Allow proper detection of zones, fix certificate detection
This commit is contained in:
parent
e050177c08
commit
2c22c9c2f1
|
@ -0,0 +1,32 @@
|
||||||
|
"""Convert pending cert status field to text
|
||||||
|
|
||||||
|
Revision ID: 5ae0ecefb01f
|
||||||
|
Revises: 1db4f82bc780
|
||||||
|
Create Date: 2018-08-14 08:16:43.329316
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '5ae0ecefb01f'
|
||||||
|
down_revision = '1db4f82bc780'
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
op.alter_column(
|
||||||
|
table_name='pending_certs',
|
||||||
|
column_name='status',
|
||||||
|
nullable=True,
|
||||||
|
type_=sa.TEXT()
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
op.alter_column(
|
||||||
|
table_name='pending_certs',
|
||||||
|
column_name='status',
|
||||||
|
nullable=True,
|
||||||
|
type_=sa.VARCHAR(128)
|
||||||
|
)
|
|
@ -107,12 +107,12 @@ def fetch_all_acme():
|
||||||
if pending_cert.number_attempts > 4:
|
if pending_cert.number_attempts > 4:
|
||||||
error_log["message"] = "Deleting pending certificate"
|
error_log["message"] = "Deleting pending certificate"
|
||||||
send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify)
|
send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify)
|
||||||
pending_certificate_service.delete_by_id(pending_cert.id)
|
pending_certificate_service.delete(pending_certificate_service.cancel(pending_cert))
|
||||||
else:
|
else:
|
||||||
pending_certificate_service.increment_attempt(pending_cert)
|
pending_certificate_service.increment_attempt(pending_cert)
|
||||||
pending_certificate_service.update(
|
pending_certificate_service.update(
|
||||||
cert.get("pending_cert").id,
|
cert.get("pending_cert").id,
|
||||||
status=str(cert.get("last_error"))[0:128]
|
status=str(cert.get("last_error"))
|
||||||
)
|
)
|
||||||
current_app.logger.error(error_log)
|
current_app.logger.error(error_log)
|
||||||
log_data["message"] = "Complete"
|
log_data["message"] = "Complete"
|
||||||
|
|
|
@ -39,7 +39,7 @@ class PendingCertificate(db.Model):
|
||||||
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
|
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
|
||||||
dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))
|
dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))
|
||||||
|
|
||||||
status = Column(String(128))
|
status = Column(Text(), nullable=True)
|
||||||
|
|
||||||
rotation = Column(Boolean, default=False)
|
rotation = Column(Boolean, default=False)
|
||||||
user_id = Column(Integer, ForeignKey('users.id'))
|
user_id = Column(Integer, ForeignKey('users.id'))
|
||||||
|
|
|
@ -213,7 +213,7 @@ class AcmeHandler(object):
|
||||||
self.dns_providers_for_domain[domain] = []
|
self.dns_providers_for_domain[domain] = []
|
||||||
for dns_provider in self.all_dns_providers:
|
for dns_provider in self.all_dns_providers:
|
||||||
for name in dns_provider.domains:
|
for name in dns_provider.domains:
|
||||||
if domain.endswith(name):
|
if domain.endswith("." + name):
|
||||||
self.dns_providers_for_domain[domain].append(dns_provider)
|
self.dns_providers_for_domain[domain].append(dns_provider)
|
||||||
return self.dns_providers_for_domain
|
return self.dns_providers_for_domain
|
||||||
|
|
||||||
|
@ -475,7 +475,8 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
|
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
|
||||||
dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1)
|
dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1)
|
||||||
account_number = credentials.get("account_id")
|
account_number = credentials.get("account_id")
|
||||||
if dns_provider.provider_type == 'route53' and not account_number:
|
provider_type = dns_provider.provider_type
|
||||||
|
if provider_type == "route53" and not account_number:
|
||||||
error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name)
|
error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name)
|
||||||
current_app.logger.error(error)
|
current_app.logger.error(error)
|
||||||
raise InvalidConfiguration(error)
|
raise InvalidConfiguration(error)
|
||||||
|
@ -483,6 +484,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
dns_provider = {}
|
dns_provider = {}
|
||||||
dns_provider_options = None
|
dns_provider_options = None
|
||||||
account_number = None
|
account_number = None
|
||||||
|
provider_type = None
|
||||||
|
|
||||||
domains = self.acme.get_domains(issuer_options)
|
domains = self.acme.get_domains(issuer_options)
|
||||||
if not create_immediately:
|
if not create_immediately:
|
||||||
|
@ -495,7 +497,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
authz_domains.append(d.value)
|
authz_domains.append(d.value)
|
||||||
|
|
||||||
dns_authorization = authorization_service.create(account_number, authz_domains,
|
dns_authorization = authorization_service.create(account_number, authz_domains,
