-
Notifications
You must be signed in to change notification settings - Fork 9
Conversation
# necessarily a problem | ||
logging.info("ELB::set_ssl_certificates: " | ||
"No load balancers found in stack, " | ||
"no certificate updates needed") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably be a warning or an error - the user has requested something to be updated that couldn't be. This also means we should likely return a non-0 exit code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was going to throw an exception here to allow the caller to deal with there being no elbs or ignoring, exiting seems a little strict?
Can you also rebase this into a small number of commits? In this case probably just 1. |
5eab969
to
1ee7124
Compare
@niallcreech Travis is reporting that the tests are failing
Did you change the API here perhaps? |
Yep, I'm on it. its not the API, delete checks to see if the cert exists. I'm setting up the test to mock the call to list_server_certs. |
1ee7124
to
a15ee7f
Compare
Now expanding tests to cover update_certs fab_task |
3f096af
to
9e63a10
Compare
Need to fill out the test cases then hopefully done |
9e63a10
to
d604429
Compare
Added more test cases, hopefully ready for review |
Also handle settings the certificates on ELB's | ||
""" | ||
if verbose: | ||
logging.basicConfig(level=logging.INFO) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than setting a flag called verbose here, it would be better to just use the logger with different levels. Like logging.info
when you want it to appear for everyone and logging.debug
when you want it only if the verbosity is increased. Then we can set the level globally in the fabfile maybe?
|
8960c4c
to
54f1243
Compare
Not sure about some of this 'forcing' logic |
load_balancer_resources = self.cfn.get_stack_load_balancers(stack_name) | ||
found_load_balancer_names = [lb.physical_resource_id for lb in load_balancer_resources] | ||
# Use load balancer names to filter gettingload balancer details | ||
if len(found_load_balancer_names) > 0: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
think we might want load_balancers=[]
here or in the else block because if this is not true the next if statement will fail (if I'm reading it right).
@niallcreech and I have just had a good chat about this. Two things we thought of:
|
This is a massive PR, I have no idea where to start |
Mostly covered with Matt yesterday, I’ve got a couple of small changes to make but unfortunately I’ve no internet until the afternoon. Press on with any bootstrap work you’re doing, I’ll fix this up around it once you’re finished |
0ef9337
to
ebe625b
Compare
|
Will need to wait until trim_the_fat has been merged and see how rebasey this will be before moving to review |
Cool, thanks @niallcreech I've got my fingers crossed with the git gods that it won't be too conflicty 😄 |
Created a fab task to update certificates on a stack. Checks are carried out to see if the current local and remote certificates are the same, if not the certificates are uploaded and and load balancers with certificates in the stack will be updated fab_tasks: - Create a fab task update_certs to update the ssl certificates from the config - Small delay between updating certificates on instances and load balancer to avoid setting the load balancer cert when ARN is available but the certificate is not properly registered iam: - Added getting an arn from a certificate name to the IAM class. - Simplify getting an arn for certs using boto get_server_certificate - Handle exceptions when trying to delete/upload a certificate - Simplify upload ssl logic to error on trying to update a missing certificate elb: - Create an ELB class to handle interaction with the stacks load balancers. - Throw an exception if we try to set certs on elbs when none are defined in the config cloudformation: - Added utility method to get a list of load balancers for the stack test_iam: - Added test cases to cover noew iam things
ebe625b
to
70de16a
Compare
I'd say this looks good now. Anyone else want to comment before I merge? |
When we change the certificate in our cloud formation config we want a way to update the certificates on instances, and to set these certificates on any https load balancers on the stack.
This patch creates a fab_task update_certs() to carry out both of these tasks, first removing/adding the certificates using IAM, then using a simple ELB class to set_ssl_certificates() on any https listeners on the stacks load_balancers