optimizing the call to describe cert to only the few certs with the naming issue

2019-10-18 09:24:49 -07:00 · 2019-10-18 09:24:49 -07:00 · 8aea257e6a
parent f075c5af3d
commit 8aea257e6a
2 changed files with 35 additions and 29 deletions
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@ -112,8 +112,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
                listener["Listener"]["SSLCertificateId"]
            ),
        )
        endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
                                                              account_number=account_number)
        if listener["PolicyNames"]:
            policy = elb.describe_load_balancer_policies(
@ -131,28 +129,6 @@ def get_elb_endpoints(account_number, region, elb_dict):
    return endpoints
 def get_elb_certificate_by_name(certificate_name, account_number):
    # certificate name may contain path, in which case we remove it
    if "/" in certificate_name:
        certificate_name = certificate_name.split('/')[1]
    try:
        cert = iam.get_certificate(certificate_name, account_number=account_number)
        return dict(
            body=cert["CertificateBody"],
            chain=cert.get("CertificateChain"),
            name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
        )
    except ClientError:
        current_app.logger.warning(
            "get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
        sentry.captureException()
        metrics.send(
            "get_elb_certificate_failed", "counter", 1,
            metric_tags={"certificate_name": certificate_name, "account_number": account_number}
        )
    return None
 def get_elb_endpoints_v2(account_number, region, elb_dict):
    """
    Retrieves endpoint information from elbv2 response data.
@ -179,8 +155,6 @@ def get_elb_endpoints_v2(account_number, region, elb_dict):
                port=listener["Port"],
                certificate_name=iam.get_name_from_arn(certificate["CertificateArn"]),
            )
            endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
                                                                  account_number=account_number)
        if listener["SslPolicy"]:
            policy = elb.describe_ssl_policies_v2(
@ -299,6 +273,28 @@ class AWSSourcePlugin(SourcePlugin):
        account_number = self.get_option("accountNumber", options)
        iam.delete_cert(certificate.name, account_number=account_number)
    def get_certificate_by_name(self, certificate_name, options):
        account_number = self.get_option("accountNumber", options)
        # certificate name may contain path, in which case we remove it
        if "/" in certificate_name:
            certificate_name = certificate_name.split('/')[1]
        try:
            cert = iam.get_certificate(certificate_name, account_number=account_number)
            return dict(
                body=cert["CertificateBody"],
                chain=cert.get("CertificateChain"),
                name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
            )
        except ClientError:
            current_app.logger.warning(
                "get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
            sentry.captureException()
            metrics.send(
                "get_elb_certificate_failed", "counter", 1,
                metric_tags={"certificate_name": certificate_name, "account_number": account_number}
            )
        return None
 class AWSDestinationPlugin(DestinationPlugin):
    title = "AWS"
--- a/lemur/sources/service.py
+++ b/lemur/sources/service.py
@ -15,7 +15,7 @@ from lemur.sources.models import Source
 from lemur.certificates.models import Certificate
 from lemur.certificates import service as certificate_service
 from lemur.endpoints import service as endpoint_service
-from lemur.extensions import metrics
+from lemur.extensions import metrics, sentry
 from lemur.destinations import service as destination_service
 from lemur.certificates.schemas import CertificateUploadInputSchema
@ -92,7 +92,18 @@ def sync_endpoints(source):
        # if get cert by name failed, we attempt a search via serial number and hash comparison
        # and link the endpoint certificate to Lemur certificate
        if not endpoint["certificate"]:
-            certificate_attached_to_endpoint = endpoint.pop("certificate")
+            certificate_attached_to_endpoint = None
            try:
                certificate_attached_to_endpoint = s.get_certificate_by_name(certificate_name, source.options)
            except NotImplementedError:
                current_app.logger.warning(
                    "Unable to describe server certificate for endpoints in source {0}:"
                    " plugin has not implemented 'get_certificate_by_name'".format(
                        source.label
                    )
                )
                sentry.captureException()
            if certificate_attached_to_endpoint:
                lemur_matching_cert, updated_by_hash_tmp = find_cert(certificate_attached_to_endpoint)
                updated_by_hash += updated_by_hash_tmp
@ -111,7 +122,6 @@ def sync_endpoints(source):
                                 metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
                                              "acct": s.get_option("accountNumber", source.options)})
        # this indicates the we were not able to describe the endpoint cert
        if not endpoint["certificate"]:
            current_app.logger.error(
                "Certificate Not Found. Name: {0} Endpoint: {1}".format(