def update_endpoint(self, endpoint, certificate):
options = endpoint.source.options
account_number = self.get_option("accountNumber", options)
# relies on the fact that region is included in DNS name
region = get_region_from_dns(endpoint.dnsname)
arn = iam.create_arn_from_cert(account_number, region,
certificate.name)
if endpoint.type == "elbv2":
listener_arn = elb.get_listener_arn_from_endpoint(
endpoint.name,
endpoint.port,
account_number=account_number,
region=region,
)
elb.attach_certificate_v2(
listener_arn,
endpoint.port,
[{
"CertificateArn": arn
}],
account_number=account_number,
region=region,
)
else:
elb.attach_certificate(
endpoint.name,
endpoint.port,
arn,
account_number=account_number,
region=region,
)
def update_endpoint(self, endpoint, certificate):
options = endpoint.source.options
account_number = self.get_option("accountNumber", options)
if endpoint.type == "cloudfront":
cert = iam.get_certificate(certificate.name,
account_number=account_number)
if not cert:
return None
cert_id = cert["ServerCertificateMetadata"]["ServerCertificateId"]
cloudfront.attach_certificate(endpoint.name,
cert_id,
account_number=account_number)
return
if endpoint.type not in ["elb", "elbv2"]:
raise NotImplementedError()
# relies on the fact that region is included in DNS name
region = get_region_from_dns(endpoint.dnsname)
if endpoint.registry_type == 'iam':
arn = iam.create_arn_from_cert(account_number, region,
certificate.name,
endpoint.certificate_path)
else:
raise Exception(
f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry"
)
if endpoint.type == "elbv2":
listener_arn = elb.get_listener_arn_from_endpoint(
endpoint.name,
endpoint.port,
account_number=account_number,
region=region,
)
elb.attach_certificate_v2(
listener_arn,
endpoint.port,
[{
"CertificateArn": arn
}],
account_number=account_number,
region=region,
)
elif endpoint.type == "elb":
elb.attach_certificate(
endpoint.name,
endpoint.port,
arn,
account_number=account_number,
region=region,
)
def update_endpoint(self, endpoint, certificate):
options = endpoint.source.options
account_number = self.get_option('accountNumber', options)
# relies on the fact that region is included in DNS name
region = get_region_from_dns(endpoint.dnsname)
arn = iam.create_arn_from_cert(account_number, region, certificate.name)
if endpoint.type == 'elbv2':
listener_arn = elb.get_listener_arn_from_endpoint(endpoint.name, endpoint.port,
account_number=account_number, region=region)
elb.attach_certificate_v2(listener_arn, endpoint.port, [{'CertificateArn': arn}],
account_number=account_number, region=region)
else:
elb.attach_certificate(endpoint.name, endpoint.port, arn, account_number=account_number, region=region)
def update_endpoint(self, endpoint, certificate):
options = endpoint.source.options
account_number = self.get_option("accountNumber", options)
# relies on the fact that region is included in DNS name
region = get_region_from_dns(endpoint.dnsname)
if endpoint.registry_type == 'iam':
arn = iam.create_arn_from_cert(account_number, region,
certificate.name,
endpoint.certificate_path)
else:
raise Exception(
f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry"
)
return
if endpoint.type == "elbv2":
listener_arn = elb.get_listener_arn_from_endpoint(
endpoint.name,
endpoint.port,
account_number=account_number,
region=region,
)
elb.attach_certificate_v2(
listener_arn,
endpoint.port,
[{
"CertificateArn": arn
}],
account_number=account_number,
region=region,
)
else:
elb.attach_certificate(
endpoint.name,
endpoint.port,
arn,
account_number=account_number,
region=region,
)
def test_create_elb_with_https_listener_miscellaneous(app, aws_credentials):
from lemur.plugins.lemur_aws import iam, elb
endpoint_name = "example-lbv2"
account_number = "123456789012"
region_ue1 = "us-east-1"
client = boto3.client("elbv2", region_name="us-east-1")
ec2 = boto3.resource("ec2", region_name="us-east-1")
# Create VPC
vpc = ec2.create_vpc(CidrBlock="172.28.7.0/24")
# Create LB (elbv2) in above VPC
assert create_load_balancer(client, ec2, vpc.id, endpoint_name)
# Create target group
target_group_arn = create_target_group(client, vpc.id)
assert target_group_arn
# Test get_load_balancer_arn_from_endpoint
lb_arn = elb.get_load_balancer_arn_from_endpoint(
endpoint_name, account_number=account_number, region=region_ue1)
assert lb_arn
# Test describe_listeners_v2
listeners = elb.describe_listeners_v2(account_number=account_number,
region=region_ue1,
LoadBalancerArn=lb_arn)
assert listeners
assert not listeners["Listeners"]
# Upload cert
response = iam.upload_cert("LemurTestCert",
"testCert",
"cert1",
"cert2",
account_number=account_number)
assert response
cert_arn = response["ServerCertificateMetadata"]["Arn"]
assert cert_arn
# Create https listener using above cert
listeners = client.create_listener(
LoadBalancerArn=lb_arn,
Protocol="HTTPS",
Port=443,
Certificates=[{
"CertificateArn": cert_arn
}],
DefaultActions=[{
"Type": "forward",
"TargetGroupArn": target_group_arn
}],
)
assert listeners
listener_arn = listeners["Listeners"][0]["ListenerArn"]
assert listener_arn
assert listeners["Listeners"]
for listener in listeners["Listeners"]:
if listener["Port"] == 443:
assert listener["Certificates"]
assert cert_arn == listener["Certificates"][0]["CertificateArn"]
# Test get_listener_arn_from_endpoint
assert listener_arn == elb.get_listener_arn_from_endpoint(
endpoint_name,
443,
account_number=account_number,
region=region_ue1,
)
