Transform certificates in listener in expected XML (#4049)
This commit is contained in:
Sahil Shah
GitHub
parent
8cc439444f
commit
3ae4c23c23
2 changed files with 34 additions and 39 deletions
|
|
@ -265,6 +265,7 @@ class FakeListener(CloudFormationModel):
|
|||
certificates = properties.get("Certificates")
|
||||
|
||||
default_actions = elbv2_backend.convert_and_validate_properties(properties)
|
||||
certificates = elbv2_backend.convert_and_validate_certificates(certificates)
|
||||
listener = elbv2_backend.create_listener(
|
||||
load_balancer_arn, protocol, port, ssl_policy, certificates, default_actions
|
||||
)
|
||||
|
|
@ -283,6 +284,7 @@ class FakeListener(CloudFormationModel):
|
|||
certificates = properties.get("Certificates")
|
||||
|
||||
default_actions = elbv2_backend.convert_and_validate_properties(properties)
|
||||
certificates = elbv2_backend.convert_and_validate_certificates(certificates)
|
||||
listener = elbv2_backend.modify_listener(
|
||||
original_resource.arn,
|
||||
port,
|
||||
|
|
@ -833,6 +835,14 @@ Member must satisfy regular expression pattern: {}".format(
|
|||
self.target_groups[target_group.arn] = target_group
|
||||
return target_group
|
||||
|
||||
def convert_and_validate_certificates(self, certificates):
|
||||
|
||||
# transform default certificate to conform with the rest of the code and XML templates
|
||||
for cert in certificates or []:
|
||||
cert["certificate_arn"] = cert["CertificateArn"]
|
||||
|
||||
return certificates
|
||||
|
||||
def convert_and_validate_properties(self, properties):
|
||||
|
||||
# transform default actions to confirm with the rest of the code and XML templates
|
||||
|
|
@ -1308,41 +1318,24 @@ Member must satisfy regular expression pattern: {}".format(
|
|||
|
||||
# HTTPS checks
|
||||
if protocol == "HTTPS":
|
||||
# HTTPS
|
||||
|
||||
# Might already be HTTPS so may not provide certs
|
||||
if certificates is None and listener.protocol != "HTTPS":
|
||||
raise RESTError(
|
||||
"InvalidConfigurationRequest",
|
||||
"Certificates must be provided for HTTPS",
|
||||
)
|
||||
|
||||
# Check certificates exist
|
||||
if certificates is not None:
|
||||
default_cert = None
|
||||
all_certs = set() # for SNI
|
||||
for cert in certificates:
|
||||
if cert["is_default"] == "true":
|
||||
default_cert = cert["certificate_arn"]
|
||||
try:
|
||||
self.acm_backend.get_certificate(cert["certificate_arn"])
|
||||
except Exception:
|
||||
raise RESTError(
|
||||
"CertificateNotFound",
|
||||
"Certificate {0} not found".format(
|
||||
cert["certificate_arn"]
|
||||
),
|
||||
)
|
||||
|
||||
all_certs.add(cert["certificate_arn"])
|
||||
|
||||
if default_cert is None:
|
||||
if certificates:
|
||||
default_cert = certificates[0]
|
||||
default_cert_arn = default_cert["certificate_arn"]
|
||||
try:
|
||||
self.acm_backend.get_certificate(default_cert_arn)
|
||||
except Exception:
|
||||
raise RESTError(
|
||||
"InvalidConfigurationRequest", "No default certificate"
|
||||
"CertificateNotFound",
|
||||
"Certificate {0} not found".format(default_cert_arn),
|
||||
)
|
||||
|
||||
listener.certificate = default_cert
|
||||
listener.certificates = list(all_certs)
|
||||
listener.certificate = default_cert_arn
|
||||
listener.certificates = certificates
|
||||
else:
|
||||
raise RESTError(
|
||||
"CertificateWereNotPassed",
|
||||
"You must provide a list containing exactly one certificate if the listener protocol is HTTPS.",
|
||||
)
|
||||
|
||||
listener.protocol = protocol
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue