Allow proper detection of zones, fix certificate detection

This commit is contained in:
Curtis Castrapel 2018-08-14 14:37:45 -07:00
parent e050177c08
commit 2c22c9c2f1
8 changed files with 54 additions and 18 deletions

View File

@ -0,0 +1,32 @@
"""Convert pending cert status field to text
Revision ID: 5ae0ecefb01f
Revises: 1db4f82bc780
Create Date: 2018-08-14 08:16:43.329316
"""
# revision identifiers, used by Alembic.
revision = '5ae0ecefb01f'
down_revision = '1db4f82bc780'
from alembic import op
import sqlalchemy as sa
def upgrade():
op.alter_column(
table_name='pending_certs',
column_name='status',
nullable=True,
type_=sa.TEXT()
)
def downgrade():
op.alter_column(
table_name='pending_certs',
column_name='status',
nullable=True,
type_=sa.VARCHAR(128)
)

View File

@ -107,12 +107,12 @@ def fetch_all_acme():
if pending_cert.number_attempts > 4: if pending_cert.number_attempts > 4:
error_log["message"] = "Deleting pending certificate" error_log["message"] = "Deleting pending certificate"
send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify) send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify)
pending_certificate_service.delete_by_id(pending_cert.id) pending_certificate_service.delete(pending_certificate_service.cancel(pending_cert))
else: else:
pending_certificate_service.increment_attempt(pending_cert) pending_certificate_service.increment_attempt(pending_cert)
pending_certificate_service.update( pending_certificate_service.update(
cert.get("pending_cert").id, cert.get("pending_cert").id,
status=str(cert.get("last_error"))[0:128] status=str(cert.get("last_error"))
) )
current_app.logger.error(error_log) current_app.logger.error(error_log)
log_data["message"] = "Complete" log_data["message"] = "Complete"

View File

@ -39,7 +39,7 @@ class PendingCertificate(db.Model):
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False) date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE")) dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))
status = Column(String(128)) status = Column(Text(), nullable=True)
rotation = Column(Boolean, default=False) rotation = Column(Boolean, default=False)
user_id = Column(Integer, ForeignKey('users.id')) user_id = Column(Integer, ForeignKey('users.id'))

View File

@ -213,7 +213,7 @@ class AcmeHandler(object):
self.dns_providers_for_domain[domain] = [] self.dns_providers_for_domain[domain] = []
for dns_provider in self.all_dns_providers: for dns_provider in self.all_dns_providers:
for name in dns_provider.domains: for name in dns_provider.domains:
if domain.endswith(name): if domain.endswith("." + name):
self.dns_providers_for_domain[domain].append(dns_provider) self.dns_providers_for_domain[domain].append(dns_provider)
return self.dns_providers_for_domain return self.dns_providers_for_domain
@ -475,7 +475,8 @@ class ACMEIssuerPlugin(IssuerPlugin):
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type)) current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1) dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1)
account_number = credentials.get("account_id") account_number = credentials.get("account_id")
if dns_provider.provider_type == 'route53' and not account_number: provider_type = dns_provider.provider_type
if provider_type == "route53" and not account_number:
error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name) error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name)
current_app.logger.error(error) current_app.logger.error(error)
raise InvalidConfiguration(error) raise InvalidConfiguration(error)
@ -483,6 +484,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
dns_provider = {} dns_provider = {}
dns_provider_options = None dns_provider_options = None
account_number = None account_number = None
provider_type = None
domains = self.acme.get_domains(issuer_options) domains = self.acme.get_domains(issuer_options)
if not create_immediately: if not create_immediately:
@ -495,7 +497,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
authz_domains.append(d.value) authz_domains.append(d.value)
dns_authorization = authorization_service.create(account_number, authz_domains, dns_authorization = authorization_service.create(account_number, authz_domains,
dns_provider.get("provider_type")) provider_type)
# Return id of the DNS Authorization # Return id of the DNS Authorization
return None, None, dns_authorization.id return None, None, dns_authorization.id

