"]), certificate_path=iam.get_path_from_arn( certificate["CertificateArn"]), registry_type=iam.get_registry_type_from_arn( certificate["CertificateArn"]), ) if listener["SslPolicy"]: policy = elb.describe_ssl_policies_v2( [listener["SslPolicy"]], account_number=account_number, region=region) endpoint["policy"] = format_elb_cipher_policy_v2(policy) endpoints.append(endpoint) return endpoints
def test_create_elb_with_https_listener_miscellaneous(app, aws_credentials): from lemur.plugins.lemur_aws import iam, elb endpoint_name = "example-lbv2" account_number = "123456789012" region_ue1 = "us-east-1" client = boto3.client("elbv2", region_name="us-east-1") ec2 = boto3.resource("ec2", region_name="us-east-1") # Create VPC vpc = ec2.create_vpc(CidrBlock="172.28.7.0/24") # Create LB (elbv2) in above VPC assert create_load_balancer(client, ec2, vpc.id, endpoint_name) # Create target group target_group_arn = create_target_group(client, vpc.id) assert target_group_arn # Test get_load_balancer_arn_from_endpoint lb_arn = elb.get_load_balancer_arn_from_endpoint( endpoint_name, account_number=account_number, region=region_ue1) assert lb_arn # Test describe_listeners_v2 listeners = elb.describe_listeners_v2(account_number=account_number, region=region_ue1, LoadBalancerArn=lb_arn) assert listeners assert not listeners["Listeners"] # Upload cert response = iam.upload_cert("LemurTestCert", "testCert", "cert1", "cert2", account_number=account_number) assert response cert_arn = response["ServerCertificateMetadata"]["Arn"] assert cert_arn # Create https listener using above cert listeners = client.create_listener( LoadBalancerArn=lb_arn, Protocol="HTTPS", Port=443, Certificates=[{ "CertificateArn": cert_arn }], DefaultActions=[{ "Type": "forward", "TargetGroupArn": target_group_arn }], ) assert listeners listener_arn = listeners["Listeners"][0]["ListenerArn"] assert listener_arn assert listeners["Listeners"] for listener in listeners["Listeners"]: if listener["Port"] == 443: assert listener["Certificates"] assert cert_arn == listener["Certificates"][0]["CertificateArn"] # Test get_listener_arn_from_endpoint assert listener_arn == elb.get_listener_arn_from_endpoint( endpoint_name, 443, account_number=account_number, region=region_ue1, )