def get_certificate_by_name(self, certificate_name, options): account_number = self.get_option("accountNumber", options) # certificate name may contain path, in which case we remove it if "/" in certificate_name: certificate_name = certificate_name.split('/')[-1] try: cert = iam.get_certificate(certificate_name, account_number=account_number) if cert: return dict( body=cert["CertificateBody"], chain=cert.get("CertificateChain"), name=cert["ServerCertificateMetadata"] ["ServerCertificateName"], ) except ClientError: current_app.logger.warning( "get_elb_certificate_failed: Unable to get certificate for {0}" .format(certificate_name)) capture_exception() metrics.send("get_elb_certificate_failed", "counter", 1, metric_tags={ "certificate_name": certificate_name, "account_number": account_number }) return None
def update_endpoint(self, endpoint, certificate): options = endpoint.source.options account_number = self.get_option("accountNumber", options) if endpoint.type == "cloudfront": cert = iam.get_certificate(certificate.name, account_number=account_number) if not cert: return None cert_id = cert["ServerCertificateMetadata"]["ServerCertificateId"] cloudfront.attach_certificate(endpoint.name, cert_id, account_number=account_number) return if endpoint.type not in ["elb", "elbv2"]: raise NotImplementedError() # relies on the fact that region is included in DNS name region = get_region_from_dns(endpoint.dnsname) if endpoint.registry_type == 'iam': arn = iam.create_arn_from_cert(account_number, region, certificate.name, endpoint.certificate_path) else: raise Exception( f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry" ) if endpoint.type == "elbv2": listener_arn = elb.get_listener_arn_from_endpoint( endpoint.name, endpoint.port, account_number=account_number, region=region, ) elb.attach_certificate_v2( listener_arn, endpoint.port, [{ "CertificateArn": arn }], account_number=account_number, region=region, ) elif endpoint.type == "elb": elb.attach_certificate( endpoint.name, endpoint.port, arn, account_number=account_number, region=region, )