Merge pull request #1 from Netflix/master

Merge fork with updated master again
This commit is contained in:
sirferl 2018-12-20 09:10:46 +01:00 committed by GitHub
commit 194e2a43e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 59 additions and 68 deletions

View File

@ -238,17 +238,7 @@ def reissue(old_certificate_name, commit):
if not old_cert: if not old_cert:
for certificate in get_all_pending_reissue(): for certificate in get_all_pending_reissue():
try: request_reissue(certificate, commit)
request_reissue(certificate, commit)
except Exception as e:
sentry.captureException()
current_app.logger.exception(
"Error reissuing certificate: {}".format(certificate.name), exc_info=True)
print(
"[!] Failed to reissue certificates. Reason: {}".format(
e
)
)
else: else:
request_reissue(old_cert, commit) request_reissue(old_cert, commit)
@ -275,30 +265,31 @@ def query(fqdns, issuer, owner, expired):
table = [] table = []
q = database.session_query(Certificate) q = database.session_query(Certificate)
if issuer:
sub_query = database.session_query(Authority.id) \
.filter(Authority.name.ilike('%{0}%'.format(issuer))) \
.subquery()
sub_query = database.session_query(Authority.id) \ q = q.filter(
.filter(Authority.name.ilike('%{0}%'.format(issuer))) \ or_(
.subquery() Certificate.issuer.ilike('%{0}%'.format(issuer)),
Certificate.authority_id.in_(sub_query)
q = q.filter( )
or_(
Certificate.issuer.ilike('%{0}%'.format(issuer)),
Certificate.authority_id.in_(sub_query)
) )
) if owner:
q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner)))
q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner)))
if not expired: if not expired:
q = q.filter(Certificate.expired == False) # noqa q = q.filter(Certificate.expired == False) # noqa
for f in fqdns.split(','): if fqdns:
q = q.filter( for f in fqdns.split(','):
or_( q = q.filter(
Certificate.cn.ilike('%{0}%'.format(f)), or_(
Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f))) Certificate.cn.ilike('%{0}%'.format(f)),
Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f)))
)
) )
)
for c in q.all(): for c in q.all():
table.append([c.id, c.name, c.owner, c.issuer]) table.append([c.id, c.name, c.owner, c.issuer])
@ -373,10 +364,7 @@ def check_revoked():
else: else:
status = verify_string(cert.body, "") status = verify_string(cert.body, "")
if status is None: cert.status = 'valid' if status else 'revoked'
cert.status = 'unknown'
else:
cert.status = 'valid' if status else 'revoked'
except Exception as e: except Exception as e:
sentry.captureException() sentry.captureException()

View File

@ -350,6 +350,7 @@ class SubjectAlternativeNameExtension(Field):
value = value.dotted_string value = value.dotted_string
else: else:
current_app.logger.warning('Unknown SubAltName type: {name}'.format(name=name)) current_app.logger.warning('Unknown SubAltName type: {name}'.format(name=name))
continue
general_names.append({'nameType': name_type, 'value': value}) general_names.append({'nameType': name_type, 'value': value})

View File

@ -163,7 +163,7 @@ class AWSDestinationPlugin(DestinationPlugin):
'name': 'accountNumber', 'name': 'accountNumber',
'type': 'str', 'type': 'str',
'required': True, 'required': True,
'validation': '/^[0-9]{12,12}$/', 'validation': '[0-9]{12}',
'helpMessage': 'Must be a valid AWS account number!', 'helpMessage': 'Must be a valid AWS account number!',
}, },
{ {
@ -279,14 +279,14 @@ class S3DestinationPlugin(ExportDestinationPlugin):
'name': 'bucket', 'name': 'bucket',
'type': 'str', 'type': 'str',
'required': True, 'required': True,
'validation': '/^$|\s+/', 'validation': '[0-9a-z.-]{3,63}',
'helpMessage': 'Must be a valid S3 bucket name!', 'helpMessage': 'Must be a valid S3 bucket name!',
}, },
{ {
'name': 'accountNumber', 'name': 'accountNumber',
'type': 'str', 'type': 'str',
'required': True, 'required': True,
'validation': '/^[0-9]{12,12}$/', 'validation': '[0-9]{12}',
'helpMessage': 'A valid AWS account number with permission to access S3', 'helpMessage': 'A valid AWS account number with permission to access S3',
}, },
{ {
@ -308,7 +308,6 @@ class S3DestinationPlugin(ExportDestinationPlugin):
'name': 'prefix', 'name': 'prefix',
'type': 'str', 'type': 'str',
'required': False, 'required': False,
'validation': '/^$|\s+/',
'helpMessage': 'Must be a valid S3 object prefix!', 'helpMessage': 'Must be a valid S3 object prefix!',
} }
] ]

