From 697215f8bc47433c27dcd1b371aac5e19057088f Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Sat, 21 Mar 2020 20:05:35 -0700 Subject: [PATCH] better handling of destination plugin errors, and also checking cert expiration before upload --- lemur/certificates/models.py | 3 +++ lemur/plugins/lemur_aws/plugin.py | 19 +++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py index 0a76cd6b..2ca88b00 100644 --- a/lemur/certificates/models.py +++ b/lemur/certificates/models.py @@ -445,6 +445,9 @@ def update_destinations(target, value, initiator): """ destination_plugin = plugins.get(value.plugin_name) status = FAILURE_METRIC_STATUS + + if target.expired: + return try: if target.private_key or not destination_plugin.requires_key: destination_plugin.upload( diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py index 6669f641..7bb7a3a2 100644 --- a/lemur/plugins/lemur_aws/plugin.py +++ b/lemur/plugins/lemur_aws/plugin.py @@ -325,14 +325,17 @@ class AWSDestinationPlugin(DestinationPlugin): ] def upload(self, name, body, private_key, cert_chain, options, **kwargs): - iam.upload_cert( - name, - body, - private_key, - self.get_option("path", options), - cert_chain=cert_chain, - account_number=self.get_option("accountNumber", options), - ) + try: + iam.upload_cert( + name, + body, + private_key, + self.get_option("path", options), + cert_chain=cert_chain, + account_number=self.get_option("accountNumber", options), + ) + except ClientError: + sentry.captureException() def deploy(self, elb_name, account, region, certificate): pass