From e622a49b722f856a825a4c3f67e42394f49fbef8 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Mon, 5 Dec 2016 15:12:55 -0800
Subject: [PATCH] Adding better error handling around certificate rotation
 (#562)

---
 lemur/certificates/views.py    |  2 +-
 lemur/endpoints/service.py     |  1 +
 lemur/plugins/lemur_aws/elb.py | 11 +++++++++--
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index d8fd4a8c..0522c718 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -372,9 +372,9 @@ class CertificatesUpload(AuthenticatedResource):
            :statuscode 200: no error
 
         """
+        data['creator'] = g.user
         if data.get('destinations'):
             if data.get('private_key'):
-                data['creator'] = g.user
                 return service.upload(**data)
             else:
                 raise Exception("Private key must be provided in order to upload certificate to AWS")
diff --git a/lemur/endpoints/service.py b/lemur/endpoints/service.py
index 8178a103..86b07e43 100644
--- a/lemur/endpoints/service.py
+++ b/lemur/endpoints/service.py
@@ -105,6 +105,7 @@ def rotate_certificate(endpoint, new_cert):
     try:
         endpoint.source.plugin.update_endpoint(endpoint, new_cert)
         endpoint.certificate = new_cert
+        database.update(endpoint)
     except Exception as e:
         metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
         current_app.logger.exception(e)
diff --git a/lemur/plugins/lemur_aws/elb.py b/lemur/plugins/lemur_aws/elb.py
index c75a8370..8bc1b58f 100644
--- a/lemur/plugins/lemur_aws/elb.py
+++ b/lemur/plugins/lemur_aws/elb.py
@@ -21,7 +21,7 @@ def retry_throttled(exception):
     :return:
     """
     if isinstance(exception, botocore.exceptions.ClientError):
-        if 'Throttling' in exception.message:
+        if exception.response['Error']['Code'] == 'LoadBalancerNotFound':
             return True
     return False
 
@@ -104,6 +104,7 @@ def describe_load_balancer_types(policies, **kwargs):
 
 
 @sts_client('elb')
+@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
 def attach_certificate(name, port, certificate_id, **kwargs):
     """
     Attaches a certificate to a listener, throws exception
@@ -113,4 +114,10 @@ def attach_certificate(name, port, certificate_id, **kwargs):
     :param port:
     :param certificate_id:
     """
-    return kwargs['client'].set_load_balancer_listener_ssl_certificate(LoadBalancerName=name, LoadBalancerPort=port, SSLCertificateId=certificate_id)
+    try:
+        return kwargs['client'].set_load_balancer_listener_ssl_certificate(LoadBalancerName=name, LoadBalancerPort=port, SSLCertificateId=certificate_id)
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'LoadBalancerNotFound':
+            current_app.logger.warning("Loadbalancer does not exist.")
+        else:
+            raise e