Add ability to specify more custom policies for an ELB

This change allows us to construct policies to be attached to an ELB and applied to ports.
ministryofjustice · Nov 11, 2015 · 1656e21 · 1656e21
1 parent 5d62be9
commit 1656e21
Showing 1 changed file with 41 additions and 7 deletions.
diff --git a/bootstrap_cfn/config.py b/bootstrap_cfn/config.py
@@ -596,6 +596,46 @@ def elb(self, template):
                     print "\n\n[ERROR] Missing ELB fields [%s]" % i
                     sys.exit(1)
 
+            # Collect together all policies
+            # Collect together all policies
+            elb_policies = [
+                Policy(
+                    Attributes=[{'Name': "Reference-Security-Policy", 'Value': "ELBSecurityPolicy-2015-05"}],
+                    PolicyType='SSLNegotiationPolicyType',
+                    PolicyName='PinDownSSLNegotiationPolicy201505'
+                )]
+            for custom_policy_config in elb.get('policies', []):
+                custom_policy_name = custom_policy_config.get('name', False)
+                custom_policy_type = custom_policy_config.get('type', False)
+                custom_policy_instance_ports = custom_policy_config.get('instance_ports', [])
+                custom_policy_load_balancer_ports = custom_policy_config.get('load_balancer_ports', [])
+
+                if not custom_policy_name:
+                    logging.critical("config::elb: Load balancer policy must have a name defined")
+                    sys.exit(1)
+                if not custom_policy_type:
+                    logging.critical("config::elb: Load balancer policy {} must have a type defined".format(custom_policy_name))
+                    sys.exit(1)
+
+                custom_policy_attributes = []
+                for custom_policy_attribute_config in custom_policy_config.get('attributes', []):
+                    for custom_policy_attribute_key, custom_policy_attribute_val in custom_policy_attribute_config.iteritems():
+                        custom_policy_attributes_entry = {
+                            'Name': custom_policy_attribute_key,
+                            'Value': custom_policy_attribute_val
+                        }
+                        custom_policy_attributes.append(custom_policy_attributes_entry)
+
+                elb_policies.append(
+                    Policy(
+                        Attributes=custom_policy_attributes,
+                        PolicyType=custom_policy_type,
+                        PolicyName=custom_policy_name,
+                        InstancePorts=custom_policy_instance_ports,
+                        LoadBalancerPorts=custom_policy_load_balancer_ports
+                    )
+                )
+
             load_balancer = LoadBalancer(
                 "ELB" + safe_name,
                 Subnets=[Ref("SubnetA"), Ref("SubnetB"), Ref("SubnetC")],
@@ -605,13 +645,7 @@ def elb(self, template):
                     Enabled=True,
                     Timeout=120,
                 ),
-                Policies=[
-                    Policy(
-                        Attributes=[{'Name': "Reference-Security-Policy", 'Value': "ELBSecurityPolicy-2015-05"}],
-                        PolicyType='SSLNegotiationPolicyType',
-                        PolicyName='PinDownSSLNegotiationPolicy201505'
-                    )
-                ]
+                Policies=elb_policies
             )
             if "health_check" in elb:
                 load_balancer.HealthCheck = HealthCheck(**elb['health_check'])