From 45b84bd08831a392156ca914816dff6e7fdfbdc4 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 12:44:02 -0800 Subject: [PATCH 01/31] Debug docs --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index f2551059..a308f0ad 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -5,6 +5,7 @@ # Without including these dependencies, the docs are unable to include generated autodocs Flask flask_replicated +logmatic-python # docs specific sphinx diff --git a/requirements-docs.txt b/requirements-docs.txt index 7d094b77..0db302f7 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -24,6 +24,8 @@ flask-replicated==1.4 # manual debug jinja2==2.11.3 # via sphinx +logmatic-python==0.1.7 + # manual debug markupsafe==1.1.1 # via jinja2 packaging==20.3 From e29ebb4b61d6f14d8ff3e11c8b19d9028d869d84 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 12:44:32 -0800 Subject: [PATCH 02/31] Add arrow --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index a308f0ad..987b5b34 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -3,6 +3,7 @@ # from requirements-docs.txt # However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here # Without including these dependencies, the docs are unable to include generated autodocs +arrow Flask flask_replicated logmatic-python diff --git a/requirements-docs.txt b/requirements-docs.txt index 0db302f7..8c7735ff 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -6,6 +6,8 @@ # alabaster==0.7.12 # via sphinx +arrow==0.17.0 + # manual debug babel==2.8.0 # via sphinx certifi==2020.12.5 From ec9e1c0dd08d9ab8a0ad85bd4987c94b7cd78952 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 12:53:49 -0800 Subject: [PATCH 03/31] Add cryptography --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 987b5b34..bf8c22a2 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -4,6 +4,7 @@ # However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here # Without including these dependencies, the docs are unable to include generated autodocs arrow +cryptography Flask flask_replicated logmatic-python diff --git a/requirements-docs.txt b/requirements-docs.txt index 8c7735ff..71282c7b 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -14,6 +14,8 @@ certifi==2020.12.5 # via requests chardet==3.0.4 # via requests +cryptography==3.4.5 + # manual debug docutils==0.15.2 # via sphinx idna==2.9 From b265ecf588067a2ae973486b6a3a78d616bca8e0 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 12:56:27 -0800 Subject: [PATCH 04/31] Make sure it's still broken if we add everything --- requirements-docs.in | 1 + requirements-docs.txt | 262 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 263 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index bf8c22a2..a90c30d7 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -3,6 +3,7 @@ # from requirements-docs.txt # However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here # Without including these dependencies, the docs are unable to include generated autodocs +-r requirements.txt arrow cryptography Flask diff --git a/requirements-docs.txt b/requirements-docs.txt index 71282c7b..6f641617 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -71,6 +71,268 @@ sphinxcontrib-serializinghtml==1.1.4 # via sphinx urllib3==1.25.8 # via requests +acme==1.12.0 + # via -r requirements.in +alembic-autogenerate-enums==0.0.2 + # via -r requirements.in +alembic==1.4.2 + # via flask-migrate +amqp==2.5.2 + # via kombu +aniso8601==8.0.0 + # via flask-restful +arrow==0.17.0 + # via -r requirements.in +asyncpool==1.0 + # via -r requirements.in +bcrypt==3.1.7 + # via + # flask-bcrypt + # paramiko +beautifulsoup4==4.9.1 + # via cloudflare +billiard==3.6.3.0 + # via celery +blinker==1.4 + # via + # flask-mail + # flask-principal + # raven +boto3==1.17.7 + # via -r requirements.in +botocore==1.20.7 + # via + # -r requirements.in + # boto3 + # s3transfer +celery[redis]==4.4.2 + # via -r requirements.in +certifi==2020.12.5 + # via + # -r requirements.in + # requests +certsrv==2.1.1 + # via -r requirements.in +cffi==1.14.0 + # via + # bcrypt + # cryptography + # pynacl +chardet==3.0.4 + # via requests +click==7.1.2 + # via flask +cloudflare==2.8.15 + # via -r requirements.in +cryptography==3.4.5 + # via + # -r requirements.in + # acme + # josepy + # paramiko + # pyopenssl + # requests +dnspython3==1.15.0 + # via -r requirements.in +dnspython==1.15.0 + # via dnspython3 +dyn==1.8.1 + # via -r requirements.in +flask-bcrypt==0.7.1 + # via -r requirements.in +flask-cors==3.0.10 + # via -r requirements.in +flask-mail==0.9.1 + # via -r requirements.in +flask-migrate==2.6.0 + # via -r requirements.in +flask-principal==0.4.0 + # via -r requirements.in +flask-replicated==1.4 + # via -r requirements.in +flask-restful==0.3.8 + # via -r requirements.in +flask-script==2.0.6 + # via -r requirements.in +flask-sqlalchemy==2.4.4 + # via + # -r requirements.in + # flask-migrate +flask==1.1.2 + # via + # -r requirements.in + # flask-bcrypt + # flask-cors + # flask-mail + # flask-migrate + # flask-principal + # flask-restful + # flask-script + # flask-sqlalchemy + # raven +future==0.18.2 + # via -r requirements.in +gunicorn==20.0.4 + # via -r requirements.in +hvac==0.10.8 + # via -r requirements.in +idna==2.9 + # via requests +inflection==0.5.1 + # via -r requirements.in +itsdangerous==1.1.0 + # via flask +javaobj-py3==0.4.0.1 + # via pyjks +jinja2==2.11.3 + # via + # -r requirements.in + # flask +jmespath==0.9.5 + # via + # boto3 + # botocore +josepy==1.3.0 + # via acme +jsonlines==1.2.0 + # via cloudflare +kombu==4.6.8 + # via celery +lockfile==0.12.2 + # via -r requirements.in +logmatic-python==0.1.7 + # via -r requirements.in +mako==1.1.2 + # via alembic +markupsafe==1.1.1 + # via + # jinja2 + # mako +marshmallow-sqlalchemy==0.23.1 + # via -r requirements.in +marshmallow==2.20.4 + # via + # -r requirements.in + # marshmallow-sqlalchemy +ndg-httpsclient==0.5.1 + # via -r requirements.in +paramiko==2.7.2 + # via -r requirements.in +pem==21.1.0 + # via -r requirements.in +psycopg2==2.8.6 + # via -r requirements.in +pyasn1-modules==0.2.8 + # via + # pyjks + # python-ldap +pyasn1==0.4.8 + # via + # ndg-httpsclient + # pyasn1-modules + # pyjks + # python-ldap +pycparser==2.20 + # via cffi +pycryptodomex==3.9.7 + # via pyjks +pyjks==20.0.0 + # via -r requirements.in +pyjwt==2.0.1 + # via -r requirements.in +pynacl==1.3.0 + # via paramiko +pyopenssl==20.0.1 + # via + # -r requirements.in + # acme + # josepy + # ndg-httpsclient + # requests +pyrfc3339==1.1 + # via acme +python-dateutil==2.8.1 + # via + # alembic + # arrow + # botocore +python-editor==1.0.4 + # via alembic +python-json-logger==0.1.11 + # via logmatic-python +python-ldap==3.3.1 + # via -r requirements.in +pytz==2019.3 + # via + # acme + # celery + # flask-restful + # pyrfc3339 +pyyaml==5.4.1 + # via + # -r requirements.in + # cloudflare +raven[flask]==6.10.0 + # via -r requirements.in +redis==3.5.3 + # via + # -r requirements.in + # celery +requests-toolbelt==0.9.1 + # via acme +requests[security]==2.25.1 + # via + # -r requirements.in + # acme + # certsrv + # cloudflare + # hvac + # requests-toolbelt +retrying==1.3.3 + # via -r requirements.in +s3transfer==0.3.3 + # via boto3 +six==1.15.0 + # via + # -r requirements.in + # acme + # bcrypt + # flask-cors + # flask-restful + # hvac + # josepy + # jsonlines + # pynacl + # pyopenssl + # python-dateutil + # retrying + # sqlalchemy-utils +soupsieve==2.0.1 + # via beautifulsoup4 +sqlalchemy-utils==0.36.8 + # via -r requirements.in +sqlalchemy==1.3.16 + # via + # alembic + # flask-sqlalchemy + # marshmallow-sqlalchemy + # sqlalchemy-utils +tabulate==0.8.7 + # via -r requirements.in +twofish==0.3.0 + # via pyjks +urllib3==1.25.8 + # via + # botocore + # requests +vine==1.3.0 + # via + # amqp + # celery +werkzeug==1.0.1 + # via flask +xmltodict==0.12.0 + # via -r requirements.in # The following packages are considered to be unsafe in a requirements file: # setuptools From 938b962a327c3722329065b44f84758b3ccc7a8b Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:05:14 -0800 Subject: [PATCH 05/31] Undo add everything, add just sqlalchemy --- requirements-docs.in | 2 +- requirements-docs.txt | 264 +----------------------------------------- 2 files changed, 3 insertions(+), 263 deletions(-) diff --git a/requirements-docs.in b/requirements-docs.in index a90c30d7..755d0697 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -3,10 +3,10 @@ # from requirements-docs.txt # However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here # Without including these dependencies, the docs are unable to include generated autodocs --r requirements.txt arrow cryptography Flask +Flask-SQLAlchemy flask_replicated logmatic-python diff --git a/requirements-docs.txt b/requirements-docs.txt index 6f641617..2beae50f 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -26,6 +26,8 @@ flask==1.1.2 # manual debug flask-replicated==1.4 # manual debug +flask-sqlalchemy==2.4.4 + # manual debug jinja2==2.11.3 # via sphinx logmatic-python==0.1.7 @@ -71,268 +73,6 @@ sphinxcontrib-serializinghtml==1.1.4 # via sphinx urllib3==1.25.8 # via requests -acme==1.12.0 - # via -r requirements.in -alembic-autogenerate-enums==0.0.2 - # via -r requirements.in -alembic==1.4.2 - # via flask-migrate -amqp==2.5.2 - # via kombu -aniso8601==8.0.0 - # via flask-restful -arrow==0.17.0 - # via -r requirements.in -asyncpool==1.0 - # via -r requirements.in -bcrypt==3.1.7 - # via - # flask-bcrypt - # paramiko -beautifulsoup4==4.9.1 - # via cloudflare -billiard==3.6.3.0 - # via celery -blinker==1.4 - # via - # flask-mail - # flask-principal - # raven -boto3==1.17.7 - # via -r requirements.in -botocore==1.20.7 - # via - # -r requirements.in - # boto3 - # s3transfer -celery[redis]==4.4.2 - # via -r requirements.in -certifi==2020.12.5 - # via - # -r requirements.in - # requests -certsrv==2.1.1 - # via -r requirements.in -cffi==1.14.0 - # via - # bcrypt - # cryptography - # pynacl -chardet==3.0.4 - # via requests -click==7.1.2 - # via flask -cloudflare==2.8.15 - # via -r requirements.in -cryptography==3.4.5 - # via - # -r requirements.in - # acme - # josepy - # paramiko - # pyopenssl - # requests -dnspython3==1.15.0 - # via -r requirements.in -dnspython==1.15.0 - # via dnspython3 -dyn==1.8.1 - # via -r requirements.in -flask-bcrypt==0.7.1 - # via -r requirements.in -flask-cors==3.0.10 - # via -r requirements.in -flask-mail==0.9.1 - # via -r requirements.in -flask-migrate==2.6.0 - # via -r requirements.in -flask-principal==0.4.0 - # via -r requirements.in -flask-replicated==1.4 - # via -r requirements.in -flask-restful==0.3.8 - # via -r requirements.in -flask-script==2.0.6 - # via -r requirements.in -flask-sqlalchemy==2.4.4 - # via - # -r requirements.in - # flask-migrate -flask==1.1.2 - # via - # -r requirements.in - # flask-bcrypt - # flask-cors - # flask-mail - # flask-migrate - # flask-principal - # flask-restful - # flask-script - # flask-sqlalchemy - # raven -future==0.18.2 - # via -r requirements.in -gunicorn==20.0.4 - # via -r requirements.in -hvac==0.10.8 - # via -r requirements.in -idna==2.9 - # via requests -inflection==0.5.1 - # via -r requirements.in -itsdangerous==1.1.0 - # via flask -javaobj-py3==0.4.0.1 - # via pyjks -jinja2==2.11.3 - # via - # -r requirements.in - # flask -jmespath==0.9.5 - # via - # boto3 - # botocore -josepy==1.3.0 - # via acme -jsonlines==1.2.0 - # via cloudflare -kombu==4.6.8 - # via celery -lockfile==0.12.2 - # via -r requirements.in -logmatic-python==0.1.7 - # via -r requirements.in -mako==1.1.2 - # via alembic -markupsafe==1.1.1 - # via - # jinja2 - # mako -marshmallow-sqlalchemy==0.23.1 - # via -r requirements.in -marshmallow==2.20.4 - # via - # -r requirements.in - # marshmallow-sqlalchemy -ndg-httpsclient==0.5.1 - # via -r requirements.in -paramiko==2.7.2 - # via -r requirements.in -pem==21.1.0 - # via -r requirements.in -psycopg2==2.8.6 - # via -r requirements.in -pyasn1-modules==0.2.8 - # via - # pyjks - # python-ldap -pyasn1==0.4.8 - # via - # ndg-httpsclient - # pyasn1-modules - # pyjks - # python-ldap -pycparser==2.20 - # via cffi -pycryptodomex==3.9.7 - # via pyjks -pyjks==20.0.0 - # via -r requirements.in -pyjwt==2.0.1 - # via -r requirements.in -pynacl==1.3.0 - # via paramiko -pyopenssl==20.0.1 - # via - # -r requirements.in - # acme - # josepy - # ndg-httpsclient - # requests -pyrfc3339==1.1 - # via acme -python-dateutil==2.8.1 - # via - # alembic - # arrow - # botocore -python-editor==1.0.4 - # via alembic -python-json-logger==0.1.11 - # via logmatic-python -python-ldap==3.3.1 - # via -r requirements.in -pytz==2019.3 - # via - # acme - # celery - # flask-restful - # pyrfc3339 -pyyaml==5.4.1 - # via - # -r requirements.in - # cloudflare -raven[flask]==6.10.0 - # via -r requirements.in -redis==3.5.3 - # via - # -r requirements.in - # celery -requests-toolbelt==0.9.1 - # via acme -requests[security]==2.25.1 - # via - # -r requirements.in - # acme - # certsrv - # cloudflare - # hvac - # requests-toolbelt -retrying==1.3.3 - # via -r requirements.in -s3transfer==0.3.3 - # via boto3 -six==1.15.0 - # via - # -r requirements.in - # acme - # bcrypt - # flask-cors - # flask-restful - # hvac - # josepy - # jsonlines - # pynacl - # pyopenssl - # python-dateutil - # retrying - # sqlalchemy-utils -soupsieve==2.0.1 - # via beautifulsoup4 -sqlalchemy-utils==0.36.8 - # via -r requirements.in -sqlalchemy==1.3.16 - # via - # alembic - # flask-sqlalchemy - # marshmallow-sqlalchemy - # sqlalchemy-utils -tabulate==0.8.7 - # via -r requirements.in -twofish==0.3.0 - # via pyjks -urllib3==1.25.8 - # via - # botocore - # requests -vine==1.3.0 - # via - # amqp - # celery -werkzeug==1.0.1 - # via flask -xmltodict==0.12.0 - # via -r requirements.in # The following packages are considered to be unsafe in a requirements file: # setuptools From 91f6f752db94aa3c64df17cb27095cf732ebfb98 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:08:40 -0800 Subject: [PATCH 06/31] Add inflection --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 755d0697..bc58be7e 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -8,6 +8,7 @@ cryptography Flask Flask-SQLAlchemy flask_replicated +inflection logmatic-python # docs specific diff --git a/requirements-docs.txt b/requirements-docs.txt index 2beae50f..89a4ea93 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -28,6 +28,8 @@ flask-replicated==1.4 # manual debug flask-sqlalchemy==2.4.4 # manual debug +inflection==0.5.1 + # manual debug jinja2==2.11.3 # via sphinx logmatic-python==0.1.7 From bfa1c067d97e8b5534c557ec0ae1ade8d4aff90a Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:12:10 -0800 Subject: [PATCH 07/31] Add flask-migrate --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index bc58be7e..8da716ad 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -6,6 +6,7 @@ arrow cryptography Flask +Flask-Migrate Flask-SQLAlchemy flask_replicated inflection diff --git a/requirements-docs.txt b/requirements-docs.txt index 89a4ea93..99e8dd83 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -24,6 +24,8 @@ imagesize==1.2.0 # via sphinx flask==1.1.2 # manual debug +flask-migrate==2.6.0 + # manual debug flask-replicated==1.4 # manual debug flask-sqlalchemy==2.4.4 From abdf544e06ec04a18de6382bffb03cbbd44af3b2 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:16:16 -0800 Subject: [PATCH 08/31] Add flask-restful --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 8da716ad..992755e0 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -7,6 +7,7 @@ arrow cryptography Flask Flask-Migrate +Flask-RESTful Flask-SQLAlchemy flask_replicated inflection diff --git a/requirements-docs.txt b/requirements-docs.txt index 99e8dd83..d749780b 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -28,6 +28,8 @@ flask-migrate==2.6.0 # manual debug flask-replicated==1.4 # manual debug +flask-restful==0.3.8 + # manual debug flask-sqlalchemy==2.4.4 # manual debug inflection==0.5.1 From c0c1022a5b9309cd31de6129510b18b495e521ff Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:18:49 -0800 Subject: [PATCH 09/31] Add flask-bcrypt --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 992755e0..fcad63ef 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -6,6 +6,7 @@ arrow cryptography Flask +Flask-Bcrypt Flask-Migrate Flask-RESTful