#370 resolve SSL certs when defining custom ELB Listeners

zalando-stups · Oct 12, 2016 · 547a969 · 547a969
1 parent 5df821c
commit 547a969
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 5 deletions.
diff --git a/senza/components/elastic_load_balancer.py b/senza/components/elastic_load_balancer.py
@@ -76,20 +76,28 @@ def get_ssl_cert(subdomain, main_zone, configuration, account_info: AccountArgum
     return ssl_cert
 
 
-def get_listeners(subdomain, main_zone, configuration,
-                  account_info: AccountArguments):
-    ssl_cert = get_ssl_cert(subdomain, main_zone, configuration, account_info)
+def get_listeners(configuration):
     return [
         {
             "PolicyNames": [],
-            "SSLCertificateId": ssl_cert,
+            "SSLCertificateId": configuration.get('SSLCertificateId'),
             "Protocol": "HTTPS",
             "InstancePort": configuration["HTTPPort"],
             "LoadBalancerPort": 443
         }
     ]
 
 
+def resolve_ssl_certificates(listeners, subdomain, main_zone, account_info):
+    new_listeners = []
+    for listener in listeners:
+        if listener.get('Protocol') in ('HTTPS', 'SSL'):
+            ssl_cert = get_ssl_cert(subdomain, main_zone, listener, account_info)
+            listener['SSLCertificateId'] = ssl_cert
+        new_listeners.append(listener)
+    return new_listeners
+
+
 def component_elastic_load_balancer(definition,
                                     configuration: dict,
                                     args: TemplateArguments,
@@ -123,7 +131,8 @@ def component_elastic_load_balancer(definition,
             subdomain = domain['Subdomain']
             main_zone = domain['Zone']  # type: str
 
-    listeners = configuration.get('Listeners') or get_listeners(subdomain, main_zone, configuration, account_info)
+    listeners = configuration.get('Listeners') or get_listeners(configuration)
+    listeners = resolve_ssl_certificates(listeners, subdomain, main_zone, account_info)
 
     health_check_protocol = configuration.get('HealthCheckProtocol') or 'HTTP'
 

diff --git a/tests/test_components.py b/tests/test_components.py
@@ -198,6 +198,31 @@ def test_component_load_balancer_http_only(monkeypatch):
     assert 'Bar' == result["Resources"]["test_lb"]["Properties"]["Listeners"][0]["Foo"]
 
 
+def test_component_load_balancer_listeners_ssl(monkeypatch):
+    configuration = {
+        "Name": "test_lb",
+        "SecurityGroups": "",
+        "HTTPPort": "9999",
+        "Listeners": [{"Protocol": "SSL"}]
+    }
+    info = {'StackName': 'foobar', 'StackVersion': '0.1'}
+    definition = {"Resources": {}}
+
+    args = MagicMock()
+    args.region = "foo"
+
+    mock_string_result = MagicMock()
+    mock_string_result.return_value = "foo"
+    monkeypatch.setattr('senza.components.elastic_load_balancer.resolve_security_groups', mock_string_result)
+
+    get_ssl_cert = MagicMock()
+    get_ssl_cert.return_value = 'my-ssl-arn'
+    monkeypatch.setattr('senza.components.elastic_load_balancer.get_ssl_cert', get_ssl_cert)
+
+    result = component_elastic_load_balancer(definition, configuration, args, info, False, MagicMock())
+    assert 'my-ssl-arn' == result["Resources"]["test_lb"]["Properties"]["Listeners"][0]["SSLCertificateId"]
+
+
 def test_component_load_balancer_namelength(monkeypatch):
     configuration = {
         "Name": "test_lb",