|
||||||
dns_provider.get("provider_type"))
|
provider_type)
|
||||||
# Return id of the DNS Authorization
|
# Return id of the DNS Authorization
|
||||||
return None, None, dns_authorization.id
|
return None, None, dns_authorization.id
|
||||||
|
|
||||||
|
|
|
@ -115,13 +115,16 @@ def sync_certificates(source, user):
|
||||||
certificates = s.get_certificates(source.options)
|
certificates = s.get_certificates(source.options)
|
||||||
|
|
||||||
for certificate in certificates:
|
for certificate in certificates:
|
||||||
|
exists = False
|
||||||
if certificate.get('name'):
|
if certificate.get('name'):
|
||||||
exists = [certificate_service.get_by_name(certificate['name'])]
|
result = certificate_service.get_by_name(certificate['name'])
|
||||||
|
if result:
|
||||||
|
exists = [result]
|
||||||
|
|
||||||
elif certificate.get('serial'):
|
if not exists and certificate.get('serial'):
|
||||||
exists = certificate_service.get_by_serial(certificate['serial'])
|
exists = certificate_service.get_by_serial(certificate['serial'])
|
||||||
|
|
||||||
else:
|
if not exists:
|
||||||
cert = parse_certificate(certificate['body'])
|
cert = parse_certificate(certificate['body'])
|
||||||
exists = certificate_service.get_by_serial(serial(cert))
|
exists = certificate_service.get_by_serial(serial(cert))
|
||||||
|
|
||||||
|
@ -129,7 +132,6 @@ def sync_certificates(source, user):
|
||||||
certificate['owner'] = user.email
|
certificate['owner'] = user.email
|
||||||
|
|
||||||
certificate['creator'] = user
|
certificate['creator'] = user
|
||||||
|
|
||||||
exists = [x for x in exists if x]
|
exists = [x for x in exists if x]
|
||||||
|
|
||||||
if not exists:
|
if not exists:
|
||||||
|
|
|
@ -82,7 +82,7 @@
|
||||||
</li>
|
</li>
|
||||||
<li class="list-group-item">
|
<li class="list-group-item">
|
||||||
<strong>Latest Status</strong>
|
<strong>Latest Status</strong>
|
||||||
<span class="pull-right">
|
<span class="center-block">
|
||||||
{{ pendingCertificate.status }}
|
{{ pendingCertificate.status }}
|
||||||
</span>
|
</span>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -8,16 +8,16 @@ asn1crypto==0.24.0 # via cryptography
|
||||||
atomicwrites==1.1.5 # via pytest
|
atomicwrites==1.1.5 # via pytest
|
||||||
attrs==18.1.0 # via pytest
|
attrs==18.1.0 # via pytest
|
||||||
aws-xray-sdk==0.95 # via moto
|
aws-xray-sdk==0.95 # via moto
|
||||||
boto3==1.7.75 # via moto
|
boto3==1.7.76 # via moto
|
||||||
boto==2.49.0 # via moto
|
boto==2.49.0 # via moto
|
||||||
botocore==1.10.75 # via boto3, moto, s3transfer
|
botocore==1.10.76 # via boto3, moto, s3transfer
|
||||||
certifi==2018.8.13 # via requests
|
certifi==2018.8.13 # via requests
|
||||||
cffi==1.11.5 # via cryptography
|
cffi==1.11.5 # via cryptography
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
click==6.7 # via flask
|
click==6.7 # via flask
|
||||||
cookies==2.2.1 # via moto, responses
|
cookies==2.2.1 # via moto, responses
|
||||||
coverage==4.5.1
|
coverage==4.5.1
|
||||||
cryptography==2.3 # via moto
|
cryptography==2.3.1 # via moto
|
||||||
docker-pycreds==0.3.0 # via docker
|
docker-pycreds==0.3.0 # via docker
|
||||||
docker==3.5.0 # via moto
|
docker==3.5.0 # via moto
|
||||||
docutils==0.14 # via botocore
|
docutils==0.14 # via botocore
|
||||||
|
@ -59,7 +59,7 @@ s3transfer==0.1.13 # via boto3
|
||||||
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
||||||
text-unidecode==1.2 # via faker
|
text-unidecode==1.2 # via faker
|
||||||
urllib3==1.23 # via requests
|
urllib3==1.23 # via requests
|
||||||
websocket-client==0.48.0 # via docker
|
websocket-client==0.49.0 # via docker
|
||||||
werkzeug==0.14.1 # via flask, moto, pytest-flask
|
werkzeug==0.14.1 # via flask, moto, pytest-flask
|
||||||
wrapt==1.10.11 # via aws-xray-sdk
|
wrapt==1.10.11 # via aws-xray-sdk
|
||||||
xmltodict==0.11.0 # via moto
|
xmltodict==0.11.0 # via moto
|
||||||
|
|
|
@ -13,14 +13,14 @@ asn1crypto==0.24.0 # via cryptography
|
||||||
asyncpool==1.0
|
asyncpool==1.0
|
||||||
bcrypt==3.1.4 # via flask-bcrypt, paramiko
|
bcrypt==3.1.4 # via flask-bcrypt, paramiko
|
||||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||||
boto3==1.7.75
|
boto3==1.7.76
|
||||||
botocore==1.10.75 # via boto3, s3transfer
|
botocore==1.10.76 # via boto3, s3transfer
|
||||||
certifi==2018.8.13
|
certifi==2018.8.13
|
||||||
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
click==6.7 # via flask
|
click==6.7 # via flask
|
||||||
cloudflare==2.1.0
|
cloudflare==2.1.0
|
||||||
cryptography==2.3
|
cryptography==2.3.1
|
||||||
dnspython3==1.15.0
|
dnspython3==1.15.0
|
||||||
dnspython==1.15.0 # via dnspython3
|
dnspython==1.15.0 # via dnspython3
|
||||||
docutils==0.14 # via botocore
|
docutils==0.14 # via botocore
|
||||||
|
|
Loading…
Reference in New Issue