Merge pull request #3455 from hosseinsh/exclude-revoked-certs-default-autorotatet

Exclude revoked certs from defaulting them to auto-rotate
This commit is contained in:
Hossein Shafagh 2021-03-05 11:04:24 -08:00 committed by GitHub
commit 2e43211496
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 1 deletions

View File

@ -153,6 +153,7 @@ def get_all_certs_attached_to_endpoint_without_autorotate():
return ( return (
Certificate.query.filter(Certificate.endpoints.any()) Certificate.query.filter(Certificate.endpoints.any())
.filter(Certificate.rotation == false()) .filter(Certificate.rotation == false())
.filter(Certificate.revoked == false())
.filter(Certificate.not_after >= arrow.now()) .filter(Certificate.not_after >= arrow.now())
.filter(not_(Certificate.replaced.any())) .filter(not_(Certificate.replaced.any()))
.all() # noqa .all() # noqa

View File

@ -84,6 +84,25 @@ def test_get_by_serial(session, certificate):
assert found assert found
def test_get_all_certs_attached_to_endpoint_without_autorotate(session):
from lemur.certificates.service import get_all_certs_attached_to_endpoint_without_autorotate, \
cleanup_after_revoke
from lemur.tests.factories import EndpointFactory
# add a certificate with endpoint
EndpointFactory()
list_before = get_all_certs_attached_to_endpoint_without_autorotate()
len_list_before = len(list_before)
assert len_list_before > 0
# revoked the first certificate
first_cert_with_endpoint = list_before[0]
cleanup_after_revoke(first_cert_with_endpoint)
list_after = get_all_certs_attached_to_endpoint_without_autorotate()
assert len(list_after) + 1 == len_list_before
def test_delete_cert(session): def test_delete_cert(session):
from lemur.certificates.service import delete, get from lemur.certificates.service import delete, get
from lemur.tests.factories import CertificateFactory from lemur.tests.factories import CertificateFactory

View File

@ -32,7 +32,7 @@ def test_rotate_certificate(client, source_plugin):
) )
def test_endpoint_get(client, token, status): def test_endpoint_get(client, token, status):
assert ( assert (
client.get(api.url_for(Endpoints, endpoint_id=1), headers=token).status_code client.get(api.url_for(Endpoints, endpoint_id=2), headers=token).status_code
== status == status
) )