From 380203eb533b7d654513e914521e2a39c765cbf6 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Thu, 18 May 2017 13:49:17 -0700
Subject: [PATCH] Adding the ability to upload to cloudfront via the 'path'
 parameter. Cloudfront destinations must be created separately. (#805)

Closes #277
---
 lemur/plugins/lemur_aws/iam.py    | 5 ++++-
 lemur/plugins/lemur_aws/plugin.py | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_aws/iam.py b/lemur/plugins/lemur_aws/iam.py
index 680e64c0..6981b787 100644
--- a/lemur/plugins/lemur_aws/iam.py
+++ b/lemur/plugins/lemur_aws/iam.py
@@ -53,7 +53,7 @@ def create_arn_from_cert(account_number, region, certificate_name):
 
 @sts_client('iam')
 @retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=100)
-def upload_cert(name, body, private_key, cert_chain=None, **kwargs):
+def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs):
     """
     Upload a certificate to AWS
 
@@ -61,12 +61,14 @@ def upload_cert(name, body, private_key, cert_chain=None, **kwargs):
     :param body:
     :param private_key:
     :param cert_chain:
+    :param path:
     :return:
     """
     client = kwargs.pop('client')
     try:
         if cert_chain:
             return client.upload_server_certificate(
+                Path=path,
                 ServerCertificateName=name,
                 CertificateBody=str(body),
                 PrivateKey=str(private_key),
@@ -74,6 +76,7 @@ def upload_cert(name, body, private_key, cert_chain=None, **kwargs):
             )
         else:
             return client.upload_server_certificate(
+                Path=path,
                 ServerCertificateName=name,
                 CertificateBody=str(body),
                 PrivateKey=str(private_key)
diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py
index 26aeae19..18a24996 100644
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@@ -161,6 +161,12 @@ class AWSDestinationPlugin(DestinationPlugin):
             'required': True,
             'validation': '/^[0-9]{12,12}$/',
             'helpMessage': 'Must be a valid AWS account number!',
+        },
+        {
+            'name': 'path',
+            'type': 'str',
+            'default': '/',
+            'helpMessage': 'Path to upload certificate.'
         }
     ]
 
@@ -172,6 +178,7 @@ class AWSDestinationPlugin(DestinationPlugin):
 
     def upload(self, name, body, private_key, cert_chain, options, **kwargs):
         iam.upload_cert(name, body, private_key,
+                        self.get_option('path', options),
                         cert_chain=cert_chain,
                         account_number=self.get_option('accountNumber', options))