Merge branch 'master' into get_by_attributes

2018-10-24 07:20:46 -07:00
parent b058508478 9d7ad28ca1
commit 2138930102
8 changed files with 38 additions and 6 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -360,6 +360,7 @@ def update_destinations(target, value, initiator):
            status = SUCCESS_METRIC_STATUS
    except Exception as e:
        sentry.captureException()
+        raise

    metrics.send('destination_upload', 'counter', 1,
                 metric_tags={'status': status, 'certificate': target.name, 'destination': value.label})
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -106,7 +106,7 @@ def get_all_pending_cleaning(source):
    :return:
    """
    return Certificate.query.filter(Certificate.sources.any(id=source.id)) \
-        .filter(not_(Certificate.endpoints.any())).all()
+        .filter(not_(Certificate.endpoints.any())).filter(Certificate.expired).all()


 def get_all_pending_reissue():
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@ -19,6 +19,7 @@ from lemur.factory import create_app
 from lemur.notifications.messaging import send_pending_failure_notification
 from lemur.pending_certificates import service as pending_certificate_service
 from lemur.plugins.base import plugins
+from lemur.sources.cli import clean, validate_sources

 flask_app = create_app()

@ -142,7 +143,7 @@ def fetch_all_pending_acme_certs():
        cert_authority = get_authority(cert.authority_id)
        if cert_authority.plugin_name == 'acme-issuer':
            if cert.last_updated == cert.date_created or datetime.now(
-                    timezone.utc) - cert.last_updated > timedelta(minutes=3):
+                    timezone.utc) - cert.last_updated > timedelta(minutes=5):
                fetch_acme_cert.delay(cert.id)


@ -162,3 +163,28 @@ def remove_old_acme_certs():
            log_data['message'] = "Deleting pending certificate"
            current_app.logger.debug(log_data)
            pending_certificate_service.delete(cert.id)
+
+
+@celery.task()
+def clean_all_sources():
+    """
+    This function will clean unused certificates from sources. This is a destructive operation and should only
+    be ran periodically. This function triggers one celery task per source.
+    """
+    sources = validate_sources("all")
+    for source in sources:
+        current_app.logger.debug("Creating celery task to clean source {}".format(source.label))
+        clean_source.delay(source.label)
+
+
+@celery.task()
+def clean_source(source):
+    """
+    This celery task will clean the specified source. This is a destructive operation that will delete unused
+    certificates from each source.
+
+    :param source:
+    :return:
+    """
+    current_app.logger.debug("Cleaning source {}".format(source))
+    clean([source], True)
--- a/lemur/plugins/lemur_aws/iam.py
+++ b/lemur/plugins/lemur_aws/iam.py
@ -66,7 +66,7 @@ def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs):
    """
    client = kwargs.pop('client')

-    if not path:
+    if not path or path == '/':
        path = '/'
    else:
        name = name + '-' + path.strip('/')