Merge branch 'master' into ADCS-plugin

lemur/plugins/lemur_acme/dyn.py

@@ -5,7 +5,7 @@ import dns.exception
 import dns.name
 import dns.query
 import dns.resolver
-from dyn.tm.errors import DynectCreateError
+from dyn.tm.errors import DynectCreateError, DynectGetError
 from dyn.tm.session import DynectSession
 from dyn.tm.zones import Node, Zone, get_all_zones
 from flask import current_app
@@ -119,7 +119,11 @@ def delete_txt_record(change_id, account_number, domain, token):
     zone = Zone(zone_name)
     node = Node(zone_name, fqdn)
 
-    all_txt_records = node.get_all_records_by_type('TXT')
+    try:
+        all_txt_records = node.get_all_records_by_type('TXT')
+    except DynectGetError:
+        # No Text Records remain or host is not in the zone anymore because all records have been deleted.
+        return
     for txt_record in all_txt_records:
         if txt_record.txtdata == ("{}".format(token)):
             current_app.logger.debug("Deleting TXT record name: {0}".format(fqdn))

lemur/plugins/lemur_aws/elb.py

@@ -95,7 +95,7 @@ def get_all_elbs_v2(**kwargs):
 
 
 @sts_client('elbv2')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs):
     """
     Get a listener ARN from an endpoint.
@@ -113,7 +113,7 @@ def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs):
 
 
 @sts_client('elb')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def get_elbs(**kwargs):
     """
     Fetches one page elb objects for a given account and region.
@@ -123,7 +123,7 @@ def get_elbs(**kwargs):
 
 
 @sts_client('elbv2')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def get_elbs_v2(**kwargs):
     """
     Fetches one page of elb objects for a given account and region.
@@ -136,7 +136,7 @@ def get_elbs_v2(**kwargs):
 
 
 @sts_client('elbv2')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def describe_listeners_v2(**kwargs):
     """
     Fetches one page of listener objects for a given elb arn.
@@ -149,7 +149,7 @@ def describe_listeners_v2(**kwargs):
 
 
 @sts_client('elb')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def describe_load_balancer_policies(load_balancer_name, policy_names, **kwargs):
     """
     Fetching all policies currently associated with an ELB.
@@ -161,7 +161,7 @@ def describe_load_balancer_policies(load_balancer_name, policy_names, **kwargs):
 
 
 @sts_client('elbv2')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def describe_ssl_policies_v2(policy_names, **kwargs):
     """
     Fetching all policies currently associated with an ELB.
@@ -173,7 +173,7 @@ def describe_ssl_policies_v2(policy_names, **kwargs):
 
 
 @sts_client('elb')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def describe_load_balancer_types(policies, **kwargs):
     """
     Describe the policies with policy details.
@@ -185,7 +185,7 @@ def describe_load_balancer_types(policies, **kwargs):
 
 
 @sts_client('elb')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def attach_certificate(name, port, certificate_id, **kwargs):
     """
     Attaches a certificate to a listener, throws exception
@@ -205,7 +205,7 @@ def attach_certificate(name, port, certificate_id, **kwargs):
 
 
 @sts_client('elbv2')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def attach_certificate_v2(listener_arn, port, certificates, **kwargs):
     """
     Attaches a certificate to a listener, throws exception

lemur/plugins/lemur_aws/iam.py

@@ -52,7 +52,7 @@ def create_arn_from_cert(account_number, region, certificate_name):
 
 
 @sts_client('iam')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=100)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs):
     """
     Upload a certificate to AWS
@@ -95,7 +95,7 @@ def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs):
 
 
 @sts_client('iam')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=100)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def delete_cert(cert_name, **kwargs):
     """
     Delete a certificate from AWS
@@ -112,7 +112,7 @@ def delete_cert(cert_name, **kwargs):
 
 
 @sts_client('iam')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=100)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def get_certificate(name, **kwargs):
     """
     Retrieves an SSL certificate.
@@ -126,7 +126,7 @@ def get_certificate(name, **kwargs):
 
 
 @sts_client('iam')
-@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=100)
+@retry(retry_on_exception=retry_throttled, wait_fixed=2000)
 def get_certificates(**kwargs):
     """
     Fetches one page of certificate objects for a given account.

lemur/plugins/lemur_aws/sts.py

@@ -9,14 +9,22 @@ from functools import wraps
 
 import boto3
 
+from botocore.config import Config
 from flask import current_app
 
 
+config = Config(
+    retries=dict(
+        max_attempts=20
+    )
+)
+
+
 def sts_client(service, service_type='client'):
     def decorator(f):
         @wraps(f)
         def decorated_function(*args, **kwargs):
-            sts = boto3.client('sts')
+            sts = boto3.client('sts', config=config)
             arn = 'arn:aws:iam::{0}:role/{1}'.format(
                 kwargs.pop('account_number'),
                 current_app.config.get('LEMUR_INSTANCE_PROFILE', 'Lemur')
@@ -31,7 +39,8 @@ def sts_client(service, service_type='client'):
                     region_name=kwargs.pop('region', 'us-east-1'),
                     aws_access_key_id=role['Credentials']['AccessKeyId'],
                     aws_secret_access_key=role['Credentials']['SecretAccessKey'],
-                    aws_session_token=role['Credentials']['SessionToken']
+                    aws_session_token=role['Credentials']['SessionToken'],
+                    config=config
                 )
                 kwargs['client'] = client
             elif service_type == 'resource':
@@ -40,7 +49,8 @@ def sts_client(service, service_type='client'):
                     region_name=kwargs.pop('region', 'us-east-1'),
                     aws_access_key_id=role['Credentials']['AccessKeyId'],
                     aws_secret_access_key=role['Credentials']['SecretAccessKey'],
-                    aws_session_token=role['Credentials']['SessionToken']
+                    aws_session_token=role['Credentials']['SessionToken'],
+                    config=config
                 )
                 kwargs['resource'] = resource
             return f(*args, **kwargs)