From 2c22c9c2f1a2a94dada5a87bf8256fa562c2ff0b Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Tue, 14 Aug 2018 14:37:45 -0700 Subject: [PATCH] Allow proper detection of zones, fix certificate detection --- lemur/migrations/versions/5ae0ecefb01f_.py | 32 +++++++++++++++++++ lemur/pending_certificates/cli.py | 4 +-- lemur/pending_certificates/models.py | 2 +- lemur/plugins/lemur_acme/plugin.py | 8 +++-- lemur/sources/service.py | 10 +++--- .../pending_certificates/view/view.tpl.html | 2 +- requirements-tests.txt | 8 ++--- requirements.txt | 6 ++-- 8 files changed, 54 insertions(+), 18 deletions(-) create mode 100644 lemur/migrations/versions/5ae0ecefb01f_.py diff --git a/lemur/migrations/versions/5ae0ecefb01f_.py b/lemur/migrations/versions/5ae0ecefb01f_.py new file mode 100644 index 00000000..a471c4bf --- /dev/null +++ b/lemur/migrations/versions/5ae0ecefb01f_.py @@ -0,0 +1,32 @@ +"""Convert pending cert status field to text + +Revision ID: 5ae0ecefb01f +Revises: 1db4f82bc780 +Create Date: 2018-08-14 08:16:43.329316 + +""" + +# revision identifiers, used by Alembic. +revision = '5ae0ecefb01f' +down_revision = '1db4f82bc780' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(): + op.alter_column( + table_name='pending_certs', + column_name='status', + nullable=True, + type_=sa.TEXT() + ) + + +def downgrade(): + op.alter_column( + table_name='pending_certs', + column_name='status', + nullable=True, + type_=sa.VARCHAR(128) + ) diff --git a/lemur/pending_certificates/cli.py b/lemur/pending_certificates/cli.py index 0deeaf68..cbce700d 100644 --- a/lemur/pending_certificates/cli.py +++ b/lemur/pending_certificates/cli.py @@ -107,12 +107,12 @@ def fetch_all_acme(): if pending_cert.number_attempts > 4: error_log["message"] = "Deleting pending certificate" send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify) - pending_certificate_service.delete_by_id(pending_cert.id) + pending_certificate_service.delete(pending_certificate_service.cancel(pending_cert)) else: pending_certificate_service.increment_attempt(pending_cert) pending_certificate_service.update( cert.get("pending_cert").id, - status=str(cert.get("last_error"))[0:128] + status=str(cert.get("last_error")) ) current_app.logger.error(error_log) log_data["message"] = "Complete" diff --git a/lemur/pending_certificates/models.py b/lemur/pending_certificates/models.py index a43834d4..bd516f67 100644 --- a/lemur/pending_certificates/models.py +++ b/lemur/pending_certificates/models.py @@ -39,7 +39,7 @@ class PendingCertificate(db.Model): date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False) dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE")) - status = Column(String(128)) + status = Column(Text(), nullable=True) rotation = Column(Boolean, default=False) user_id = Column(Integer, ForeignKey('users.id')) diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py index 1604fcdc..876f7f8b 100644 --- a/lemur/plugins/lemur_acme/plugin.py +++ b/lemur/plugins/lemur_acme/plugin.py @@ -213,7 +213,7 @@ class AcmeHandler(object): self.dns_providers_for_domain[domain] = [] for dns_provider in self.all_dns_providers: for name in dns_provider.domains: - if domain.endswith(name): + if domain.endswith("." + name): self.dns_providers_for_domain[domain].append(dns_provider) return self.dns_providers_for_domain @@ -475,7 +475,8 @@ class ACMEIssuerPlugin(IssuerPlugin): current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type)) dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1) account_number = credentials.get("account_id") - if dns_provider.provider_type == 'route53' and not account_number: + provider_type = dns_provider.provider_type + if provider_type == "route53" and not account_number: error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name) current_app.logger.error(error) raise InvalidConfiguration(error) @@ -483,6 +484,7 @@ class ACMEIssuerPlugin(IssuerPlugin): dns_provider = {} dns_provider_options = None account_number = None + provider_type = None domains = self.acme.get_domains(issuer_options) if not create_immediately: @@ -495,7 +497,7 @@ class ACMEIssuerPlugin(IssuerPlugin): authz_domains.append(d.value) dns_authorization = authorization_service.create(account_number, authz_domains, - dns_provider.get("provider_type")) + provider_type) # Return id of the DNS Authorization return None, None, dns_authorization.id diff --git a/lemur/sources/service.py b/lemur/sources/service.py index fbefbba1..227f1bce 100644 --- a/lemur/sources/service.py +++ b/lemur/sources/service.py @@ -115,13 +115,16 @@ def sync_certificates(source, user): certificates = s.get_certificates(source.options) for certificate in certificates: + exists = False if certificate.get('name'): - exists = [certificate_service.get_by_name(certificate['name'])] + result = certificate_service.get_by_name(certificate['name']) + if result: + exists = [result] - elif certificate.get('serial'): + if not exists and certificate.get('serial'): exists = certificate_service.get_by_serial(certificate['serial']) - else: + if not exists: cert = parse_certificate(certificate['body']) exists = certificate_service.get_by_serial(serial(cert)) @@ -129,7 +132,6 @@ def sync_certificates(source, user): certificate['owner'] = user.email certificate['creator'] = user - exists = [x for x in exists if x] if not exists: diff --git a/lemur/static/app/angular/pending_certificates/view/view.tpl.html b/lemur/static/app/angular/pending_certificates/view/view.tpl.html index d480cc2d..1f028793 100644 --- a/lemur/static/app/angular/pending_certificates/view/view.tpl.html +++ b/lemur/static/app/angular/pending_certificates/view/view.tpl.html @@ -82,7 +82,7 @@
  • Latest Status - + {{ pendingCertificate.status }}
  • diff --git a/requirements-tests.txt b/requirements-tests.txt index 38db62ae..5b2a2166 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -8,16 +8,16 @@ asn1crypto==0.24.0 # via cryptography atomicwrites==1.1.5 # via pytest attrs==18.1.0 # via pytest aws-xray-sdk==0.95 # via moto -boto3==1.7.75 # via moto +boto3==1.7.76 # via moto boto==2.49.0 # via moto -botocore==1.10.75 # via boto3, moto, s3transfer +botocore==1.10.76 # via boto3, moto, s3transfer certifi==2018.8.13 # via requests cffi==1.11.5 # via cryptography chardet==3.0.4 # via requests click==6.7 # via flask cookies==2.2.1 # via moto, responses coverage==4.5.1 -cryptography==2.3 # via moto +cryptography==2.3.1 # via moto docker-pycreds==0.3.0 # via docker docker==3.5.0 # via moto docutils==0.14 # via botocore @@ -59,7 +59,7 @@ s3transfer==0.1.13 # via boto3 six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client text-unidecode==1.2 # via faker urllib3==1.23 # via requests -websocket-client==0.48.0 # via docker +websocket-client==0.49.0 # via docker werkzeug==0.14.1 # via flask, moto, pytest-flask wrapt==1.10.11 # via aws-xray-sdk xmltodict==0.11.0 # via moto diff --git a/requirements.txt b/requirements.txt index 47576f03..8792fcfd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,14 +13,14 @@ asn1crypto==0.24.0 # via cryptography asyncpool==1.0 bcrypt==3.1.4 # via flask-bcrypt, paramiko blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.7.75 -botocore==1.10.75 # via boto3, s3transfer +boto3==1.7.76 +botocore==1.10.76 # via boto3, s3transfer certifi==2018.8.13 cffi==1.11.5 # via bcrypt, cryptography, pynacl chardet==3.0.4 # via requests click==6.7 # via flask cloudflare==2.1.0 -cryptography==2.3 +cryptography==2.3.1 dnspython3==1.15.0 dnspython==1.15.0 # via dnspython3 docutils==0.14 # via botocore