Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into get_by_attributes

This commit is contained in:
Curtis 2018-10-24 07:20:46 -07:00 committed by GitHub
parent b058508478 9d7ad28ca1
commit 2138930102
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker-compose.yml
View File

@ -17,3 +17,8 @@ services:
environment: environment:
POSTGRES_USER: lemur POSTGRES_USER: lemur
POSTGRES_PASSWORD: lemur POSTGRES_PASSWORD: lemur
redis:
image: "redis:alpine"
ports:
- "6379:6379"

1
lemur/certificates/models.py
View File

@ -360,6 +360,7 @@ def update_destinations(target, value, initiator):
status = SUCCESS_METRIC_STATUS status = SUCCESS_METRIC_STATUS
except Exception as e: except Exception as e:
sentry.captureException() sentry.captureException()
raise
metrics.send('destination_upload', 'counter', 1, metrics.send('destination_upload', 'counter', 1,
metric_tags={'status': status, 'certificate': target.name, 'destination': value.label}) metric_tags={'status': status, 'certificate': target.name, 'destination': value.label})

2
lemur/certificates/service.py
View File

@ -106,7 +106,7 @@ def get_all_pending_cleaning(source):
:return: :return:
""" """
return Certificate.query.filter(Certificate.sources.any(id=source.id)) \ return Certificate.query.filter(Certificate.sources.any(id=source.id)) \
.filter(not_(Certificate.endpoints.any())).all() .filter(not_(Certificate.endpoints.any())).filter(Certificate.expired).all()
def get_all_pending_reissue(): def get_all_pending_reissue():

28
lemur/common/celery.py
View File

@ -19,6 +19,7 @@ from lemur.factory import create_app
from lemur.notifications.messaging import send_pending_failure_notification from lemur.notifications.messaging import send_pending_failure_notification
from lemur.pending_certificates import service as pending_certificate_service from lemur.pending_certificates import service as pending_certificate_service
from lemur.plugins.base import plugins from lemur.plugins.base import plugins
from lemur.sources.cli import clean, validate_sources
flask_app = create_app() flask_app = create_app()
@ -142,7 +143,7 @@ def fetch_all_pending_acme_certs():
cert_authority = get_authority(cert.authority_id) cert_authority = get_authority(cert.authority_id)
if cert_authority.plugin_name == 'acme-issuer': if cert_authority.plugin_name == 'acme-issuer':
if cert.last_updated == cert.date_created or datetime.now( if cert.last_updated == cert.date_created or datetime.now(
timezone.utc) - cert.last_updated > timedelta(minutes=3): timezone.utc) - cert.last_updated > timedelta(minutes=5):
fetch_acme_cert.delay(cert.id) fetch_acme_cert.delay(cert.id)
@ -162,3 +163,28 @@ def remove_old_acme_certs():
log_data['message'] = "Deleting pending certificate" log_data['message'] = "Deleting pending certificate"
current_app.logger.debug(log_data) current_app.logger.debug(log_data)
pending_certificate_service.delete(cert.id) pending_certificate_service.delete(cert.id)
@celery.task()
def clean_all_sources():
"""
This function will clean unused certificates from sources. This is a destructive operation and should only
be ran periodically. This function triggers one celery task per source.
"""
sources = validate_sources("all")
for source in sources:
current_app.logger.debug("Creating celery task to clean source {}".format(source.label))
clean_source.delay(source.label)
@celery.task()
def clean_source(source):
"""
This celery task will clean the specified source. This is a destructive operation that will delete unused
certificates from each source.
:param source:
:return:
"""
current_app.logger.debug("Cleaning source {}".format(source))
clean([source], True)

2
lemur/plugins/lemur_aws/iam.py
View File

@ -66,7 +66,7 @@ def upload_cert(name, body, private_key, path, cert_chain=None, **kwargs):
""" """
client = kwargs.pop('client') client = kwargs.pop('client')
if not path: if not path or path == '/':
path = '/' path = '/'
else: else:
name = name + '-' + path.strip('/') name = name + '-' + path.strip('/')

2
requirements-dev.txt
View File

@ -32,7 +32,7 @@ requests-toolbelt==0.8.0 # via twine
requests==2.20.0 # via requests-toolbelt, twine requests==2.20.0 # via requests-toolbelt, twine
six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer
toml==0.10.0 # via pre-commit toml==0.10.0 # via pre-commit
tqdm==4.27.0 # via twine tqdm==4.28.1 # via twine
twine==1.12.1 twine==1.12.1
urllib3==1.24 # via requests urllib3==1.24 # via requests
virtualenv==16.0.0 # via pre-commit virtualenv==16.0.0 # via pre-commit

2
requirements-docs.txt
View File

@ -90,7 +90,7 @@ sphinxcontrib-websupport==1.1.0 # via sphinx
sqlalchemy-utils==0.33.6 sqlalchemy-utils==0.33.6
sqlalchemy==1.2.12 sqlalchemy==1.2.12
tabulate==0.8.2 tabulate==0.8.2
urllib3==1.23 urllib3==1.24
vine==1.1.4 vine==1.1.4
werkzeug==0.14.1 werkzeug==0.14.1
xmltodict==0.11.0 xmltodict==0.11.0

2
requirements-tests.txt
View File

@ -46,7 +46,7 @@ pyaml==17.12.1 # via moto
pycparser==2.19 # via cffi pycparser==2.19 # via cffi
pycryptodome==3.6.6 # via python-jose pycryptodome==3.6.6 # via python-jose
pyflakes==2.0.0 pyflakes==2.0.0
pytest-flask==0.13.0 pytest-flask==0.14.0
pytest-mock==1.10.0 pytest-mock==1.10.0
pytest==3.9.1 pytest==3.9.1
python-dateutil==2.7.3 # via botocore, faker, freezegun, moto python-dateutil==2.7.3 # via botocore, faker, freezegun, moto