Merge remote-tracking branch 'upstream/master'

docs/administration.rst

@@ -274,7 +274,6 @@ Lemur supports sending certification expiration notifications through SES and SM
 
             LEMUR_SECURITY_TEAM_EMAIL = ['security@example.com']
 
-
 .. data:: LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS
     :noindex:
 
@@ -284,6 +283,15 @@ Lemur supports sending certification expiration notifications through SES and SM
 
             LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS = [30, 15, 2]
 
+.. data:: LEMUR_SECURITY_TEAM_EMAIL_INTERVALS
+    :noindex:
+
+       Alternate notification interval set for security team notifications. Use this if you would like the default security team notification interval for new certificates to differ from the global default as specified in LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS. If unspecified, the value of LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS is used. Security team default notifications for new certificates can effectively be disabled by setting this value to an empty array.
+
+       ::
+
+          LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]
+
 
 Authentication Options
 ----------------------

lemur/certificates/schemas.py

@@ -48,9 +48,11 @@ class CertificateCreationSchema(CertificateSchema):
                 "DEFAULT_{0}".format(data['owner'].split('@')[0].upper()),
                 [data['owner']],
             )
+
             data['notifications'] += notification_service.create_default_expiration_notifications(
                 'DEFAULT_SECURITY',
-                current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')
+                current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL'),
+                current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL_INTERVALS', None)
             )
         return data
 

lemur/notifications/service.py

@@ -16,10 +16,11 @@ from lemur.common.utils import truthiness
 from lemur.notifications.models import Notification
 
 
-def create_default_expiration_notifications(name, recipients):
+def create_default_expiration_notifications(name, recipients, intervals=None):
     """
-    Will create standard 30, 10 and 2 day notifications for a given owner. If standard notifications
+    Will create standard 30, 10 and 2 day notifications for a given owner unless an alternate set of
-    already exist these will be returned instead of new notifications.
+    intervals is supplied. If standard notifications already exist these will be returned instead of
+    new notifications.
 
     :param name:
     :param recipients:
@@ -48,7 +49,8 @@ def create_default_expiration_notifications(name, recipients):
         },
     ]
 
-    intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS", [30, 15, 2])
+    if intervals is None:
+        intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS", [30, 15, 2])
 
     notifications = []
     for i in intervals:

requirements-dev.txt

@@ -10,16 +10,16 @@ certifi==2018.4.16        # via requests
 cfgv==1.1.0               # via pre-commit
 chardet==3.0.4            # via requests
 flake8==3.5.0
-identify==1.1.0           # via pre-commit
+identify==1.1.3           # via pre-commit
 idna==2.7                 # via requests
-invoke==1.0.0
+invoke==1.1.0
 mccabe==0.6.1             # via flake8
 nodeenv==1.3.1
 pkginfo==1.4.2            # via twine
-pre-commit==1.10.2
+pre-commit==1.10.3
 pycodestyle==2.3.1        # via flake8
 pyflakes==1.6.0           # via flake8
-pyyaml==3.12              # via aspy.yaml, pre-commit
+pyyaml==3.13              # via aspy.yaml, pre-commit
 requests-toolbelt==0.8.0  # via twine
 requests==2.19.1          # via requests-toolbelt, twine
 six==1.11.0               # via cfgv, pre-commit

requirements-docs.txt

@@ -4,7 +4,7 @@
 #
 #    pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in
 #
-acme==0.25.1
+acme==0.26.0
 alabaster==0.7.11         # via sphinx
 alembic-autogenerate-enums==0.0.2
 alembic==0.9.10
@@ -15,8 +15,8 @@ asyncpool==1.0
 babel==2.6.0              # via sphinx
 bcrypt==3.1.4
 blinker==1.4
-boto3==1.7.48
+boto3==1.7.56
-botocore==1.10.48
+botocore==1.10.56
 certifi==2018.4.16
 cffi==1.11.5
 click==6.7
@@ -36,7 +36,7 @@ flask-script==2.0.6
 flask-sqlalchemy==2.3.2
 flask==0.12
 future==0.16.0
-gunicorn==19.8.1
+gunicorn==19.9.0
 idna==2.7
 imagesize==1.0.0          # via sphinx
 inflection==0.3.1
@@ -54,7 +54,7 @@ mock==2.0.0
 ndg-httpsclient==0.5.0
 packaging==17.1           # via sphinx
 paramiko==2.4.1
-pbr==4.0.4
+pbr==4.1.0
 pem==18.1.0
 psycopg2==2.7.5
 pyasn1-modules==0.2.2
@@ -69,7 +69,7 @@ pyrfc3339==1.1
 python-dateutil==2.7.3
 python-editor==1.0.3
 pytz==2018.5
-pyyaml==3.12
+pyyaml==3.13
 raven[flask]==6.9.0
 requests-toolbelt==0.8.0
 requests[security]==2.11.1
@@ -78,8 +78,8 @@ s3transfer==0.1.13
 six==1.11.0
 snowballstemmer==1.2.1    # via sphinx
 sphinx-rtd-theme==0.4.0
-sphinx==1.7.5
+sphinx==1.7.6
-sphinxcontrib-httpdomain==1.6.1
+sphinxcontrib-httpdomain==1.7.0
 sphinxcontrib-websupport==1.1.0  # via sphinx
 sqlalchemy-utils==0.33.3
 sqlalchemy==1.2.9

