def execute()

in gcpdiag/runbook/lb/ssl_certificates.py [0:0]

• 72 lines of code
• 9 McCabe index (conditional complexity)

  def execute(self):
    certificate = lb.get_ssl_certificate(self.project_id, self.certificate_name)
    ip_addresses = dns.find_dns_records(self.domain)

    op.add_metadata('domain', self.domain)
    op.add_metadata('domain_to_ip_addresses', ip_addresses)

    # Group forwarding rules by IP address
    frs_by_ip = {}
    fr_ip_message = ''
    for fr in self.forwarding_rules_with_certificate:
      frs_by_ip.setdefault(fr.ip_address, []).append(fr)
      fr_ip_message += (
          f'- forwarding rule "{fr.name}" in "{fr.region}": {fr.ip_address}\n')

    # Check which IP addresses point to the load balancer
    ip_addresses_pointing_to_lb = []
    unresolved_ip_addresses = []
    for ip_address in ip_addresses:
      if frs_by_ip.get(ip_address):
        ip_addresses_pointing_to_lb.append(ip_address)
      else:
        unresolved_ip_addresses.append(ip_address)

    if ip_addresses_pointing_to_lb and not unresolved_ip_addresses:
      op.add_ok(
          certificate,
          reason=op.prep_msg(
              op.SUCCESS_REASON,
              domain=self.domain,
              ip_addresses=', '.join(ip_addresses_pointing_to_lb),
              name=self.certificate_name,
          ),
      )
    elif ip_addresses_pointing_to_lb and unresolved_ip_addresses:
      op.add_uncertain(
          certificate,
          reason=op.prep_msg(
              op.UNCERTAIN_REASON,
              domain=self.domain,
              name=self.certificate_name,
              unresolved_ip_addresses=', '.join(unresolved_ip_addresses),
              resolved_ip_addresses=', '.join(ip_addresses_pointing_to_lb),
          ),
          remediation=op.prep_msg(
              op.UNCERTAIN_REMEDIATION,
              domain=self.domain,
              fr_ip_message=fr_ip_message,
              name=self.certificate_name,
          ),
      )
    elif unresolved_ip_addresses:
      op.add_failed(
          certificate,
          reason=op.prep_msg(
              op.FAILURE_REASON,
              domain=self.domain,
              unresolved_ip_addresses=', '.join(unresolved_ip_addresses),
              name=self.certificate_name,
          ),
          remediation=op.prep_msg(
              op.FAILURE_REMEDIATION,
              domain=self.domain,
              fr_ip_message=fr_ip_message,
              name=self.certificate_name,
          ),
      )
    else:
      op.add_failed(
          certificate,
          reason=op.prep_msg(op.FAILURE_REASON_ALT1, domain=self.domain),
          remediation=op.prep_msg(
              op.FAILURE_REMEDIATION,
              domain=self.domain,
              fr_ip_message=fr_ip_message,
              name=self.certificate_name,
          ),
      )