optimizing the call to describe cert to only the few certs with the naming issue
This commit is contained in:
parent
f075c5af3d
commit
8aea257e6a
@ -112,8 +112,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
|
||||
listener["Listener"]["SSLCertificateId"]
|
||||
),
|
||||
)
|
||||
endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
|
||||
account_number=account_number)
|
||||
|
||||
if listener["PolicyNames"]:
|
||||
policy = elb.describe_load_balancer_policies(
|
||||
@ -131,28 +129,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
|
||||
return endpoints
|
||||
|
||||
|
||||
def get_elb_certificate_by_name(certificate_name, account_number):
|
||||
# certificate name may contain path, in which case we remove it
|
||||
if "/" in certificate_name:
|
||||
certificate_name = certificate_name.split('/')[1]
|
||||
try:
|
||||
cert = iam.get_certificate(certificate_name, account_number=account_number)
|
||||
return dict(
|
||||
body=cert["CertificateBody"],
|
||||
chain=cert.get("CertificateChain"),
|
||||
name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
|
||||
)
|
||||
except ClientError:
|
||||
current_app.logger.warning(
|
||||
"get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
|
||||
sentry.captureException()
|
||||
metrics.send(
|
||||
"get_elb_certificate_failed", "counter", 1,
|
||||
metric_tags={"certificate_name": certificate_name, "account_number": account_number}
|
||||
)
|
||||
return None
|
||||
|
||||
|
||||
def get_elb_endpoints_v2(account_number, region, elb_dict):
|
||||
"""
|
||||
Retrieves endpoint information from elbv2 response data.
|
||||
@ -179,8 +155,6 @@ def get_elb_endpoints_v2(account_number, region, elb_dict):
|
||||
port=listener["Port"],
|
||||
certificate_name=iam.get_name_from_arn(certificate["CertificateArn"]),
|
||||
)
|
||||
endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
|
||||
account_number=account_number)
|
||||
|
||||
if listener["SslPolicy"]:
|
||||
policy = elb.describe_ssl_policies_v2(
|
||||
@ -299,6 +273,28 @@ class AWSSourcePlugin(SourcePlugin):
|
||||
account_number = self.get_option("accountNumber", options)
|
||||
iam.delete_cert(certificate.name, account_number=account_number)
|
||||
|
||||
def get_certificate_by_name(self, certificate_name, options):
|
||||
account_number = self.get_option("accountNumber", options)
|
||||
# certificate name may contain path, in which case we remove it
|
||||
if "/" in certificate_name:
|
||||
certificate_name = certificate_name.split('/')[1]
|
||||
try:
|
||||
cert = iam.get_certificate(certificate_name, account_number=account_number)
|
||||
return dict(
|
||||
body=cert["CertificateBody"],
|
||||
chain=cert.get("CertificateChain"),
|
||||
name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
|
||||
)
|
||||
except ClientError:
|
||||
current_app.logger.warning(
|
||||
"get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
|
||||
sentry.captureException()
|
||||
metrics.send(
|
||||
"get_elb_certificate_failed", "counter", 1,
|
||||
metric_tags={"certificate_name": certificate_name, "account_number": account_number}
|
||||
)
|
||||
return None
|
||||
|
||||
|
||||
class AWSDestinationPlugin(DestinationPlugin):
|
||||
title = "AWS"
|
||||
|
@ -15,7 +15,7 @@ from lemur.sources.models import Source
|
||||
from lemur.certificates.models import Certificate
|
||||
from lemur.certificates import service as certificate_service
|
||||
from lemur.endpoints import service as endpoint_service
|
||||
from lemur.extensions import metrics
|
||||
from lemur.extensions import metrics, sentry
|
||||
from lemur.destinations import service as destination_service
|
||||
|
||||
from lemur.certificates.schemas import CertificateUploadInputSchema
|
||||
@ -92,7 +92,18 @@ def sync_endpoints(source):
|
||||
# if get cert by name failed, we attempt a search via serial number and hash comparison
|
||||
# and link the endpoint certificate to Lemur certificate
|
||||
if not endpoint["certificate"]:
|
||||
certificate_attached_to_endpoint = endpoint.pop("certificate")
|
||||
certificate_attached_to_endpoint = None
|
||||
try:
|
||||
certificate_attached_to_endpoint = s.get_certificate_by_name(certificate_name, source.options)
|
||||
except NotImplementedError:
|
||||
current_app.logger.warning(
|
||||
"Unable to describe server certificate for endpoints in source {0}:"
|
||||
" plugin has not implemented 'get_certificate_by_name'".format(
|
||||
source.label
|
||||
)
|
||||
)
|
||||
sentry.captureException()
|
||||
|
||||
if certificate_attached_to_endpoint:
|
||||
lemur_matching_cert, updated_by_hash_tmp = find_cert(certificate_attached_to_endpoint)
|
||||
updated_by_hash += updated_by_hash_tmp
|
||||
@ -111,7 +122,6 @@ def sync_endpoints(source):
|
||||
metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
|
||||
"acct": s.get_option("accountNumber", source.options)})
|
||||
|
||||
# this indicates the we were not able to describe the endpoint cert
|
||||
if not endpoint["certificate"]:
|
||||
current_app.logger.error(
|
||||
"Certificate Not Found. Name: {0} Endpoint: {1}".format(
|
||||
|
Loading…
Reference in New Issue
Block a user