lemur_aws Package¶
lemur_aws
Package¶
elb
Module¶
-
lemur.plugins.lemur_aws.elb.
attach_certificate
(name, port, certificate_id, **kwargs) Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.
Parameters: - name –
- port –
- certificate_id –
-
lemur.plugins.lemur_aws.elb.
attach_certificate_v2
(listener_arn, port, certificates, **kwargs) Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.
Parameters: - listener_arn –
- port –
- certificates –
-
lemur.plugins.lemur_aws.elb.
describe_listeners_v2
(**kwargs) Fetches one page of listener objects for a given elb arn.
Parameters: kwargs – Returns:
-
lemur.plugins.lemur_aws.elb.
describe_load_balancer_policies
(load_balancer_name, policy_names, **kwargs) Fetching all policies currently associated with an ELB.
Parameters: load_balancer_name – Returns:
-
lemur.plugins.lemur_aws.elb.
describe_load_balancer_types
(policies, **kwargs) Describe the policies with policy details.
Parameters: policies – Returns:
-
lemur.plugins.lemur_aws.elb.
describe_ssl_policies_v2
(policy_names, **kwargs) Fetching all policies currently associated with an ELB.
Parameters: policy_names – Returns:
-
lemur.plugins.lemur_aws.elb.
get_all_elbs
(**kwargs) Fetches all elbs for a given account/region
Parameters: kwargs – Returns:
-
lemur.plugins.lemur_aws.elb.
get_all_elbs_v2
(**kwargs) Fetches all elbs for a given account/region
Parameters: kwargs – Returns:
-
lemur.plugins.lemur_aws.elb.
get_elbs
(**kwargs) Fetches one page elb objects for a given account and region.
-
lemur.plugins.lemur_aws.elb.
get_elbs_v2
(**kwargs) Fetches one page of elb objects for a given account and region.
Parameters: kwargs – Returns:
-
lemur.plugins.lemur_aws.elb.
get_listener_arn_from_endpoint
(endpoint_name, endpoint_port, **kwargs) Get a listener ARN from an endpoint. :param endpoint_name: :param endpoint_port: :return:
-
lemur.plugins.lemur_aws.elb.
is_valid
(listener_tuple) There are a few rules that aws has when creating listeners, this function ensures those rules are met before we try and create or update a listener.
While these could be caught with boto exception handling, I would rather be nice and catch these early before we sent them out to aws. It also gives us an opportunity to create nice user warnings.
This validity check should also be checked in the frontend but must also be enforced by server.
Parameters: listener_tuple –
-
lemur.plugins.lemur_aws.elb.
retry_throttled
(exception) Determines if this exception is due to throttling :param exception: :return:
iam
Module¶
-
lemur.plugins.lemur_aws.iam.
create_arn_from_cert
(account_number, region, certificate_name) Create an ARN from a certificate. :param account_number: :param region: :param certificate_name: :return:
-
lemur.plugins.lemur_aws.iam.
delete_cert
(cert_name, **kwargs) Delete a certificate from AWS
Parameters: cert_name – Returns:
-
lemur.plugins.lemur_aws.iam.
get_all_certificates
(**kwargs) Use STS to fetch all of the SSL certificates from a given account
-
lemur.plugins.lemur_aws.iam.
get_certificate
(name, **kwargs) Retrieves an SSL certificate.
Returns:
-
lemur.plugins.lemur_aws.iam.
get_certificates
(**kwargs) Fetches one page of certificate objects for a given account. :param kwargs: :return:
-
lemur.plugins.lemur_aws.iam.
get_name_from_arn
(arn) Extract the certificate name from an arn.
Parameters: arn – IAM SSL arn Returns: name of the certificate as uploaded to AWS
-
lemur.plugins.lemur_aws.iam.
retry_throttled
(exception) Determines if this exception is due to throttling :param exception: :return:
-
lemur.plugins.lemur_aws.iam.
upload_cert
(name, body, private_key, path, cert_chain=None, **kwargs) Upload a certificate to AWS
Parameters: - name –
- body –
- private_key –
- cert_chain –
- path –
Returns:
plugin
Module¶
-
class
lemur.plugins.lemur_aws.plugin.
