optimizing the call to describe cert to only the few certs with the naming issue

2019-10-18 09:24:49 -07:00
parent f075c5af3d
commit 8aea257e6a
2 changed files with 35 additions and 29 deletions
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@ -112,8 +112,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
                listener["Listener"]["SSLCertificateId"]
            ),
        )
-        endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
-                                                              account_number=account_number)

        if listener["PolicyNames"]:
            policy = elb.describe_load_balancer_policies(
@ -131,28 +129,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
    return endpoints


-def get_elb_certificate_by_name(certificate_name, account_number):
-    # certificate name may contain path, in which case we remove it
-    if "/" in certificate_name:
-        certificate_name = certificate_name.split('/')[1]
-    try:
-        cert = iam.get_certificate(certificate_name, account_number=account_number)
-        return dict(
-            body=cert["CertificateBody"],
-            chain=cert.get("CertificateChain"),
-            name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
-        )
-    except ClientError:
-        current_app.logger.warning(
-            "get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
-        sentry.captureException()
-        metrics.send(
-            "get_elb_certificate_failed", "counter", 1,
-            metric_tags={"certificate_name": certificate_name, "account_number": account_number}
-        )
-    return None
-
-
 def get_elb_endpoints_v2(account_number, region, elb_dict):
    """
    Retrieves endpoint information from elbv2 response data.
@ -179,8 +155,6 @@ def get_elb_endpoints_v2(account_number, region, elb_dict):
                port=listener["Port"],
                certificate_name=iam.get_name_from_arn(certificate["CertificateArn"]),
            )
-            endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
-                                                                  account_number=account_number)

        if listener["SslPolicy"]:
            policy = elb.describe_ssl_policies_v2(
@ -299,6 +273,28 @@ class AWSSourcePlugin(SourcePlugin):
        account_number = self.get_option("accountNumber", options)
        iam.delete_cert(certificate.name, account_number=account_number)

+    def get_certificate_by_name(self, certificate_name, options):
+        account_number = self.get_option("accountNumber", options)
+        # certificate name may contain path, in which case we remove it
+        if "/" in certificate_name:
+            certificate_name = certificate_name.split('/')[1]
+        try:
+            cert = iam.get_certificate(certificate_name, account_number=account_number)
+            return dict(
+                body=cert["CertificateBody"],
+                chain=cert.get("CertificateChain"),
+                name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
+            )
+        except ClientError:
+            current_app.logger.warning(
+                "get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
+            sentry.captureException()
+            metrics.send(
+                "get_elb_certificate_failed", "counter", 1,
+                metric_tags={"certificate_name": certificate_name, "account_number": account_number}
+            )
+        return None
+

 class AWSDestinationPlugin(DestinationPlugin):
    title = "AWS"