View File

@ -115,13 +115,16 @@ def sync_certificates(source, user):
certificates = s.get_certificates(source.options) certificates = s.get_certificates(source.options)
for certificate in certificates: for certificate in certificates:
exists = False
if certificate.get('name'): if certificate.get('name'):
exists = [certificate_service.get_by_name(certificate['name'])] result = certificate_service.get_by_name(certificate['name'])
if result:
exists = [result]
elif certificate.get('serial'): if not exists and certificate.get('serial'):
exists = certificate_service.get_by_serial(certificate['serial']) exists = certificate_service.get_by_serial(certificate['serial'])
else: if not exists:
cert = parse_certificate(certificate['body']) cert = parse_certificate(certificate['body'])
exists = certificate_service.get_by_serial(serial(cert)) exists = certificate_service.get_by_serial(serial(cert))
@ -129,7 +132,6 @@ def sync_certificates(source, user):
certificate['owner'] = user.email certificate['owner'] = user.email
certificate['creator'] = user certificate['creator'] = user
exists = [x for x in exists if x] exists = [x for x in exists if x]
if not exists: if not exists:

View File

@ -82,7 +82,7 @@
</li> </li>
<li class="list-group-item"> <li class="list-group-item">
<strong>Latest Status</strong> <strong>Latest Status</strong>
<span class="pull-right"> <span class="center-block">
{{ pendingCertificate.status }} {{ pendingCertificate.status }}
</span> </span>
</li> </li>

View File

@ -8,16 +8,16 @@ asn1crypto==0.24.0 # via cryptography
atomicwrites==1.1.5 # via pytest atomicwrites==1.1.5 # via pytest
attrs==18.1.0 # via pytest attrs==18.1.0 # via pytest
aws-xray-sdk==0.95 # via moto aws-xray-sdk==0.95 # via moto
boto3==1.7.75 # via moto boto3==1.7.76 # via moto
boto==2.49.0 # via moto boto==2.49.0 # via moto
botocore==1.10.75 # via boto3, moto, s3transfer botocore==1.10.76 # via boto3, moto, s3transfer
certifi==2018.8.13 # via requests certifi==2018.8.13 # via requests
cffi==1.11.5 # via cryptography cffi==1.11.5 # via cryptography
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==6.7 # via flask click==6.7 # via flask
cookies==2.2.1 # via moto, responses cookies==2.2.1 # via moto, responses
coverage==4.5.1 coverage==4.5.1
cryptography==2.3 # via moto cryptography==2.3.1 # via moto
docker-pycreds==0.3.0 # via docker docker-pycreds==0.3.0 # via docker
docker==3.5.0 # via moto docker==3.5.0 # via moto
docutils==0.14 # via botocore docutils==0.14 # via botocore
@ -59,7 +59,7 @@ s3transfer==0.1.13 # via boto3
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
text-unidecode==1.2 # via faker text-unidecode==1.2 # via faker
urllib3==1.23 # via requests urllib3==1.23 # via requests
websocket-client==0.48.0 # via docker websocket-client==0.49.0 # via docker
werkzeug==0.14.1 # via flask, moto, pytest-flask werkzeug==0.14.1 # via flask, moto, pytest-flask
wrapt==1.10.11 # via aws-xray-sdk wrapt==1.10.11 # via aws-xray-sdk
xmltodict==0.11.0 # via moto xmltodict==0.11.0 # via moto

View File

@ -13,14 +13,14 @@ asn1crypto==0.24.0 # via cryptography
asyncpool==1.0 asyncpool==1.0
bcrypt==3.1.4 # via flask-bcrypt, paramiko bcrypt==3.1.4 # via flask-bcrypt, paramiko
blinker==1.4 # via flask-mail, flask-principal, raven blinker==1.4 # via flask-mail, flask-principal, raven
boto3==1.7.75 boto3==1.7.76
botocore==1.10.75 # via boto3, s3transfer botocore==1.10.76 # via boto3, s3transfer
certifi==2018.8.13 certifi==2018.8.13
cffi==1.11.5 # via bcrypt, cryptography, pynacl cffi==1.11.5 # via bcrypt, cryptography, pynacl
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==6.7 # via flask click==6.7 # via flask
cloudflare==2.1.0 cloudflare==2.1.0
cryptography==2.3 cryptography==2.3.1
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 # via dnspython3 dnspython==1.15.0 # via dnspython3
docutils==0.14 # via botocore docutils==0.14 # via botocore