From 54c3fcc72ad4bae33d3ce74e1c15ce6b191fdcb6 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Thu, 17 Dec 2015 23:17:27 -0500 Subject: [PATCH 1/2] Adding rotate command --- lemur/manage.py | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/lemur/manage.py b/lemur/manage.py index 69b23c00..26aac3df 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -503,11 +503,34 @@ def unicode_(data): return data +class RotateELBs(Command): + """ + Rotates existing certificates to a new one on an ELB + """ + option_list = ( + Option('-c', '--cert-name', dest='cert_name', required=True), + Option('-a', '--account-id', dest='account_id', required=True), + Option('-e', '--elb-list', dest='elb_list', required=True) + ) + + def run(self, cert_name, account_id, elb_list): + from lemur.plugins.lemur_aws import elb + arn = "arn:aws:iam::{0}:server-certificate/{1}".format(account_id, cert_name) + + for e in open(elb_list, 'r').readlines(): + for region in elb.get_all_regions(): + if str(region) in e: + name = "-".join(e.split('.')[0].split('-')[:-1]) + if name.startswith("internal"): + name = "-".join(name.split("-")[1:]) + elb.update_listeners(account_id, str(region), name, [(443, 7001, 'https', arn)], [443]) + print "updated {0} to use {1} on 443".format(name, cert_name) + + class ProvisionELB(Command): """ Creates and provisions a certificate on an ELB based on command line arguments """ - option_list = ( Option('-d', '--dns', dest='dns', action='append', required=True, type=unicode_), Option('-e', '--elb', dest='elb_name', required=True, type=unicode_), @@ -746,6 +769,7 @@ def main(): manager.add_command("create_user", CreateUser()) manager.add_command("create_role", CreateRole()) manager.add_command("provision_elb", ProvisionELB()) + manager.add_command("rotate_elbs", RotateELBs()) manager.run() if __name__ == "__main__": From 6211b126a99232e2b08afa3e19ba21fda696138a Mon Sep 17 00:00:00 2001 From: kevgliss Date: Fri, 18 Dec 2015 11:01:08 -0500 Subject: [PATCH 2/2] Fixing py3 syntax error --- lemur/manage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemur/manage.py b/lemur/manage.py index 26aac3df..fcf4261c 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -524,7 +524,7 @@ class RotateELBs(Command): if name.startswith("internal"): name = "-".join(name.split("-")[1:]) elb.update_listeners(account_id, str(region), name, [(443, 7001, 'https', arn)], [443]) - print "updated {0} to use {1} on 443".format(name, cert_name) + sys.out.write("[+] Updated {0} to use {1} on 443\n".format(name, cert_name)) class ProvisionELB(Command):