in lemur/sources/service.py [0:0]
def sync_endpoints(source):
new, updated, updated_by_hash, removed = 0, 0, 0, 0
current_app.logger.debug("Retrieving endpoints from {0}".format(source.label))
s = plugins.get(source.plugin_name)
seen_endpoints = set()
try:
endpoints = s.get_endpoints(source.options)
except NotImplementedError:
current_app.logger.warning(
"Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'".format(
source.label
)
)
return new, updated, updated_by_hash
for endpoint in endpoints:
exists = endpoint_service.get_by_dnsname_and_port(
endpoint["dnsname"], endpoint["port"]
)
certificate_name = endpoint.pop("certificate_name")
endpoint["certificate"] = certificate_service.get_by_name(certificate_name)
# if get cert by name failed, we attempt a search via serial number and hash comparison
# and link the endpoint certificate to Lemur certificate
if not endpoint["certificate"]:
certificate_attached_to_endpoint = None
try:
certificate_attached_to_endpoint = s.get_certificate_by_name(certificate_name, source.options)
except NotImplementedError:
current_app.logger.warning(
"Unable to describe server certificate for endpoints in source {0}:"
" plugin has not implemented 'get_certificate_by_name'".format(
source.label
)
)
sentry.captureException()
if certificate_attached_to_endpoint:
lemur_matching_cert, updated_by_hash_tmp = find_cert(certificate_attached_to_endpoint)
updated_by_hash += updated_by_hash_tmp
if lemur_matching_cert:
endpoint["certificate"] = lemur_matching_cert[0]
if len(lemur_matching_cert) > 1:
current_app.logger.error(
"Too Many Certificates Found{0}. Name: {1} Endpoint: {2}".format(
len(lemur_matching_cert), certificate_name, endpoint["name"]
)
)
metrics.send("endpoint.certificate.conflict",
"gauge", len(lemur_matching_cert),
metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
"acct": s.get_option("accountNumber", source.options)})
if not endpoint["certificate"]:
current_app.logger.error({
"message": "Certificate Not Found",
"certificate_name": certificate_name,
"endpoint_name": endpoint["name"],
"dns_name": endpoint.get("dnsname"),
"account": s.get_option("accountNumber", source.options),
})
metrics.send("endpoint.certificate.not.found",
"counter", 1,
metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
"acct": s.get_option("accountNumber", source.options),
"dnsname": endpoint.get("dnsname")})
continue
policy = endpoint.pop("policy")
policy_ciphers = []
for nc in policy["ciphers"]:
policy_ciphers.append(endpoint_service.get_or_create_cipher(name=nc))
policy["ciphers"] = policy_ciphers
endpoint["policy"] = endpoint_service.get_or_create_policy(**policy)
endpoint["source"] = source
if not exists:
current_app.logger.debug(
"Endpoint Created: Name: {name}".format(name=endpoint["name"])
)
seen_endpoints.add(endpoint_service.create(**endpoint).id)
new += 1
else:
current_app.logger.debug("Endpoint Updated: {}".format(endpoint))
seen_endpoints.add(endpoint_service.update(exists.id, **endpoint).id)
updated += 1
# remove
for endpoint in source.endpoints:
if endpoint.id not in seen_endpoints:
current_app.logger.info(f"removing endpoint {endpoint.name} from database")
database.delete(endpoint)
removed += 1
return new, updated, updated_by_hash, removed