Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appservice: support binding wildcard certificates #2625

Merged
merged 4 commits into from Mar 27, 2017
Merged

appservice: support binding wildcard certificates #2625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7e40d5a
appserviec: apply wildcard hostname matching on cert binding
yugangw-msft Mar 24, 2017
d17c16f
add unit test
yugangw-msft Mar 24, 2017
28cf04c
fix test flakiness
yugangw-msft Mar 24, 2017
7ba3d84
fix a test flkiness
yugangw-msft Mar 24, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
53 changes: 34 additions & 19 deletions src/command_modules/azure-cli-appservice/azure/cli/command_modules/appservice/custom.py
View file
Open in desktop
Expand Up @@ -855,19 +855,13 @@ def list_ssl_certs(resource_group_name):
return client.certificates.list_by_resource_group(resource_group_name)


def delete_ssl_cert(resource_group_name, name, certificate_thumbprint):
def delete_ssl_cert(resource_group_name, certificate_thumbprint):
client = web_client_factory()
error_str_1 = "Certificate for thumbprint '{}' found, but not for webapp '{}'"
error_str_2 = "Certificate for thumbprint '{}' not found"
webapp_certs = client.certificates.list_by_resource_group(resource_group_name)
for webapp_cert in webapp_certs:
if webapp_cert.thumbprint == certificate_thumbprint:
for hostname in webapp_cert.host_names:
if name in hostname:
return client.certificates.delete(resource_group_name,
webapp_cert.name)
raise CLIError(error_str_1.format(certificate_thumbprint, name))
raise CLIError(error_str_2.format(certificate_thumbprint))
return client.certificates.delete(resource_group_name, webapp_cert.name)
raise CLIError("Certificate for thumbprint '{}' not found".format(certificate_thumbprint))


def _update_host_name_ssl_state(resource_group_name, webapp_name, location,
Expand All @@ -884,25 +878,46 @@ def _update_host_name_ssl_state(resource_group_name, webapp_name, location,

def _update_ssl_binding(resource_group_name, name, certificate_thumbprint, ssl_type, slot=None):
client = web_client_factory()
webapp = _generic_site_operation(resource_group_name, name, 'get')
webapp = client.web_apps.get(resource_group_name, name)
webapp_certs = client.certificates.list_by_resource_group(resource_group_name)
for webapp_cert in webapp_certs:
if webapp_cert.thumbprint == certificate_thumbprint:
return _update_host_name_ssl_state(resource_group_name, name, webapp.location,
webapp_cert.host_names[0], ssl_type,
certificate_thumbprint, slot)
if len(webapp_cert.host_names) == 1 and not webapp_cert.host_names[0].startswith('*'):
return _update_host_name_ssl_state(resource_group_name, name, webapp.location,
webapp_cert.host_names[0], ssl_type,
certificate_thumbprint, slot)
else:
query_result = list_hostnames(resource_group_name, name, slot)
hostnames_in_webapp = [x.name.split('/')[-1] for x in query_result]
to_update = _match_host_names_from_cert(webapp_cert.host_names, hostnames_in_webapp)
for h in to_update:
_update_host_name_ssl_state(resource_group_name, name, webapp.location,
h, ssl_type, certificate_thumbprint, slot)

return show_webapp(resource_group_name, name, slot)

raise CLIError("Certificate for thumbprint '{}' not found.".format(certificate_thumbprint))


def bind_ssl_cert(resource_group_name, name, certificate_thumbprint, ssl_type, slot=None):
if ssl_type == 'SNI':
return _update_ssl_binding(resource_group_name, name,
certificate_thumbprint, SslState.sni_enabled, slot)
else:
return _update_ssl_binding(resource_group_name, name,
certificate_thumbprint, SslState.ip_based_enabled, slot)
return _update_ssl_binding(
resource_group_name, name, certificate_thumbprint,
SslState.sni_enabled if ssl_type == 'SNI' else SslState.ip_based_enabled, slot)


def unbind_ssl_cert(resource_group_name, name, certificate_thumbprint, slot=None):
return _update_ssl_binding(resource_group_name, name,
certificate_thumbprint, SslState.disabled, slot)


def _match_host_names_from_cert(hostnames_from_cert, hostnames_in_webapp):
# the goal is to match '*.foo.com' with host name like 'admin.foo.com', 'logs.foo.com', etc
matched = set()
for hostname in hostnames_from_cert:
if hostname.startswith('*'):
for h in hostnames_in_webapp:
if hostname[hostname.find('.'):] == h[h.find('.'):]:
matched.add(h)
elif hostname in hostnames_in_webapp:
matched.add(hostname)
return matched