Flask-SQLAlchemy diff --git a/requirements-docs.txt b/requirements-docs.txt index d749780b..b613e052 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -24,6 +24,8 @@ imagesize==1.2.0 # via sphinx flask==1.1.2 # manual debug +flask-bcrypt==0.7.1 + # manual debug flask-migrate==2.6.0 # manual debug flask-replicated==1.4 From bbdacaccf916595afe6b9339144f0047ffa0f288 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:22:25 -0800 Subject: [PATCH 10/31] Add flask-principal --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index fcad63ef..d2b2239c 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -8,6 +8,7 @@ cryptography Flask Flask-Bcrypt Flask-Migrate +Flask-Principal Flask-RESTful Flask-SQLAlchemy flask_replicated diff --git a/requirements-docs.txt b/requirements-docs.txt index b613e052..e596b829 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -28,6 +28,8 @@ flask-bcrypt==0.7.1 # manual debug flask-migrate==2.6.0 # manual debug +flask-principal==0.4.0 + # manual debug flask-replicated==1.4 # manual debug flask-restful==0.3.8 From 6aff89c1dc0c1ab9361787271def25a86c9208bf Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:26:13 -0800 Subject: [PATCH 11/31] Add flask-mail, flask-script --- requirements-docs.in | 2 ++ requirements-docs.txt | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index d2b2239c..88c14dc3 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -7,9 +7,11 @@ arrow cryptography Flask Flask-Bcrypt +Flask-Mail Flask-Migrate Flask-Principal Flask-RESTful +Flask-Script Flask-SQLAlchemy flask_replicated inflection diff --git a/requirements-docs.txt b/requirements-docs.txt index e596b829..ad97eaed 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -26,6 +26,8 @@ flask==1.1.2 # manual debug flask-bcrypt==0.7.1 # manual debug +flask-mail==0.9.1 + # manual debug flask-migrate==2.6.0 # manual debug flask-principal==0.4.0 @@ -34,6 +36,8 @@ flask-replicated==1.4 # manual debug flask-restful==0.3.8 # manual debug +flask-script==2.0.6 + # manual debug flask-sqlalchemy==2.4.4 # manual debug inflection==0.5.1 From 5e46e2adf031162214430bd09a16f8d3c728261a Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:38:15 -0800 Subject: [PATCH 12/31] Add raven --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 88c14dc3..ade68fba 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -16,6 +16,7 @@ Flask-SQLAlchemy flask_replicated inflection logmatic-python +raven[flask] # docs specific sphinx diff --git a/requirements-docs.txt b/requirements-docs.txt index ad97eaed..f8b71f8f 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -56,6 +56,8 @@ pyparsing==2.4.7 # via packaging pytz==2019.3 # via babel +raven[flask]==6.10.0 + # manual debug requests==2.25.1 # via sphinx six==1.15.0 From 1ab4fe278dfa8657bf99f0e2c4fd7b59bddf5e8a Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:41:27 -0800 Subject: [PATCH 13/31] Add flask-cors --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index ade68fba..11c4c1d1 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -7,6 +7,7 @@ arrow cryptography Flask Flask-Bcrypt +Flask-Cors Flask-Mail Flask-Migrate Flask-Principal diff --git a/requirements-docs.txt b/requirements-docs.txt index f8b71f8f..56bfd882 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -26,6 +26,8 @@ flask==1.1.2 # manual debug flask-bcrypt==0.7.1 # manual debug +flask-cors==3.0.10 + # manual debug flask-mail==0.9.1 # manual debug flask-migrate==2.6.0 From e9e79309c55a3faadfbc4dbc3621a7aec6c4cab6 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:43:49 -0800 Subject: [PATCH 14/31] Add sqlalchemy-utils --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 11c4c1d1..9dee5474 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -18,6 +18,7 @@ flask_replicated inflection logmatic-python raven[flask] +SQLAlchemy-Utils # docs specific sphinx diff --git a/requirements-docs.txt b/requirements-docs.txt index 56bfd882..9fdaeb63 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -89,6 +89,8 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx +sqlalchemy-utils==0.36.8 + # manual debug urllib3==1.25.8 # via requests From 6aa6986a143eabf65ef489191178cc4c264b5586 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:45:55 -0800 Subject: [PATCH 15/31] Add pem --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 9dee5474..b6c8d2f4 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -17,6 +17,7 @@ Flask-SQLAlchemy flask_replicated inflection logmatic-python +pem raven[flask] SQLAlchemy-Utils diff --git a/requirements-docs.txt b/requirements-docs.txt index 9fdaeb63..7d99dd51 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -52,6 +52,8 @@ markupsafe==1.1.1 # via jinja2 packaging==20.3 # via sphinx +pem==21.1.0 + # manual debug pygments==2.6.1 # via sphinx pyparsing==2.4.7 From 8086d7afc068719e887645d79961e588478503f2 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:47:59 -0800 Subject: [PATCH 16/31] Add marshmallow --- requirements-docs.in | 2 ++ requirements-docs.txt | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index b6c8d2f4..46650ccc 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -17,6 +17,8 @@ Flask-SQLAlchemy flask_replicated inflection logmatic-python +marshmallow-sqlalchemy +marshmallow<2.20.5 #schema duplicate issues https://github.com/marshmallow-code/marshmallow-sqlalchemy/issues/121 pem raven[flask] SQLAlchemy-Utils diff --git a/requirements-docs.txt b/requirements-docs.txt