View File

@ -47,7 +47,9 @@
<select name="sub" ng-if="item.type == 'select'" class="form-control" ng-options="i for i in item.available" <select name="sub" ng-if="item.type == 'select'" class="form-control" ng-options="i for i in item.available"
ng-model="item.value"></select> ng-model="item.value"></select>
<input name="sub" ng-if="item.type == 'bool'" class="form-control" type="checkbox" ng-model="item.value"> <input name="sub" ng-if="item.type == 'bool'" class="form-control" type="checkbox" ng-model="item.value">
<input name="sub" ng-if="item.type == 'str'" type="text" class="form-control" ng-model="item.value"/> <input name="sub" ng-if="item.type == 'str'" type="text" class="form-control" ng-model="item.value" ng-pattern="item.validation"/>
<textarea name="sub" ng-if="item.type == 'textarea'" class="form-control"
ng-model="item.value" ng-pattern="item.validation"></textarea>
<div ng-if="item.type == 'export-plugin'"> <div ng-if="item.type == 'export-plugin'">
<form name="exportForm" class="form-horizontal" role="form" novalidate> <form name="exportForm" class="form-horizontal" role="form" novalidate>
<select class="form-control" ng-model="item.value" <select class="form-control" ng-model="item.value"
@ -69,6 +71,8 @@
ng-model="item.value"> ng-model="item.value">
<input name="sub" ng-if="item.type == 'str'" type="text" class="form-control" <input name="sub" ng-if="item.type == 'str'" type="text" class="form-control"
ng-model="item.value" ng-pattern="item.validation"/> ng-model="item.value" ng-pattern="item.validation"/>
<textarea name="sub" ng-if="item.type == 'textarea'" class="form-control"
ng-model="item.value" ng-pattern="item.validation"></textarea>
<p ng-show="subForm.sub.$invalid && !subForm.sub.$pristine" <p ng-show="subForm.sub.$invalid && !subForm.sub.$pristine"
class="help-block">{{ item.helpMessage }}</p> class="help-block">{{ item.helpMessage }}</p>
</div> </div>

View File

@ -13,9 +13,8 @@ chardet==3.0.4 # via requests
docutils==0.14 # via readme-renderer docutils==0.14 # via readme-renderer
flake8==3.5.0 flake8==3.5.0
identify==1.1.7 # via pre-commit identify==1.1.7 # via pre-commit
idna==2.7 # via requests idna==2.8 # via requests
importlib-metadata==0.7 # via pre-commit importlib-metadata==0.7 # via pre-commit
importlib-resources==1.0.2 # via pre-commit
invoke==1.2.0 invoke==1.2.0
mccabe==0.6.1 # via flake8 mccabe==0.6.1 # via flake8
nodeenv==1.3.3 nodeenv==1.3.3
@ -23,12 +22,12 @@ pkginfo==1.4.2 # via twine
pre-commit==1.12.0 pre-commit==1.12.0
pycodestyle==2.3.1 # via flake8 pycodestyle==2.3.1 # via flake8
pyflakes==1.6.0 # via flake8 pyflakes==1.6.0 # via flake8
pygments==2.3.0 # via readme-renderer pygments==2.3.1 # via readme-renderer
pyyaml==3.13 # via aspy.yaml, pre-commit pyyaml==3.13 # via aspy.yaml, pre-commit
readme-renderer==24.0 # via twine readme-renderer==24.0 # via twine
requests-toolbelt==0.8.0 # via twine requests-toolbelt==0.8.0 # via twine
requests==2.20.1 # via requests-toolbelt, twine requests==2.21.0 # via requests-toolbelt, twine
six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer six==1.12.0 # via bleach, cfgv, pre-commit, readme-renderer
toml==0.10.0 # via pre-commit toml==0.10.0 # via pre-commit
tqdm==4.28.1 # via twine tqdm==4.28.1 # via twine
twine==1.12.1 twine==1.12.1

