From e530664da6d889c77fb6a670cac115ff6fa52fe0 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:11:20 -0800
Subject: [PATCH 1/5] exclude revoked certs from default to auto-rotate

---
 lemur/certificates/service.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index b9bc16f0..b4f88923 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -153,6 +153,7 @@ def get_all_certs_attached_to_endpoint_without_autorotate():
     return (
         Certificate.query.filter(Certificate.endpoints.any())
         .filter(Certificate.rotation == false())
+        .filter(Certificate.revoked == false())
         .filter(Certificate.not_after >= arrow.now())
         .filter(not_(Certificate.replaced.any()))
         .all()  # noqa

From 8e5e8fdd030162e261a72f1d446a8ee56314dc08 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:12:57 -0800
Subject: [PATCH 2/5] tests

---
 lemur/tests/test_certificates.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index 962c40b4..fa90280c 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -84,6 +84,27 @@ def test_get_by_serial(session, certificate):
     assert found
 
 
+def test_get_all_certs_attached_to_endpoint_without_autorotate(session):
+    from lemur.certificates.service import get_all_certs_attached_to_endpoint_without_autorotate, \
+        cleanup_after_revoke
+    from lemur.tests.factories import EndpointFactory, CertificateFactory
+
+    # add a certificate with endpoint
+    s = EndpointFactory()
+    CertificateFactory(endpoint=s)
+    session.commit()
+
+    list_before = get_all_certs_attached_to_endpoint_without_autorotate()
+    len_list_before = len(list_before)
+    assert len_list_before > 0
+    # revoked the first certificate
+    first_cert_with_endpoitn = list_before[0]
+    cleanup_after_revoke(first_cert_with_endpoitn)
+
+    list_after = get_all_certs_attached_to_endpoint_without_autorotate()
+    assert len(list_after) + 1 == len_list_before
+
+
 def test_delete_cert(session):
     from lemur.certificates.service import delete, get
     from lemur.tests.factories import CertificateFactory

From c579405805ee2929d458217b6f6dc6f633b83195 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:13:40 -0800
Subject: [PATCH 3/5] since we have created an endpoint, need to iterate on
 this endpoint_id here

---
 lemur/tests/test_endpoints.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/tests/test_endpoints.py b/lemur/tests/test_endpoints.py
index af073e53..895ab5b8 100644
--- a/lemur/tests/test_endpoints.py
+++ b/lemur/tests/test_endpoints.py
@@ -32,7 +32,7 @@ def test_rotate_certificate(client, source_plugin):
 )
 def test_endpoint_get(client, token, status):
     assert (
-        client.get(api.url_for(Endpoints, endpoint_id=1), headers=token).status_code
+        client.get(api.url_for(Endpoints, endpoint_id=2), headers=token).status_code
         == status
     )
 

From fdd6140995f390e57a6189e28e99e4dd425698b5 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:16:06 -0800
Subject: [PATCH 4/5] typo and removing unused session commit

---
 lemur/tests/test_certificates.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index fa90280c..87214289 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -90,16 +90,14 @@ def test_get_all_certs_attached_to_endpoint_without_autorotate(session):
     from lemur.tests.factories import EndpointFactory, CertificateFactory
 
     # add a certificate with endpoint
-    s = EndpointFactory()
-    CertificateFactory(endpoint=s)
-    session.commit()
+    EndpointFactory()
 
     list_before = get_all_certs_attached_to_endpoint_without_autorotate()
     len_list_before = len(list_before)
     assert len_list_before > 0
     # revoked the first certificate
-    first_cert_with_endpoitn = list_before[0]
-    cleanup_after_revoke(first_cert_with_endpoitn)
+    first_cert_with_endpoint = list_before[0]
+    cleanup_after_revoke(first_cert_with_endpoint)
 
     list_after = get_all_certs_attached_to_endpoint_without_autorotate()
     assert len(list_after) + 1 == len_list_before

From 580506f60508500febc4d53308e7512225ef78ef Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:21:26 -0800
Subject: [PATCH 5/5] lint

---
 lemur/tests/test_certificates.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index 87214289..06a04397 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -87,7 +87,7 @@ def test_get_by_serial(session, certificate):
 def test_get_all_certs_attached_to_endpoint_without_autorotate(session):
     from lemur.certificates.service import get_all_certs_attached_to_endpoint_without_autorotate, \
         cleanup_after_revoke
-    from lemur.tests.factories import EndpointFactory, CertificateFactory
+    from lemur.tests.factories import EndpointFactory
 
     # add a certificate with endpoint
     EndpointFactory()