Adding better error handling around certificate rotation (#562)

2016-12-05 15:12:55 -08:00 · 2016-12-05 15:12:55 -08:00 · e622a49b72
parent 9030aed8a4
commit e622a49b72
3 changed files with 11 additions and 3 deletions
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -372,9 +372,9 @@ class CertificatesUpload(AuthenticatedResource):
           :statuscode 200: no error

        """
+        data['creator'] = g.user
        if data.get('destinations'):
            if data.get('private_key'):
-                data['creator'] = g.user
                return service.upload(**data)
            else:
                raise Exception("Private key must be provided in order to upload certificate to AWS")
--- a/lemur/endpoints/service.py
+++ b/lemur/endpoints/service.py
@ -105,6 +105,7 @@ def rotate_certificate(endpoint, new_cert):
    try:
        endpoint.source.plugin.update_endpoint(endpoint, new_cert)
        endpoint.certificate = new_cert
+        database.update(endpoint)
    except Exception as e:
        metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
        current_app.logger.exception(e)
--- a/lemur/plugins/lemur_aws/elb.py
+++ b/lemur/plugins/lemur_aws/elb.py
@ -21,7 +21,7 @@ def retry_throttled(exception):
    :return:
    """
    if isinstance(exception, botocore.exceptions.ClientError):
-        if 'Throttling' in exception.message:
+        if exception.response['Error']['Code'] == 'LoadBalancerNotFound':
            return True
    return False

@ -104,6 +104,7 @@ def describe_load_balancer_types(policies, **kwargs):


@sts_client('elb')
+@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
 def attach_certificate(name, port, certificate_id, **kwargs):
    """
    Attaches a certificate to a listener, throws exception
@ -113,4 +114,10 @@ def attach_certificate(name, port, certificate_id, **kwargs):
    :param port:
    :param certificate_id:
    """
-    return kwargs['client'].set_load_balancer_listener_ssl_certificate(LoadBalancerName=name, LoadBalancerPort=port, SSLCertificateId=certificate_id)
+    try:
+        return kwargs['client'].set_load_balancer_listener_ssl_certificate(LoadBalancerName=name, LoadBalancerPort=port, SSLCertificateId=certificate_id)
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'LoadBalancerNotFound':
+            current_app.logger.warning("Loadbalancer does not exist.")
+        else:
+            raise e