Merge pull request #280 from zalando-stups/issue-279-do-not-fail-on-i…

…nvalid-acm-certs #279 do not fail on ACM certs with status VALIDATION_TIMED_OUT
zalando-stups · Jul 26, 2016 · 56b109c · 56b109c
2 parents 46c3172 + 2dacafd
commit 56b109c
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/senza/manaus/acm.py b/senza/manaus/acm.py
@@ -80,16 +80,16 @@ def from_boto_dict(cls,
         arn = certificate['CertificateArn']
         subject_alternative_name = certificate['SubjectAlternativeNames']
         domain_validation_options = certificate['DomainValidationOptions']
-        serial = certificate['Serial']
         subject = certificate['Subject']
-        issuer = certificate['Issuer']
         created_at = certificate['CreatedAt']
-        issued_at = certificate['IssuedAt']
         status = certificate['Status']
-        not_before = certificate['NotBefore']
-        not_after = certificate['NotAfter']
         signature_algorithm = certificate['SignatureAlgorithm']
         in_use_by = certificate['InUseBy']
+        serial = certificate.get('Serial')
+        issuer = certificate.get('Issuer')
+        issued_at = certificate.get('IssuedAt')
+        not_before = certificate.get('NotBefore')
+        not_after = certificate.get('NotAfter')
 
         revoked_at = certificate.get('RevokedAt')
         revocation_reason = certificate.get('RevocationReason')

diff --git a/tests/test_manaus/test_acm.py b/tests/test_manaus/test_acm.py
@@ -85,6 +85,24 @@
                                      '*.senza.aws.example.net',
                                      '*.app.example.net']}
 
+CERT_VALIDATION_TIMED_OUT = {
+    'KeyAlgorithm': 'RSA-2048',
+    'DomainName': 'alpha.example.org',
+    'InUseBy': [],
+    'CreatedAt': datetime(2016, 7,  11, 15,  15,  30),
+    'SubjectAlternativeNames': ['alpha.example.org'],
+    'SignatureAlgorithm': 'SHA256WITHRSA',
+    'Status': 'VALIDATION_TIMED_OUT',
+    'DomainValidationOptions': [{'DomainName': 'alpha.example.org',
+                                 'ValidationEmails': ['administrator@alpha.example.org',
+                                    'hostmaster@alpha.example.org',
+                                    'admin@alpha.example.org',
+                                    'webmaster@alpha.example.org',
+                                    'postmaster@alpha.example.org'],
+                                 'ValidationDomain': 'alpha.example.org'}],
+    'CertificateArn': 'arn:aws:acm:eu-central-1:123123:certificate/f8a0fa1a-381b-44b6-ab10-1b94ba1480a1',
+    'Subject': 'CN=alpha.example.org'}
+
 
 def test_certificate_valid():
     certificate1 = ACMCertificate.from_boto_dict(CERT1)
@@ -108,6 +126,9 @@ def test_certificate_valid():
     assert not certificate1_revoked.is_valid(when=datetime(2013, 4, 2, 10, 11, 12,
                                                            tzinfo=timezone.utc))
 
+    cert_invalid = ACMCertificate.from_boto_dict(CERT_VALIDATION_TIMED_OUT)
+    assert not cert_invalid.is_valid()
+
 
 def test_certificate_comparison():
     cert2 = CERT1.copy()