AWSDestinationPlugin
Bases:
lemur.plugins.bases.destination.DestinationPlugin
-
author
= 'Kevin Glisson'
-
author_url
= 'https://github.com/netflix/lemur'
-
deploy
(elb_name, account, region, certificate)
-
description
= 'Allow the uploading of certificates to AWS IAM'
-
options
= [{'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'Must be a valid AWS account number!'}, {'helpMessage': 'Path to upload certificate.', 'default': '/', 'type': 'str', 'name': 'path'}]
-
slug
= 'aws-destination'
-
title
= 'AWS'
-
upload
(name, body, private_key, cert_chain, options, **kwargs)
-
version
= 'unknown'
-
-
class
lemur.plugins.lemur_aws.plugin.
AWSSourcePlugin
Bases:
lemur.plugins.bases.source.SourcePlugin
-
author
= 'Kevin Glisson'
-
author_url
= 'https://github.com/netflix/lemur'
-
clean
(certificate, options, **kwargs)
-
description
= 'Discovers all SSL certificates and ELB endpoints in an AWS account'
-
get_certificates
(options, **kwargs)
-
get_endpoints
(options, **kwargs)
-
options
= [{'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'Must be a valid AWS account number!'}, {'helpMessage': 'Comma separated list of regions to search in, if no region is specified we look in all regions.', 'type': 'str', 'name': 'regions'}]
-
slug
= 'aws-source'
-
title
= 'AWS'
-
update_endpoint
(endpoint, certificate)
-
version
= 'unknown'
-
-
class
lemur.plugins.lemur_aws.plugin.
S3DestinationPlugin
(*args, **kwargs) Bases:
lemur.plugins.bases.destination.ExportDestinationPlugin
-
additional_options
= [{'validation': '/^$|\\s+/', 'required': True, 'type': 'str', 'name': 'bucket', 'helpMessage': 'Must be a valid S3 bucket name!'}, {'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'A valid AWS account number with permission to access S3'}, {'helpMessage': 'Region bucket exists', 'default': 'us-east-1', 'name': 'region', 'available': ['us-east-1', 'us-west-2', 'eu-west-1'], 'required': False, 'type': 'str'}, {'helpMessage': 'Enable server side encryption', 'required': False, 'default': True, 'type': 'bool', 'name': 'encrypt'}, {'validation': '/^$|\\s+/', 'required': False, 'type': 'str', 'name': 'prefix', 'helpMessage': 'Must be a valid S3 object prefix!'}]
-
author
= 'Mikhail Khodorovskiy, Harm Weites <harm@weites.com>'
-
author_url
= 'https://github.com/Netflix/lemur'
-
description
= 'Allow the uploading of certificates to Amazon S3'
-
slug
= 'aws-s3'
-
title
= 'AWS-S3'
-
upload
(name, body, private_key, chain, options, **kwargs)
-
-
lemur.plugins.lemur_aws.plugin.
format_elb_cipher_policy
(policy) Attempts to format cipher policy information into a common format. :param policy: :return:
-
lemur.plugins.lemur_aws.plugin.
format_elb_cipher_policy_v2
(policy) Attempts to format cipher policy information for elbv2 into a common format. :param policy: :return:
-
lemur.plugins.lemur_aws.plugin.
get_elb_endpoints
(account_number, region, elb_dict) Retrieves endpoint information from elb response data. :param account_number: :param region: :param elb_dict: :return:
-
lemur.plugins.lemur_aws.plugin.
get_elb_endpoints_v2
(account_number, region, elb_dict) Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return:
-
lemur.plugins.lemur_aws.plugin.
get_region_from_dns
(dns)
sts
Module¶
-
lemur.plugins.lemur_aws.sts.
sts_client
(service, service_type='client')