Merge pull request #3455 from hosseinsh/exclude-revoked-certs-default-autorotatet

Exclude revoked certs from defaulting them to auto-rotate

lemur/certificates/service.py

@@ -153,6 +153,7 @@ def get_all_certs_attached_to_endpoint_without_autorotate():
     return (
         Certificate.query.filter(Certificate.endpoints.any())
         .filter(Certificate.rotation == false())
+        .filter(Certificate.revoked == false())
         .filter(Certificate.not_after >= arrow.now())
         .filter(not_(Certificate.replaced.any()))
         .all()  # noqa

lemur/tests/test_certificates.py

@@ -84,6 +84,25 @@ def test_get_by_serial(session, certificate):
     assert found
 
 
+def test_get_all_certs_attached_to_endpoint_without_autorotate(session):
+    from lemur.certificates.service import get_all_certs_attached_to_endpoint_without_autorotate, \
+        cleanup_after_revoke
+    from lemur.tests.factories import EndpointFactory
+
+    # add a certificate with endpoint
+    EndpointFactory()
+
+    list_before = get_all_certs_attached_to_endpoint_without_autorotate()
+    len_list_before = len(list_before)
+    assert len_list_before > 0
+    # revoked the first certificate
+    first_cert_with_endpoint = list_before[0]
+    cleanup_after_revoke(first_cert_with_endpoint)
+
+    list_after = get_all_certs_attached_to_endpoint_without_autorotate()
+    assert len(list_after) + 1 == len_list_before
+
+
 def test_delete_cert(session):
     from lemur.certificates.service import delete, get
     from lemur.tests.factories import CertificateFactory

lemur/tests/test_endpoints.py

@@ -32,7 +32,7 @@ def test_rotate_certificate(client, source_plugin):
 )
 def test_endpoint_get(client, token, status):
     assert (
-        client.get(api.url_for(Endpoints, endpoint_id=1), headers=token).status_code
+        client.get(api.url_for(Endpoints, endpoint_id=2), headers=token).status_code
         == status
     )