View File

@ -4,7 +4,7 @@
# #
# pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in # pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in
# #
acme==0.28.0 acme==0.29.1
alabaster==0.7.12 # via sphinx alabaster==0.7.12 # via sphinx
alembic-autogenerate-enums==0.0.2 alembic-autogenerate-enums==0.0.2
alembic==1.0.5 alembic==1.0.5
@ -15,12 +15,12 @@ asn1crypto==0.24.0
asyncpool==1.0 asyncpool==1.0
babel==2.6.0 # via sphinx babel==2.6.0 # via sphinx
bcrypt==3.1.4 bcrypt==3.1.4
billiard==3.5.0.4 billiard==3.5.0.5
blinker==1.4 blinker==1.4
boto3==1.9.53 boto3==1.9.60
botocore==1.12.53 botocore==1.12.60
celery[redis]==4.2.1 celery[redis]==4.2.1
certifi==2018.10.15 certifi==2018.11.29
cffi==1.11.5 cffi==1.11.5
chardet==3.0.4 chardet==3.0.4
click==7.0 click==7.0
@ -49,7 +49,7 @@ jinja2==2.10
jmespath==0.9.3 jmespath==0.9.3
josepy==1.1.0 josepy==1.1.0
jsonlines==1.2.0 jsonlines==1.2.0
kombu==4.2.1 kombu==4.2.2
lockfile==0.12.2 lockfile==0.12.2
mako==1.0.7 mako==1.0.7
markupsafe==1.1.0 markupsafe==1.1.0
@ -65,8 +65,8 @@ psycopg2==2.7.6.1
pyasn1-modules==0.2.2 pyasn1-modules==0.2.2
pyasn1==0.4.4 pyasn1==0.4.4
pycparser==2.19 pycparser==2.19
pygments==2.3.0 # via sphinx pygments==2.3.1 # via sphinx
pyjwt==1.6.4 pyjwt==1.7.0
pynacl==1.3.0 pynacl==1.3.0
pyopenssl==18.0.0 pyopenssl==18.0.0
pyparsing==2.3.0 # via packaging pyparsing==2.3.0 # via packaging
@ -87,7 +87,7 @@ sphinx-rtd-theme==0.4.2
sphinx==1.8.2 sphinx==1.8.2
sphinxcontrib-httpdomain==1.7.0 sphinxcontrib-httpdomain==1.7.0
sphinxcontrib-websupport==1.1.0 # via sphinx sphinxcontrib-websupport==1.1.0 # via sphinx
sqlalchemy-utils==0.33.8 sqlalchemy-utils==0.33.9
sqlalchemy==1.2.14 sqlalchemy==1.2.14
tabulate==0.8.2 tabulate==0.8.2
urllib3==1.24.1 urllib3==1.24.1

View File

@ -8,9 +8,9 @@ asn1crypto==0.24.0 # via cryptography
atomicwrites==1.2.1 # via pytest atomicwrites==1.2.1 # via pytest
attrs==18.2.0 # via pytest attrs==18.2.0 # via pytest
aws-xray-sdk==0.95 # via moto aws-xray-sdk==0.95 # via moto
boto3==1.9.60 # via moto boto3==1.9.67 # via moto
boto==2.49.0 # via moto boto==2.49.0 # via moto
botocore==1.12.60 # via boto3, moto, s3transfer botocore==1.12.67 # via boto3, moto, s3transfer
certifi==2018.11.29 # via requests certifi==2018.11.29 # via requests
cffi==1.11.5 # via cryptography cffi==1.11.5 # via cryptography
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
@ -22,11 +22,11 @@ docker==3.6.0 # via moto
docutils==0.14 # via botocore docutils==0.14 # via botocore
ecdsa==0.13 # via python-jose ecdsa==0.13 # via python-jose
factory-boy==2.11.1 factory-boy==2.11.1
faker==1.0.0 faker==1.0.1
flask==1.0.2 # via pytest-flask flask==1.0.2 # via pytest-flask
freezegun==0.3.11 freezegun==0.3.11
future==0.17.1 # via python-jose future==0.17.1 # via python-jose
idna==2.7 # via cryptography, requests idna==2.8 # via cryptography, requests
itsdangerous==1.1.0 # via flask itsdangerous==1.1.0 # via flask
jinja2==2.10 # via flask, moto jinja2==2.10 # via flask, moto
jmespath==0.9.3 # via boto3, botocore jmespath==0.9.3 # via boto3, botocore
@ -46,16 +46,16 @@ pycryptodome==3.7.2 # via python-jose
pyflakes==2.0.0 pyflakes==2.0.0
pytest-flask==0.14.0 pytest-flask==0.14.0
pytest-mock==1.10.0 pytest-mock==1.10.0
pytest==4.0.1 pytest==4.0.2
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
python-jose==2.0.2 # via moto python-jose==2.0.2 # via moto
pytz==2018.7 # via moto pytz==2018.7 # via moto
pyyaml==3.13 # via pyaml pyyaml==3.13 # via pyaml
requests-mock==1.5.2 requests-mock==1.5.2
requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses requests==2.21.0 # via aws-xray-sdk, docker, moto, requests-mock, responses
responses==0.10.4 # via moto responses==0.10.5 # via moto
s3transfer==0.1.13 # via boto3 s3transfer==0.1.13 # via boto3
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client six==1.12.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
text-unidecode==1.2 # via faker text-unidecode==1.2 # via faker
urllib3==1.24.1 # via botocore, requests urllib3==1.24.1 # via botocore, requests
websocket-client==0.54.0 # via docker websocket-client==0.54.0 # via docker

