def createCert()

in scripts/vpn-endpoint-security-resource-handler.py [0:0]

• 42 lines of code
• 2 McCabe index (conditional complexity)

def createCert(event, context):
  
  try: 

      logger.info("Starting to create certificate")

      vpnConfigBucket = event['ResourceProperties']['VpnConfigBucket']

      installEasyRSACommands = ['curl -L https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz -O',
                            'mkdir /tmp/easyrsa',
                            'mkdir /tmp/vpndetails',
                            'tar -xvzf /tmp/EasyRSA-unix-v3.0.6.tgz -C /tmp/easyrsa',
                            'ls /tmp/easyrsa']
      runCommandSet(installEasyRSACommands)
            
      easyRsaCommands = [ '/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa init-pki',
                          '/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa build-ca nopass',
                          '/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa build-server-full server nopass',
                          '/tmp/easyrsa/EasyRSA-v3.0.6/easyrsa build-client-full client1.domain.tld nopass',
                          'cp /tmp/pki/ca.crt /tmp/vpndetails/ca.crt',
                          'cp /tmp/pki/issued/server.crt /tmp/vpndetails/server.crt',
                          'cp /tmp/pki/private/server.key /tmp/vpndetails/server.key',
                          'cp /tmp/pki/issued/client1.domain.tld.crt /tmp/vpndetails/client1.domain.tld.crt',
                          'cp /tmp/pki/private/client1.domain.tld.key /tmp/vpndetails/client1.domain.tld.key',
                          ]
      runCommandSet(easyRsaCommands, '/tmp/easy-rsa/EasyRSA-v3.0.6')
      
      serverCertResponse = acm.import_certificate(
          Certificate=get_bytes_from_file('/tmp/vpndetails/server.crt'),
          PrivateKey=get_bytes_from_file('/tmp/vpndetails/server.key'),
          CertificateChain=get_bytes_from_file('/tmp/vpndetails/ca.crt')
      )
      
      logger.info(serverCertResponse)

      downloadAndCopyConfigKeysAndCert = ['aws s3 cp /tmp/vpndetails/ca.crt {0}ca.crt'.format(vpnConfigBucket),
                                          'aws s3 cp /tmp/vpndetails/server.crt {0}server.crt'.format(vpnConfigBucket),
                                          'aws s3 cp /tmp/vpndetails/server.key {0}server.key'.format(vpnConfigBucket),
                                          'aws s3 cp /tmp/vpndetails/client1.domain.tld.crt {0}client1.domain.tld.crt'.format(vpnConfigBucket),
                                          'aws s3 cp /tmp/vpndetails/client1.domain.tld.key {0}client1.domain.tld.key'.format(vpnConfigBucket)
                                          ]
      runCommandSet(downloadAndCopyConfigKeysAndCert);


      return {
        'responseData': responseData,
        'PhysicalResourceId': serverCertResponse['CertificateArn'],
      } 
      
  except Exception as e:
      logger.error(e)
      response_data = {'ErrorMessage': e}
      return response_data