describing the cert for each endpoint, for better cert search

2019-10-18 08:46:01 -07:00 · 2019-10-18 08:46:01 -07:00 · d43e859c34
parent 10b600424e
commit d43e859c34
1 changed files with 28 additions and 0 deletions
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@ -32,7 +32,9 @@
 .. moduleauthor:: Mikhail Khodorovskiy <mikhail.khodorovskiy@jivesoftware.com>
 .. moduleauthor:: Harm Weites <harm@weites.com>
 """
+from acme.errors import ClientError
 from flask import current_app
+from lemur.extensions import sentry, metrics

 from lemur.plugins import lemur_aws as aws
 from lemur.plugins.bases import DestinationPlugin, ExportDestinationPlugin, SourcePlugin
@ -110,6 +112,8 @@ def get_elb_endpoints(account_number, region, elb_dict):
                listener["Listener"]["SSLCertificateId"]
            ),
        )
+        endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
+                                                              account_number=account_number)

        if listener["PolicyNames"]:
            policy = elb.describe_load_balancer_policies(
@ -127,6 +131,28 @@ def get_elb_endpoints(account_number, region, elb_dict):
    return endpoints


+def get_elb_certificate_by_name(certificate_name, account_number):
+    # certificate name may contain path, in which case we remove it
+    if "/" in certificate_name:
+        certificate_name = certificate_name.split('/')[1]
+    try:
+        cert = iam.get_certificate(certificate_name, account_number=account_number)
+        return dict(
+            body=cert["CertificateBody"],
+            chain=cert.get("CertificateChain"),
+            name=cert["ServerCertificateMetadata"]["ServerCertificateName"],
+        )
+    except ClientError:
+        current_app.logger.warning(
+            "get_elb_certificate_failed: Unable to get certificate for {0}".format(certificate_name))
+        sentry.captureException()
+        metrics.send(
+            "get_elb_certificate_failed", "counter", 1,
+            metric_tags={"certificate_name": certificate_name, "account_number": account_number}
+        )
+    return None
+
+
 def get_elb_endpoints_v2(account_number, region, elb_dict):
    """
    Retrieves endpoint information from elbv2 response data.
@ -153,6 +179,8 @@ def get_elb_endpoints_v2(account_number, region, elb_dict):
                port=listener["Port"],
                certificate_name=iam.get_name_from_arn(certificate["CertificateArn"]),
            )
+            endpoint["certificate"] = get_elb_certificate_by_name(certificate_name=endpoint["certificate_name"],
+                                                                  account_number=account_number)

        if listener["SslPolicy"]:
            policy = elb.describe_ssl_policies_v2(