index 7d99dd51..f175d8d0 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -50,6 +50,10 @@ logmatic-python==0.1.7 # manual debug markupsafe==1.1.1 # via jinja2 +marshmallow-sqlalchemy==0.23.1 + # manual debug +marshmallow==2.20.4 + # manual debug packaging==20.3 # via sphinx pem==21.1.0 From bfe3358b16582977e2eb75dfa6e844d4d85f7cce Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:50:05 -0800 Subject: [PATCH 17/31] Add pyjwt --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 46650ccc..d82ea511 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -20,6 +20,7 @@ logmatic-python marshmallow-sqlalchemy marshmallow<2.20.5 #schema duplicate issues https://github.com/marshmallow-code/marshmallow-sqlalchemy/issues/121 pem +pyjwt raven[flask] SQLAlchemy-Utils diff --git a/requirements-docs.txt b/requirements-docs.txt index f175d8d0..d815df7d 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -60,6 +60,8 @@ pem==21.1.0 # manual debug pygments==2.6.1 # via sphinx +pyjwt==2.0.1 + # manual debug pyparsing==2.4.7 # via packaging pytz==2019.3 From 40e5c60c397ab47fce24de9cacb01183a90ccdc3 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:52:20 -0800 Subject: [PATCH 18/31] Fix some doc warnings --- CHANGELOG.rst | 4 ++-- docs/administration.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 67b792f8..8fb4f8ed 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,7 +2,7 @@ Changelog ========= 0.8.0 - `2020-11-13` -~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~ This release comes after more than two years and contains many interesting new features and improvements. In addition to multiple new plugins, such as ACME-http01, ADCS, PowerDNS, UltraDNS, Entrust, SNS, many of Lemur's existing @@ -84,7 +84,7 @@ Upgrading 0.7 - `2018-05-07` -~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~ This release adds LetsEncrypt support with DNS providers Dyn, Route53, and Cloudflare, and expands on the pending certificate functionality. The linux_dst plugin will also be deprecated and removed. diff --git a/docs/administration.rst b/docs/administration.rst index 3623f311..706c4027 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -1640,7 +1640,7 @@ Slack AWS (Source) ----- +------------ :Authors: Kevin Glisson , @@ -1653,7 +1653,7 @@ AWS (Source) AWS (Destination) ----- +----------------- :Authors: Kevin Glisson , @@ -1666,7 +1666,7 @@ AWS (Destination) AWS (SNS Notification) ------ +---------------------- :Authors: Jasmine Schladen From 8c666b7f0bd5f2f00be4d4ad92efd07125e70e41 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:53:22 -0800 Subject: [PATCH 19/31] Add gunicorn --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index d82ea511..22161779 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -15,6 +15,7 @@ Flask-RESTful Flask-Script Flask-SQLAlchemy flask_replicated +gunicorn inflection logmatic-python marshmallow-sqlalchemy diff --git a/requirements-docs.txt b/requirements-docs.txt index d815df7d..79e44b94 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -42,6 +42,8 @@ flask-script==2.0.6 # manual debug flask-sqlalchemy==2.4.4 # manual debug +gunicorn==20.0.4 + # manual debug inflection==0.5.1 # manual debug jinja2==2.11.3 From dfad5ae968df2612b891a4a80618f2ffc93649ee Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 13:56:04 -0800 Subject: [PATCH 20/31] Add pyopenssl --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 22161779..99d16b29 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -22,6 +22,7 @@ marshmallow-sqlalchemy marshmallow<2.20.5 #schema duplicate issues https://github.com/marshmallow-code/marshmallow-sqlalchemy/issues/121 pem pyjwt +pyOpenSSL raven[flask] SQLAlchemy-Utils diff --git a/requirements-docs.txt b/requirements-docs.txt index 79e44b94..1c53e890 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -64,6 +64,8 @@ pygments==2.6.1 # via sphinx pyjwt==2.0.1 # manual debug +pyopenssl==20.0.1 + # manual debug pyparsing==2.4.7 # via packaging pytz==2019.3 From c4a896ecf214f28832e1d01102864ae645121766 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:00:42 -0800 Subject: [PATCH 21/31] Add josepy --- CHANGELOG.rst | 21 ++++++--------------- docs/administration.rst | 6 +++--- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8fb4f8ed..22a9341f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -121,8 +121,7 @@ Happy Holidays! This is a big release with lots of bug fixes and features. Below Features: -* Per-certificate rotation policies, requires a database migration. The default rotation policy for all certificates. -is 30 days. Every certificate will gain a policy regardless of if auto-rotation is used. +* Per-certificate rotation policies, requires a database migration. The default rotation policy for all certificates is 30 days. Every certificate will gain a policy regardless of if auto-rotation is used. * Adds per-user API Keys, allows users to issue multiple long-lived API tokens with the same permission as the user creating them. * Adds the ability to revoke certificates from the Lemur UI/API, this is currently only supported for the digicert CIS and cfssl plugins. * Allow destinations to support an export function. Useful for file system destinations e.g. S3 to specify the export plugin you wish to run before being sent to the destination. @@ -166,13 +165,9 @@ Big thanks to neilschelly for quite a lot of improvements to the `lemur-cryptogr Other Highlights: -* Closed `#501 `_ - Endpoint resource as now kept in sync via an -expiration mechanism. Such that non-existant endpoints gracefully fall out of Lemur. Certificates are never -removed from Lemur. -* Closed `#551 `_ - Added the ability to create a 4096 bit key during certificate -creation. Closed `#528 `_ to ensure that issuer plugins supported the new 4096 bit keys. -* Closed `#566 `_ - Fixed an issue changing the notification status for certificates -without private keys. +* Closed `#501 `_ - Endpoint resource as now kept in sync via an expiration mechanism. Such that non-existant endpoints gracefully fall out of Lemur. Certificates are never removed from Lemur. +* Closed `#551 `_ - Added the ability to create a 4096 bit key during certificate creation. Closed `#528 `_ to ensure that issuer plugins supported the new 4096 bit keys. +* Closed `#566 `_ - Fixed an issue changing the notification status for certificates without private keys. * Closed `#594 `_ - Added `replaced` field indicating if a certificate has been superseded. * Closed `#602 `_ - AWS plugin added support for ALBs for endpoint tracking. @@ -196,12 +191,8 @@ Upgrading There have been quite a few issues closed in this release. Some notables: -* Closed `#284 `_ - Created new models for `Endpoints` created associated -AWS ELB endpoint tracking code. This was the major stated goal of this milestone and should serve as the basis for -future enhancements of Lemur's certificate 'deployment' capabilities. - -* Closed `#334 `_ - Lemur not has the ability -to restrict certificate expiration dates to weekdays. +* Closed `#284 `_ - Created new models for `Endpoints` created associated AWS ELB endpoint tracking code. This was the major stated goal of this milestone and should serve as the basis for future enhancements of Lemur's certificate 'deployment' capabilities. +* Closed `#334 `_ - Lemur not has the ability to restrict certificate expiration dates to weekdays. Several fixes/tweaks to Lemurs python3 support (thanks chadhendrie!) diff --git a/docs/administration.rst b/docs/administration.rst index 706c4027..5cf398d5 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -78,13 +78,13 @@ Basic Configuration The default connection pool size is 5 for sqlalchemy managed connections. Depending on the number of Lemur instances, please specify per instance connection pool size. Below is an example to set connection pool size to 10. - :: + :: SQLALCHEMY_POOL_SIZE = 10 .. warning:: -This is an optional setting but important to review and set for optimal database connection usage and for overall database performance. + This is an optional setting but important to review and set for optimal database connection usage and for overall database performance. .. data:: SQLALCHEMY_MAX_OVERFLOW :noindex: @@ -99,7 +99,7 @@ This is an optional setting but important to review and set for optimal database .. note:: -Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create connections above specified pool size. + Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create connections above specified pool size. .. data:: LEMUR_ALLOW_WEEKEND_EXPIRATION diff --git a/requirements-docs.in b/requirements-docs.in index 99d16b29..2254ea54 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -17,6 +17,7 @@ Flask-SQLAlchemy flask_replicated gunicorn inflection +josepy logmatic-python marshmallow-sqlalchemy marshmallow<2.20.5 #schema duplicate issues https://github.com/marshmallow-code/marshmallow-sqlalchemy/issues/121 diff --git a/requirements-docs.txt b/requirements-docs.txt index 1c53e890..b9149ee0 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -48,6 +48,8 @@ inflection==0.5.1 # manual debug jinja2==2.11.3 # via sphinx +josepy==1.3.0 + # manual debug logmatic-python==0.1.7 # manual debug markupsafe==1.1.1 From d4643d760a3e1db6662460295e64df88b12cba04 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:07:06 -0800 Subject: [PATCH 22/31] Add dnspython3 --- docs/administration.rst | 4 ++++ lemur/certificates/views.py | 1 + requirements-docs.in | 1 + requirements-docs.txt | 4 ++++ 4 files changed, 10 insertions(+) diff --git a/docs/administration.rst b/docs/administration.rst index 5cf398d5..4cf8e769 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -174,6 +174,7 @@ Basic Configuration .. data:: PUBLIC_CA_MAX_VALIDITY_DAYS :noindex: + Use this config to override the limit of 397 days of validity for certificates issued by CA/Browser compliant authorities. The authorities with cab_compliant option set to true will use this config. The example below overrides the default validity of 397 days and sets it to 365 days. @@ -185,6 +186,7 @@ Basic Configuration .. data:: DEFAULT_VALIDITY_DAYS :noindex: + Use this config to override the default validity of 365 days for certificates offered through Lemur UI. Any CA which is not CA/Browser Forum compliant will be using this value as default validity to be displayed on UI. Please note that this config is used for cert issuance only through Lemur UI. The example below overrides the default validity @@ -904,10 +906,12 @@ Active Directory Certificate Services Plugin .. data:: ADCS_START :noindex: + Used in ADCS-Sourceplugin. Minimum id of the first certificate to be returned. ID is increased by one until ADCS_STOP. Missing cert-IDs are ignored .. data:: ADCS_STOP :noindex: + Used for ADCS-Sourceplugin. Maximum id of the certificates