This repository has been archived by the owner on Jan 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Created a fab task to update certificates on a stack. Checks are carried out to see if the current local and remote certificates are the same, if not the certificates are uploaded and and load balancers with certificates in the stack will be updated fab_tasks: - Create a fab task update_certs to update the ssl certificates from the config - Small delay between updating certificates on instances and load balancer to avoid setting the load balancer cert when ARN is available but the certificate is not properly registered iam: - Added getting an arn from a certificate name to the IAM class. - Simplify getting an arn for certs using boto get_server_certificate - Handle exceptions when trying to delete/upload a certificate elb: - Create an ELB class to handle interaction with the stacks load balancers. - Throw an exception if we try to set certs on elbs when none are defined in the config cloudformation: - Added utility method to get a list of load balancers for the stack test_iam: - Added test cases to cover noew iam things
- Loading branch information
Niall Creech
committed
Apr 17, 2015
1 parent
e4e41a2
commit 54f1243
Showing
6 changed files
with
722 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
import sys | ||
import logging | ||
import boto.ec2.elb | ||
from bootstrap_cfn import cloudformation | ||
from bootstrap_cfn import iam | ||
from bootstrap_cfn import utils | ||
from bootstrap_cfn.errors import CloudResourceNotFoundError | ||
|
||
|
||
class ELB: | ||
|
||
cfn = None | ||
iam = None | ||
aws_region_name = None | ||
aws_profile_name = None | ||
|
||
def __init__(self, aws_profile_name, aws_region_name='eu-west-1'): | ||
self.aws_profile_name = aws_profile_name | ||
self.aws_region_name = aws_region_name | ||
|
||
self.conn_elb = utils.connect_to_aws(boto.ec2.elb, self) | ||
|
||
self.iam = iam.IAM(aws_profile_name, aws_region_name) | ||
self.cfn = cloudformation.Cloudformation( | ||
aws_profile_name, aws_region_name | ||
) | ||
|
||
def set_ssl_certificates(self, ssl_config, stack_name): | ||
""" | ||
Look for SSL listeners on all the load balancers connected to | ||
this stack, then set update the certificate to that of the config | ||
Args: | ||
ssl_config (dictionary): Certification names to corresponding data | ||
stack_name (string): Name of the stack | ||
Raises: | ||
CloudResourceNotFoundError: Raised when the load balancer key in the cloud | ||
config is not found | ||
""" | ||
for cert_name in ssl_config.keys(): | ||
# Get the cert id and also its arn | ||
cert_id = "{0}-{1}".format(cert_name, stack_name) | ||
cert_arn = self.iam.get_arn_for_cert(cert_id) | ||
|
||
# Get all stack load balancers | ||
load_balancer_resources = self.cfn.get_stack_load_balancers(stack_name) | ||
found_load_balancer_names = [lb.physical_resource_id for lb in load_balancer_resources] | ||
# Use load balancer names to filter gettingload balancer details | ||
if len(found_load_balancer_names) > 0: | ||
load_balancers = self.conn_elb.get_all_load_balancers(load_balancer_names=found_load_balancer_names) | ||
|
||
# Look for https listeners on load balancers and update the cert | ||
# using the arn | ||
if len(load_balancers) > 0: | ||
for load_balancer in load_balancers: | ||
for listener in load_balancer.listeners: | ||
# Get protocol, if https, update cert | ||
# in_port = listener[0] | ||
out_port = listener[1] | ||
protocol = listener[2] | ||
# If the protocol is HTTPS then set the cert on the listener | ||
if protocol == "HTTPS": | ||
logging.info("ELB::set_ssl_certificates: " | ||
"Found HTTPS protocol on '%s', " | ||
"updating SSL certificate with '%s'" | ||
% (load_balancer.name, cert_arn)) | ||
self.conn_elb.set_lb_listener_SSL_certificate(load_balancer.name, | ||
out_port, | ||
cert_arn | ||
) | ||
else: | ||
# Throw key error. There being no load balancers to update is not | ||
# necessarily a problem but since the caller expected there to be let | ||
# it handle this situation | ||
raise CloudResourceNotFoundError("ELB::set_ssl_certificates: " | ||
"No load balancers found in stack,") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.