requirements-tests.txt

@@ -8,9 +8,9 @@ asn1crypto==0.24.0        # via cryptography
 atomicwrites==1.1.5       # via pytest
 attrs==18.1.0             # via pytest
 aws-xray-sdk==0.95        # via moto
-boto3==1.7.48             # via moto
+boto3==1.7.59             # via moto
-boto==2.48.0              # via moto
+boto==2.49.0              # via moto
-botocore==1.10.48         # via boto3, moto, s3transfer
+botocore==1.10.59         # via boto3, moto, s3transfer
 certifi==2018.4.16        # via requests
 cffi==1.11.5              # via cryptography
 chardet==3.0.4            # via requests
@@ -22,7 +22,7 @@ docker-pycreds==0.3.0     # via docker
 docker==3.4.1             # via moto
 docutils==0.14            # via botocore
 factory-boy==2.11.1
-faker==0.8.16
+faker==0.8.17
 flask==1.0.2              # via pytest-flask
 freezegun==0.3.10
 idna==2.7                 # via cryptography, requests
@@ -36,7 +36,7 @@ mock==2.0.0               # via moto
 more-itertools==4.2.0     # via pytest
 moto==1.3.3
 nose==1.3.7
-pbr==4.0.4                # via mock
+pbr==4.1.0                # via mock
 pluggy==0.6.0             # via pytest
 py==1.5.4                 # via pytest
 pyaml==17.12.1            # via moto
@@ -44,10 +44,10 @@ pycparser==2.18           # via cffi
 pyflakes==2.0.0
 pytest-flask==0.10.0
 pytest-mock==1.10.0
-pytest==3.6.2
+pytest==3.6.3
 python-dateutil==2.6.1    # via botocore, faker, freezegun, moto
 pytz==2018.5              # via moto
-pyyaml==3.12              # via pyaml
+pyyaml==3.13              # via pyaml
 requests-mock==1.5.0
 requests==2.19.1          # via aws-xray-sdk, docker, moto, requests-mock, responses
 responses==0.9.0          # via moto

requirements.in

@@ -31,10 +31,10 @@ paramiko  # required for the SFTP destination plugin
 pem
 psycopg2
 pyjwt
-pyOpenSSL==17.2.0 # PINNED for a specific reason. This needs to be merged in before upgrade: https://github.com/shazow/urllib3/pull/1246
+pyOpenSSL
 python_ldap
 raven[flask]
-requests==2.11.1 # PINNED for a specific reason. This needs to be merged in before upgrade: https://github.com/shazow/urllib3/pull/1246
+requests
 retrying
 six
 SQLAlchemy-Utils

requirements.txt

@@ -4,19 +4,20 @@
 #
 #    pip-compile --no-index --output-file requirements.txt requirements.in
 #
-acme==0.25.1
+acme==0.26.1
 alembic-autogenerate-enums==0.0.2
-alembic==0.9.10           # via flask-migrate
+alembic==1.0.0            # via flask-migrate
 aniso8601==3.0.2          # via flask-restful
 arrow==0.12.1
 asn1crypto==0.24.0        # via cryptography
 asyncpool==1.0
 bcrypt==3.1.4             # via flask-bcrypt, paramiko
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.7.48
+boto3==1.7.59
-botocore==1.10.48         # via boto3, s3transfer
+botocore==1.10.59         # via boto3, s3transfer
 certifi==2018.4.16
 cffi==1.11.5              # via bcrypt, cryptography, pynacl
+chardet==3.0.4            # via requests
 click==6.7                # via flask
 cloudflare==2.1.0
 cryptography==2.2.2
@@ -34,8 +35,8 @@ flask-script==2.0.6
 flask-sqlalchemy==2.3.2
 flask==0.12
 future==0.16.0
-gunicorn==19.8.1
+gunicorn==19.9.0
-idna==2.7                 # via cryptography
+idna==2.7                 # via cryptography, requests
 inflection==0.3.1
 itsdangerous==0.24        # via flask
 jinja2==2.10
@@ -50,29 +51,30 @@ marshmallow==2.15.3
 mock==2.0.0               # via acme
 ndg-httpsclient==0.5.0
 paramiko==2.4.1
-pbr==4.0.4                # via mock
+pbr==4.1.0                # via mock
 pem==18.1.0
 psycopg2==2.7.5
 pyasn1-modules==0.2.2     # via python-ldap
-pyasn1==0.4.3             # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap, requests
+pyasn1==0.4.3             # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
 pycparser==2.18           # via cffi
 pyjwt==1.6.4
 pynacl==1.2.1             # via paramiko
-pyopenssl==17.2.0
+pyopenssl==18.0.0
 pyrfc3339==1.1            # via acme
 python-dateutil==2.7.3    # via alembic, arrow, botocore
 python-editor==1.0.3      # via alembic
 python-ldap==3.1.0
 pytz==2018.5              # via acme, flask-restful, pyrfc3339
-pyyaml==3.12              # via cloudflare
+pyyaml==3.13              # via cloudflare
 raven[flask]==6.9.0
 requests-toolbelt==0.8.0  # via acme
-requests[security]==2.11.1
+requests[security]==2.19.1
 retrying==1.3.3
 s3transfer==0.1.13        # via boto3
 six==1.11.0
 sqlalchemy-utils==0.33.3
-sqlalchemy==1.2.9         # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
+sqlalchemy==1.2.10        # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
 tabulate==0.8.2
+urllib3==1.23             # via requests
 werkzeug==0.14.1          # via flask
 xmltodict==0.11.0