returned. diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 8d4e6954..f453ac4f 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -59,6 +59,7 @@ class CertificatesListValid(AuthenticatedResource): **Example request**: .. sourcecode:: http + GET /certificates/valid?filter=cn;*.test.example.net&owner=joe@example.com&page=1&count=20 HTTP/1.1 Host: example.com diff --git a/requirements-docs.in b/requirements-docs.in index 2254ea54..b60359dd 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -5,6 +5,7 @@ # Without including these dependencies, the docs are unable to include generated autodocs arrow cryptography +dnspython3 Flask Flask-Bcrypt Flask-Cors diff --git a/requirements-docs.txt b/requirements-docs.txt index b9149ee0..2cff64db 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -16,6 +16,10 @@ chardet==3.0.4 # via requests cryptography==3.4.5 # manual debug +dnspython3==1.15.0 + # manual debug +dnspython==1.15.0 + # manual debug docutils==0.15.2 # via sphinx idna==2.9 From 824a4b5910d1ebc1037be3bb2113b2f277bef115 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:17:37 -0800 Subject: [PATCH 23/31] add acme, boto, xmltodict --- docs/developer/plugins/index.rst | 9 +++++---- docs/production/index.rst | 2 +- docs/quickstart/index.rst | 6 ++++-- requirements-docs.in | 4 ++++ requirements-docs.txt | 8 ++++++++ 5 files changed, 22 insertions(+), 7 deletions(-) diff --git a/docs/developer/plugins/index.rst b/docs/developer/plugins/index.rst index 3834b0b9..8ce50014 100644 --- a/docs/developer/plugins/index.rst +++ b/docs/developer/plugins/index.rst @@ -154,9 +154,10 @@ An issuer may take some time to actually issue a certificate for an order. In t # retrieve an order, and check if there is an issued certificate attached to it `cancel_ordered_certificate()` should be implemented to allow an ordered certificate to be canceled before it is issued:: - def cancel_ordered_certificate(self, pending_cert, **kwargs): - # pending_cert should contain the necessary information to match an order - # kwargs can be given to provide information to the issuer for canceling + + def cancel_ordered_certificate(self, pending_cert, **kwargs): + # pending_cert should contain the necessary information to match an order + # kwargs can be given to provide information to the issuer for canceling Destination ----------- @@ -286,7 +287,7 @@ The `ExportPlugin` object requires the implementation of one function:: Custom TLS Provider ------- +------------------- Managing TLS at the enterprise scale could be hard and often organizations offer custom wrapper implementations. It could be ideal to use those while making calls to internal services. The `TLSPlugin` would help to achieve this. It requires the diff --git a/docs/production/index.rst b/docs/production/index.rst index fa0a7dec..3082ee4a 100644 --- a/docs/production/index.rst +++ b/docs/production/index.rst @@ -501,7 +501,7 @@ rely on celery to create the DNS record. This will change when we implement mix To create a HTTP compatible Authority, you first need to create a new destination that will be used to deploy the challenge token. Visit `Admin` -> `Destination` and click `Create`. The path you provide for the destination needs to -be the exact path that is called when the ACME providers calls ``http:///.well-known/acme-challenge/`. The +be the exact path that is called when the ACME providers calls `http:///.well-known/acme-challenge/`. The token part will be added dynamically by the acme_upload. Currently only the SFTP and S3 Bucket destination support the ACME HTTP challenge. diff --git a/docs/quickstart/index.rst b/docs/quickstart/index.rst index 3056029d..cf6d3c32 100644 --- a/docs/quickstart/index.rst +++ b/docs/quickstart/index.rst @@ -148,7 +148,7 @@ Before Lemur will run you need to fill in a few required variables in the config LEMUR_DEFAULT_ORGANIZATIONAL_UNIT Set Up Postgres --------------- +--------------- For production, a dedicated database is recommended, for this guide we will assume postgres has been installed and is on the same machine that Lemur is installed on. @@ -186,6 +186,7 @@ In addition to creating a new user, Lemur also creates a few default email notif Your database installation requires the pg_trgm extension. If you do not have this installed already, you can allow the script to install this for you by adding the SUPERUSER permission to the lemur database user. .. code-block:: bash + sudo -u postgres -i psql postgres=# ALTER USER lemur WITH SUPERUSER @@ -202,6 +203,7 @@ Additional notifications can be created through the UI or API. See :ref:`Creati .. note:: If you added the SUPERUSER permission to the lemur database user above, it is recommended you revoke that permission now. .. code-block:: bash + sudo -u postgres -i psql postgres=# ALTER USER lemur WITH NOSUPERUSER @@ -210,7 +212,7 @@ Additional notifications can be created through the UI or API. See :ref:`Creati .. note:: It is recommended that once the ``lemur`` user is created that you create individual users for every day access. There is currently no way for a user to self enroll for Lemur access, they must have an administrator create an account for them or be enrolled automatically through SSO. This can be done through the CLI or UI. See :ref:`Creating Users ` and :ref:`Command Line Interface ` for details. Set Up a Reverse Proxy ---------------------- +---------------------- By default, Lemur runs on