lemur_aws Package¶
lemur_aws
Package¶
elb
Module¶
-
lemur.plugins.lemur_aws.elb.
attach_certificate
(account_number, region, name, port, certificate_id) Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.
Parameters: - account_number –
- region –
- name –
- port –
- certificate_id –
-
lemur.plugins.lemur_aws.elb.
create_new_listeners
(account_number, region, name, listeners=None) Creates a new listener and attaches it to the ELB.
Parameters: - account_number –
- region –
- name –
- listeners –
Returns:
-
lemur.plugins.lemur_aws.elb.
delete_listeners
(account_number, region, name, ports) Deletes a listener from an ELB.
Parameters: - account_number –
- region –
- name –
- ports –
Returns:
-
lemur.plugins.lemur_aws.elb.
get_all_elbs
(account_number, region) Fetches all elb objects for a given account and region.
Parameters: - account_number –
- region –
-
lemur.plugins.lemur_aws.elb.
get_all_regions
() Retrieves all current EC2 regions.
Returns:
-
lemur.plugins.lemur_aws.elb.
get_listeners
(account_number, region, name) Gets the listeners configured on an elb and returns a array of tuples
Parameters: - account_number –
- region –
- name –
Returns: list of tuples
-
lemur.plugins.lemur_aws.elb.
is_valid
(listener_tuple) There are a few rules that aws has when creating listeners, this function ensures those rules are met before we try and create or update a listener.
While these could be caught with boto exception handling, I would rather be nice and catch these early before we sent them out to aws. It also gives us an opportunity to create nice user warnings.
This validity check should also be checked in the frontend but must also be enforced by server.
Parameters: listener_tuple –
-
lemur.plugins.lemur_aws.elb.
update_listeners
(account_number, region, name, listeners, ports) We assume that a listener with a specified port already exists. We can then delete the old listener on the port and create a new one in it’s place.
If however we are replacing a listener e.g. changing a port from 80 to 443 we need to make sure we kept track of which ports we needed to delete so that we don’t create two listeners (one 80 and one 443)
Parameters: - account_number –
- region –
- name –
- listeners –
- ports –
iam
Module¶
-
lemur.plugins.lemur_aws.iam.
delete_cert
(account_number, cert) Delete a certificate from AWS
Parameters: - account_number –
- cert –
Returns:
-
lemur.plugins.lemur_aws.iam.
digest_aws_cert_response
(response) Processes an AWS certifcate response and retrieves the certificate body and chain.
Parameters: response – Returns:
-
lemur.plugins.lemur_aws.iam.
get_all_server_certs
(account_number) Use STS to fetch all of the SSL certificates from a given account
Parameters: account_number –
-
lemur.plugins.lemur_aws.iam.
get_cert_from_arn
(arn) Retrieves an SSL certificate from a given ARN.
Parameters: arn – Returns:
-
lemur.plugins.lemur_aws.iam.
get_name_from_arn
(arn) Extract the certificate name from an arn.
Parameters: arn – IAM SSL arn Returns: name of the certificate as uploaded to AWS
-
lemur.plugins.lemur_aws.iam.
upload_cert
(account_number, name, body, private_key, cert_chain=None) Upload a certificate to AWS
Parameters: - account_number –
- name –
- private_key –
- cert_chain –
Returns:
plugin
Module¶
-
class
lemur.plugins.lemur_aws.plugin.
AWSDestinationPlugin
Bases:
lemur.plugins.bases.destination.DestinationPlugin
-
author
= 'Kevin Glisson'
-
author_url
= 'https://github.com/netflix/lemur'
-
description
= 'Allow the uploading of certificates to AWS IAM'
-
options
= [{'helpMessage': 'Must be a valid AWS account number!', 'required': True, 'type': 'str', 'name': 'accountNumber', 'validation': '/^[0-9]{12,12}$/'}]
-
slug
= 'aws-destination'
-
title
= 'AWS'
-
upload
(name, body, private_key, cert_chain, options, **kwargs)
-
version
= 'unknown'
-
-
class
lemur.plugins.lemur_aws.plugin.
AWSSourcePlugin
Bases:
lemur.plugins.bases.source.SourcePlugin
-
author
= 'Kevin Glisson'
-
author_url
= 'https://github.com/netflix/lemur'
-
description
= 'Discovers all SSL certificates in an AWS account'
-
get_certificates
(options, **kwargs)
-
options
= [{'helpMessage': 'Must be a valid AWS account number!', 'required': True, 'type': 'str', 'name': 'accountNumber', 'validation': '/^[0-9]{12,12}$/'}]
-
slug
= 'aws-source'
-
title
= 'AWS'
-
version
= 'unknown'
-
-
lemur.plugins.lemur_aws.plugin.
find_value
(name, options)
sts
Module¶
-
lemur.plugins.lemur_aws.sts.
assume_service
(account_number, service, region=None)