View File

@ -12,11 +12,11 @@ aniso8601==4.0.1 # via flask-restful
arrow==0.12.1 arrow==0.12.1
asn1crypto==0.24.0 # via cryptography asn1crypto==0.24.0 # via cryptography
asyncpool==1.0 asyncpool==1.0
bcrypt==3.1.4 # via flask-bcrypt, paramiko bcrypt==3.1.5 # via flask-bcrypt, paramiko
billiard==3.5.0.5 # via celery billiard==3.5.0.5 # via celery
blinker==1.4 # via flask-mail, flask-principal, raven blinker==1.4 # via flask-mail, flask-principal, raven
boto3==1.9.60 boto3==1.9.67
botocore==1.12.60 botocore==1.12.67
celery[redis]==4.2.1 celery[redis]==4.2.1
certifi==2018.11.29 certifi==2018.11.29
cffi==1.11.5 # via bcrypt, cryptography, pynacl cffi==1.11.5 # via bcrypt, cryptography, pynacl
@ -33,13 +33,13 @@ flask-cors==3.0.7
flask-mail==0.9.1 flask-mail==0.9.1
flask-migrate==2.3.1 flask-migrate==2.3.1
flask-principal==0.4.0 flask-principal==0.4.0
flask-restful==0.3.6 flask-restful==0.3.7
flask-script==2.0.6 flask-script==2.0.6
flask-sqlalchemy==2.3.2 flask-sqlalchemy==2.3.2
flask==1.0.2 flask==1.0.2
future==0.17.1 future==0.17.1
gunicorn==19.9.0 gunicorn==19.9.0
idna==2.7 # via cryptography, requests idna==2.8 # via cryptography, requests
inflection==0.3.1 inflection==0.3.1
itsdangerous==1.1.0 # via flask itsdangerous==1.1.0 # via flask
jinja2==2.10 jinja2==2.10
@ -61,7 +61,7 @@ psycopg2==2.7.6.1
pyasn1-modules==0.2.2 # via python-ldap pyasn1-modules==0.2.2 # via python-ldap
pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
pycparser==2.19 # via cffi pycparser==2.19 # via cffi
pyjwt==1.7.0 pyjwt==1.7.1
pynacl==1.3.0 # via paramiko pynacl==1.3.0 # via paramiko
pyopenssl==18.0.0 pyopenssl==18.0.0
pyrfc3339==1.1 # via acme pyrfc3339==1.1 # via acme
@ -73,12 +73,12 @@ pyyaml==3.13 # via cloudflare
raven[flask]==6.9.0 raven[flask]==6.9.0
redis==2.10.6 redis==2.10.6
requests-toolbelt==0.8.0 # via acme requests-toolbelt==0.8.0 # via acme
requests[security]==2.20.1 requests[security]==2.21.0
retrying==1.3.3 retrying==1.3.3
s3transfer==0.1.13 # via boto3 s3transfer==0.1.13 # via boto3
six==1.11.0 six==1.12.0
sqlalchemy-utils==0.33.9 sqlalchemy-utils==0.33.9
sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils sqlalchemy==1.2.15 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
tabulate==0.8.2 tabulate==0.8.2
urllib3==1.24.1 # via botocore, requests urllib3==1.24.1 # via botocore, requests
vine==1.1.4 # via amqp vine==1.1.4 # via amqp