From 34c7e5230bfe32a84a5292433647f0a6d1a3d861 Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Tue, 21 May 2019 12:52:41 -0700 Subject: [PATCH 1/2] Set a limit on number of retries --- lemur/plugins/lemur_aws/iam.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lemur/plugins/lemur_aws/iam.py b/lemur/plugins/lemur_aws/iam.py index 5a6b753d..39d1c714 100644 --- a/lemur/plugins/lemur_aws/iam.py +++ b/lemur/plugins/lemur_aws/iam.py @@ -24,7 +24,7 @@ def retry_throttled(exception): if exception.response["Error"]["Code"] == "NoSuchEntity": return False - metrics.send("iam_retry", "counter", 1) + metrics.send("iam_retry", "counter", 1, metric_tags={"exception": str(exception)}) return True @@ -52,7 +52,7 @@ def create_arn_from_cert(account_number, region, certificate_name): @sts_client("iam") -@retry(retry_on_exception=retry_throttled, wait_fixed=2000) +@retry(retry_on_exception=retry_throttled, wait_fixed=2000, stop_max_attempt_number=25) def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs): """ Upload a certificate to AWS @@ -94,7 +94,7 @@ def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs): @sts_client("iam") -@retry(retry_on_exception=retry_throttled, wait_fixed=2000) +@retry(retry_on_exception=retry_throttled, wait_fixed=2000, stop_max_attempt_number=25) def delete_cert(cert_name, **kwargs): """ Delete a certificate from AWS @@ -111,7 +111,7 @@ def delete_cert(cert_name, **kwargs): @sts_client("iam") -@retry(retry_on_exception=retry_throttled, wait_fixed=2000) +@retry(retry_on_exception=retry_throttled, wait_fixed=2000, stop_max_attempt_number=25) def get_certificate(name, **kwargs): """ Retrieves an SSL certificate. @@ -125,7 +125,7 @@ def get_certificate(name, **kwargs): @sts_client("iam") -@retry(retry_on_exception=retry_throttled, wait_fixed=2000) +@retry(retry_on_exception=retry_throttled, wait_fixed=2000, stop_max_attempt_number=25) def get_certificates(**kwargs): """ Fetches one page of certificate objects for a given account. From 1423ac0d9803a97f6d1a7386e2a533c7ca631434 Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Tue, 21 May 2019 12:55:33 -0700 Subject: [PATCH 2/2] More metrics --- lemur/plugins/lemur_aws/iam.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lemur/plugins/lemur_aws/iam.py b/lemur/plugins/lemur_aws/iam.py index 39d1c714..67c35262 100644 --- a/lemur/plugins/lemur_aws/iam.py +++ b/lemur/plugins/lemur_aws/iam.py @@ -72,6 +72,7 @@ def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs): else: name = name + "-" + path.strip("/") + metrics.send("upload_cert", "counter", 1, metric_tags={"name": name, "path": path}) try: if cert_chain: return client.upload_server_certificate( @@ -103,6 +104,7 @@ def delete_cert(cert_name, **kwargs): :return: """ client = kwargs.pop("client") + metrics.send("delete_cert", "counter", 1, metric_tags={"cert_name": cert_name}) try: client.delete_server_certificate(ServerCertificateName=cert_name) except botocore.exceptions.ClientError as e: @@ -119,6 +121,7 @@ def get_certificate(name, **kwargs): :return: """ client = kwargs.pop("client") + metrics.send("get_certificate", "counter", 1, metric_tags={"name": name}) return client.get_server_certificate(ServerCertificateName=name)[ "ServerCertificate" ] @@ -133,6 +136,7 @@ def get_certificates(**kwargs): :return: """ client = kwargs.pop("client") + metrics.send("get_certificates", "counter", 1) return client.list_server_certificates(**kwargs) @@ -142,6 +146,12 @@ def get_all_certificates(**kwargs): """ certificates = [] account_number = kwargs.get("account_number") + metrics.send( + "get_all_certificates", + "counter", + 1, + metric_tags={"account_number": account_number}, + ) while True: response = get_certificates(**kwargs)