def fetch_cert()

in lemur/common/celery.py [0:0]

• 51 lines of code
• 9 McCabe index (conditional complexity)

def fetch_cert(id):
    """
    Attempt to get the full certificate for the pending certificate listed.

    Args:
        id: an id of a PendingCertificate
    """
    task_id = None
    if celery.current_task:
        task_id = celery.current_task.request.id

    function = f"{__name__}.{sys._getframe().f_code.co_name}"
    log_data = {
        "function": function,
        "message": "Resolving pending certificate {}".format(id),
        "task_id": task_id,
        "id": id,
    }

    current_app.logger.debug(log_data)

    if task_id and is_task_active(log_data["function"], task_id, (id,)):
        log_data["message"] = "Skipping task: Task is already active"
        current_app.logger.debug(log_data)
        return

    pending_certs = pending_certificate_service.get_pending_certs([id])
    new = 0
    failed = 0
    for cert in pending_certs:
        cert_authority = get_authority(cert.authority_id)
        if cert_authority.plugin_name == "acme-issuer":
            current_app.logger.warning(
                "Skipping acme cert (use `fetch_acme_cert()` instead)."
            )
            continue
        plugin = plugins.get(cert_authority.plugin_name)
        real_cert = plugin.get_ordered_certificate(cert)
        if real_cert:
            # If a real certificate was returned from issuer, then create it in
            # Lemur and mark the pending certificate as resolved
            # Ideally, this should be a db transaction that would check resolved status
            # before creating a new one
            final_cert = pending_certificate_service.create_certificate(
                cert, real_cert, cert.user
            )
            pending_certificate_service.update(cert.id, resolved_cert_id=final_cert.id)
            pending_certificate_service.update(cert.id, resolved=True)
            # add metrics to metrics extension
            new += 1
        else:
            # Double check the pending certificate still exists in the database
            # before updating the failed attempt counter
            if not pending_certificate_service.get(cert.id):
                current_app.logger.info(
                    f"Not incrementing failed attempt counter because {cert.name} was cancelled before."
                )
            else:
                pending_certificate_service.increment_attempt(cert)
                failed += 1
    log_data["message"] = "Complete"
    log_data["new"] = new
    log_data["failed"] = failed
    current_app.logger.debug(log_data)
    metrics.send(f"{function}.resolved", "gauge", new)
    metrics.send(f"{function}.failed", "gauge", failed)
    print(f"[+] Certificates: New: {new} Failed: {failed}")
    return log_data