in lemur/plugins/lemur_aws/plugin.py [0:0]
def update_endpoint(self, endpoint, certificate):
options = endpoint.source.options
account_number = self.get_option("accountNumber", options)
if endpoint.type == "cloudfront":
cert = iam.get_certificate(certificate.name,
account_number=account_number)
if not cert:
return None
cert_id = cert["ServerCertificateMetadata"]["ServerCertificateId"]
cloudfront.attach_certificate(
endpoint.name,
cert_id,
account_number=account_number
)
return
if endpoint.type not in ["elb", "elbv2"]:
raise NotImplementedError()
partition = current_app.config.get("LEMUR_AWS_PARTITION", "aws")
if endpoint.registry_type == 'iam':
arn = iam.create_arn_from_cert(account_number, partition, certificate.name, endpoint.certificate_path)
else:
raise Exception(f"Lemur doesn't support rotating certificates on {endpoint.registry_type} registry")
# relies on the fact that region is included in DNS name
region = get_region_from_dns(endpoint.dnsname)
try:
if endpoint.type == "elbv2":
listener_arn = elb.get_listener_arn_from_endpoint(
endpoint.name,
endpoint.port,
account_number=account_number,
region=region,
)
elb.attach_certificate_v2(
listener_arn,
endpoint.port,
[{"CertificateArn": arn}],
account_number=account_number,
region=region,
)
elif endpoint.type == "elb":
elb.attach_certificate(
endpoint.name,
endpoint.port,
arn,
account_number=account_number,
region=region,
)
except Exception as e:
current_app.logger.warning(
f"Error attaching certificate to endpoint named {endpoint.name} (ID {endpoint.id}) on port {endpoint.port} in account {account_number} and region {region}: {e}")
raise e