def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) arn = iam.create_arn_from_cert(account_number, region, certificate.name) if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) else: elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) if endpoint.type == "cloudfront": cert = iam.get_certificate(certificate.name, account_number=account_number) if not cert: return None cert_id = cert["ServerCertificateMetadata"]["ServerCertificateId"] cloudfront.attach_certificate(endpoint.name, cert_id, account_number=account_number) return if endpoint.type not in ["elb", "elbv2"]: raise NotImplementedError() # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) if endpoint.registry_type == 'iam': arn = iam.create_arn_from_cert(account_number, region, certificate.name, endpoint.certificate_path) else: raise Exception( f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry" ) if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) elif endpoint.type == "elb": elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option('accountNumber', options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) arn = iam.create_arn_from_cert(account_number, region, certificate.name) if endpoint.type == 'elbv2': listener_arn = elb.get_listener_arn_from_endpoint(endpoint.name, endpoint.port, account_number=account_number, region=region) elb.attach_certificate_v2(listener_arn, endpoint.port, [{'CertificateArn': arn}], account_number=account_number, region=region) else: elb.attach_certificate(endpoint.name, endpoint.port, arn, account_number=account_number, region=region)
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) if endpoint.registry_type == 'iam': arn = iam.create_arn_from_cert(account_number, region, certificate.name, endpoint.certificate_path) else: raise Exception( f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry" ) return if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) else: elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )
def test_create_elb_with_https_listener_miscellaneous(app, aws_credentials): from lemur.plugins.lemur_aws import iam, elb endpoint_name = "example-lbv2" account_number = "123456789012" region_ue1 = "us-east-1" client = boto3.client("elbv2", region_name="us-east-1") ec2 = boto3.resource("ec2", region_name="us-east-1") # Create VPC vpc = ec2.create_vpc(CidrBlock="172.28.7.0/24") # Create LB (elbv2) in above VPC assert create_load_balancer(client, ec2, vpc.id, endpoint_name) # Create target group target_group_arn = create_target_group(client, vpc.id) assert target_group_arn # Test get_load_balancer_arn_from_endpoint lb_arn = elb.get_load_balancer_arn_from_endpoint( endpoint_name, account_number=account_number, region=region_ue1) assert lb_arn # Test describe_listeners_v2 listeners = elb.describe_listeners_v2(account_number=account_number, region=region_ue1, LoadBalancerArn=lb_arn) assert listeners assert not listeners["Listeners"] # Upload cert response = iam.upload_cert("LemurTestCert", "testCert", "cert1", "cert2", account_number=account_number) assert response cert_arn = response["ServerCertificateMetadata"]["Arn"] assert cert_arn # Create https listener using above cert listeners = client.create_listener( LoadBalancerArn=lb_arn, Protocol="HTTPS", Port=443, Certificates=[{ "CertificateArn": cert_arn }], DefaultActions=[{ "Type": "forward", "TargetGroupArn": target_group_arn }], ) assert listeners listener_arn = listeners["Listeners"][0]["ListenerArn"] assert listener_arn assert listeners["Listeners"] for listener in listeners["Listeners"]: if listener["Port"] == 443: assert listener["Certificates"] assert cert_arn == listener["Certificates"][0]["CertificateArn"] # Test get_listener_arn_from_endpoint assert listener_arn == elb.get_listener_arn_from_endpoint( endpoint_name, 443, account_number=account_number, region=region_ue1, )