Address PR comments

serverless-ca · Aug 19, 2024 · f55a060 · f55a060
1 parent 0746aea
commit f55a060
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 9 deletions.
diff --git a/modules/terraform-aws-ca-lambda/lambda_code/tls_cert/tls_cert.py b/modules/terraform-aws-ca-lambda/lambda_code/tls_cert/tls_cert.py
@@ -20,7 +20,7 @@
     db_list_certificates,
     db_issue_certificate,
 )
-from utils.certs.s3 import s3_download, is_cert_gitops
+from utils.certs.s3 import cert_issued_via_gitops, s3_download
 from cryptography.x509 import load_pem_x509_certificate, load_pem_x509_csr
 from cryptography.hazmat.primitives import serialization
 from dataclasses import dataclass, field
@@ -287,7 +287,7 @@ def lambda_handler(event, context):  # pylint:disable=unused-argument,too-many-l
         base64_ca_chain=ca_chain_response.base64_ca_chain,
     )
 
-    if is_cert_gitops(internal_s3_bucket_name, response.subject):
+    if cert_issued_via_gitops(internal_s3_bucket_name, response.subject):
         sns_notify_cert_issued(response.to_dict(), sns_topic_arn)
 
     return response.to_dict()
diff --git a/modules/terraform-aws-ca-lambda/utils/certs/s3.py b/modules/terraform-aws-ca-lambda/utils/certs/s3.py
@@ -42,7 +42,7 @@ def s3_upload(
     return s3_upload_file(file, internal_s3_bucket_name, key, content_type)
 
 
-def convert_to_json(input_str):
+def convert_x509_subject_str_to_dict(input_str):
     # split string by commas
     pairs = input_str.split(",")
 
@@ -55,16 +55,20 @@ def convert_to_json(input_str):
     return json_dictionary
 
 
-def is_cert_gitops(internal_s3_bucket_name, subject):
-    subject_json = convert_to_json(subject)
+def cert_issued_via_gitops(internal_s3_bucket_name, subject):
+    # get list of GitOps certificates from internal S3 bucket
+    tls_file = s3_download_file(internal_s3_bucket_name, "tls.json")
+
+    return is_cert_gitops(tls_file, subject)
+
+
+def is_cert_gitops(tls_file, subject):
+    subject_json = convert_x509_subject_str_to_dict(subject)
 
     cn = subject_json["CN"]
     o = subject_json.get("O")
     ou = subject_json.get("OU")
 
-    # get list of GitOps certificates from internal S3 bucket
-    tls_file = s3_download_file(internal_s3_bucket_name, "tls.json")
-
     if tls_file is None:
         gitops_certs = []
 

diff --git a/modules/terraform-aws-ca-sns/locals.tf b/modules/terraform-aws-ca-sns/locals.tf
@@ -1,5 +1,5 @@
 locals {
-  sns_topic_display_name = coalesce(var.custom_sns_topic_name, title(replace("${var.project}-${var.function}-${var.env}", "-", " ")))
+  sns_topic_display_name = coalesce(var.custom_sns_topic_name, replace(title(replace("${var.project}-${var.function}-${var.env}", "-", " ")), " Ca ", " CA "))
   sns_topic_name         = coalesce(var.custom_sns_topic_name, "${var.project}-${var.function}-${var.env}")
 
   tags = merge(var.tags, {

diff --git a/tests/test_issued_certs.py b/tests/test_issued_certs.py
@@ -318,6 +318,8 @@ def test_csr_uploaded_to_s3():
 
     assert_that(issued_cert.subject.rfc4514_string()).is_equal_to(expected_subject)
     if test_sns:
+        # check SNS messsage received via email subscription 
+        # TODO: implement programatically within tests
         delete_s3_object(bucket_name, "tls.json")