Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries

lemur/plugins/lemur_acme/dyn.py

@@ -64,11 +64,10 @@ def wait_for_dns_change(change_id, account_number=None):
         metrics.send('wait_for_dns_change_fail', 'counter', 1)
         sentry.captureException(
             extra={
-                "fqdn": fqdn, "txt_record": token}
+                "fqdn": str(fqdn), "txt_record": str(token)}
         )
         metrics.send('wait_for_dns_change_error', 'counter', 1,
                      metric_tags={'fqdn': fqdn, 'txt_record': token})
-        raise Exception("Unable to query DNS token for fqdn {}.".format(fqdn))
     return
 
 
@@ -155,8 +154,8 @@ def delete_txt_record(change_id, account_number, domain, token):
             except DynectDeleteError:
                 sentry.captureException(
                     extra={
-                        "fqdn": fqdn, "zone_name": zone_name, "node_name": node_name,
-                        "txt_record": txt_record.txtdata}
+                        "fqdn": str(fqdn), "zone_name": str(zone_name), "node_name": str(node_name),
+                        "txt_record": str(txt_record.txtdata)}
                 )
                 metrics.send('delete_txt_record_deleteerror', 'counter', 1,
                              metric_tags={'fqdn': fqdn, 'txt_record': txt_record.txtdata})
@@ -166,11 +165,11 @@ def delete_txt_record(change_id, account_number, domain, token):
     except DynectUpdateError:
         sentry.captureException(
             extra={
-                "fqdn": fqdn, "zone_name": zone_name, "node_name": node_name,
-                "txt_record": txt_record.txtdata}
+                "fqdn": str(fqdn), "zone_name": str(zone_name), "node_name": str(node_name),
+                "txt_record": str(txt_record.txtdata)}
         )
         metrics.send('delete_txt_record_publish_error', 'counter', 1,
-                     metric_tags={'fqdn': fqdn, 'txt_record': txt_record.txtdata})
+                     metric_tags={'fqdn': str(fqdn), 'txt_record': str(txt_record.txtdata)})
 
 
 def delete_acme_txt_records(domain):
@@ -201,8 +200,8 @@ def delete_acme_txt_records(domain):
         except DynectDeleteError:
             sentry.captureException(
                 extra={
-                    "fqdn": fqdn, "zone_name": zone_name, "node_name": node_name,
-                    "txt_record": txt_record.txtdata}
+                    "fqdn": str(fqdn), "zone_name": str(zone_name), "node_name": str(node_name),
+                    "txt_record": str(txt_record.txtdata)}
             )
             metrics.send('delete_txt_record_deleteerror', 'counter', 1,
                          metric_tags={'fqdn': fqdn, 'txt_record': txt_record.txtdata})

lemur/plugins/lemur_acme/plugin.py

@@ -102,49 +102,33 @@ class AcmeHandler(object):
             metrics.send('complete_dns_challenge_error_no_dnsproviders', 'counter', 1)
             raise Exception("No DNS providers found for domain: {}".format(authz_record.host))
 
-        for dns_provider in dns_providers:
-            # Grab account number (For Route53)
-            dns_provider_options = json.loads(dns_provider.credentials)
-            account_number = dns_provider_options.get("account_id")
-            dns_provider_plugin = self.get_dns_provider(dns_provider.provider_type)
-            for change_id in authz_record.change_id:
-                try:
-                    dns_provider_plugin.wait_for_dns_change(change_id, account_number=account_number)
-                except Exception:
-                    metrics.send('complete_dns_challenge_error', 'counter', 1)
-                    sentry.captureException()
-                    current_app.logger.debug(
-                        f"Unable to resolve DNS challenge for change_id: {change_id}, account_id: "
-                        f"{account_number}", exc_info=True)
-                    raise
+        for dns_challenge in authz_record.dns_challenge:
+            response = dns_challenge.response(acme_client.client.net.key)
 
-            for dns_challenge in authz_record.dns_challenge:
-                response = dns_challenge.response(acme_client.client.net.key)
+            verified = response.simple_verify(
+                dns_challenge.chall,
+                authz_record.host,
+                acme_client.client.net.key.public_key()
+            )
 
-                verified = response.simple_verify(
-                    dns_challenge.chall,
-                    authz_record.host,
-                    acme_client.client.net.key.public_key()
-                )
+            if not verified:
+                metrics.send('complete_dns_challenge_verification_error', 'counter', 1)
+                raise ValueError("Failed verification")
 
-                if not verified:
-                    metrics.send('complete_dns_challenge_verification_error', 'counter', 1)
-                    raise ValueError("Failed verification")
-
-                time.sleep(5)
-                acme_client.answer_challenge(dns_challenge, response)
+            time.sleep(5)
+            acme_client.answer_challenge(dns_challenge, response)
 
     def request_certificate(self, acme_client, authorizations, order):
         for authorization in authorizations:
             for authz in authorization.authz:
                 authorization_resource, _ = acme_client.poll(authz)
 
-        deadline = datetime.datetime.now() + datetime.timedelta(seconds=90)
+        deadline = datetime.datetime.now() + datetime.timedelta(seconds=360)
 
         try:
             orderr = acme_client.poll_and_finalize(order, deadline)
         except AcmeError:
-            sentry.captureException(extra={"order_url": order.uri})
+            sentry.captureException(extra={"order_url": str(order.uri)})
             metrics.send('request_certificate_error', 'counter', 1)
             current_app.logger.error(f"Unable to resolve Acme order: {order.uri}", exc_info=True)
             raise