port 8000. Even if you change this, under normal conditions you won't be able to bind to port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need to set up a simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx. diff --git a/requirements-docs.in b/requirements-docs.in index b60359dd..b21ada07 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -3,7 +3,10 @@ # from requirements-docs.txt # However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here # Without including these dependencies, the docs are unable to include generated autodocs +acme arrow +boto3 +botocore cryptography dnspython3 Flask @@ -27,6 +30,7 @@ pyjwt pyOpenSSL raven[flask] SQLAlchemy-Utils +xmltodict # docs specific sphinx diff --git a/requirements-docs.txt b/requirements-docs.txt index 2cff64db..cfbeb3e5 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -4,12 +4,18 @@ # # pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in # +acme==1.12.0 + # manual debug alabaster==0.7.12 # via sphinx arrow==0.17.0 # manual debug babel==2.8.0 # via sphinx +boto3==1.17.7 + # manual debug +botocore==1.20.7 + # manual debug certifi==2020.12.5 # via requests chardet==3.0.4 @@ -111,6 +117,8 @@ sqlalchemy-utils==0.36.8 # manual debug urllib3==1.25.8 # via requests +xmltodict==0.12.0 + # manual debug # The following packages are considered to be unsafe in a requirements file: # setuptools From 47121906f521c0d81912404c18b6ea6655d51aa9 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:25:04 -0800 Subject: [PATCH 24/31] Add Cloudflare, retrying --- docs/guide/index.rst | 1 + docs/quickstart/index.rst | 4 ++-- requirements-docs.in | 2 ++ requirements-docs.txt | 4 ++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/guide/index.rst b/docs/guide/index.rst index b06a95e0..f3efcb14 100644 --- a/docs/guide/index.rst +++ b/docs/guide/index.rst @@ -65,6 +65,7 @@ Import an Existing Certificate You can add notification options and upload the created certificate to a destination, both of these are editable features and can be changed after the certificate has been created. +.. _CreateANewUser: Create a New User ~~~~~~~~~~~~~~~~~ diff --git a/docs/quickstart/index.rst b/docs/quickstart/index.rst index cf6d3c32..f972c2ef 100644 --- a/docs/quickstart/index.rst +++ b/docs/quickstart/index.rst @@ -191,7 +191,7 @@ Your database installation requires the pg_trgm extension. If you do not have th psql postgres=# ALTER USER lemur WITH SUPERUSER -Additional notifications can be created through the UI or API. See :ref:`Creating Notifications ` and :ref:`Command Line Interface ` for details. +Additional notifications can be created through the UI or API. See :ref:`Notification Options ` and :ref:`Command Line Interface ` for details. **Make note of the password used as this will be used during first login to the Lemur UI.** @@ -209,7 +209,7 @@ Additional notifications can be created through the UI or API. See :ref:`Creati postgres=# ALTER USER lemur WITH NOSUPERUSER -.. note:: It is recommended that once the ``lemur`` user is created that you create individual users for every day access. There is currently no way for a user to self enroll for Lemur access, they must have an administrator create an account for them or be enrolled automatically through SSO. This can be done through the CLI or UI. See :ref:`Creating Users ` and :ref:`Command Line Interface ` for details. +.. note:: It is recommended that once the ``lemur`` user is created that you create individual users for every day access. There is currently no way for a user to self enroll for Lemur access, they must have an administrator create an account for them or be enrolled automatically through SSO. This can be done through the CLI or UI. See :ref:`Creating a New User ` and :ref:`Command Line Interface ` for details. Set Up a Reverse Proxy ---------------------- diff --git a/requirements-docs.in b/requirements-docs.in index b21ada07..6b8f5a81 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -7,6 +7,7 @@ acme arrow boto3 botocore +CloudFlare cryptography dnspython3 Flask @@ -29,6 +30,7 @@ pem pyjwt pyOpenSSL raven[flask] +retrying SQLAlchemy-Utils xmltodict diff --git a/requirements-docs.txt b/requirements-docs.txt index cfbeb3e5..f3e967c6 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -20,6 +20,8 @@ certifi==2020.12.5 # via requests chardet==3.0.4 # via requests +cloudflare==2.8.15 + # manual debug cryptography==3.4.5 # manual debug dnspython3==1.15.0 @@ -84,6 +86,8 @@ pytz==2019.3 # via babel raven[flask]==6.10.0 # manual debug +retrying==1.3.3 + # manual debug requests==2.25.1 # via sphinx six==1.15.0 From e464e62d01912325df6c33bbaa42fcf94ff4f2a2 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:33:00 -0800 Subject: [PATCH 25/31] Add dyn --- docs/developer/plugins/index.rst | 3 +-- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/developer/plugins/index.rst b/docs/developer/plugins/index.rst index 8ce50014..517b5a0d 100644 --- a/docs/developer/plugins/index.rst +++ b/docs/developer/plugins/index.rst @@ -145,8 +145,7 @@ The `IssuerPlugin` doesn't have any options like Destination, Source, and Notifi any fields you might need to submit a request to a third party. If there are additional options you need in your plugin feel free to open an issue, or look into adding additional options to issuers yourself. -Asynchronous Certificates -^^^^^^^^^^^^^^^^^^^^^^^^^ +**Asynchronous Certificates** An issuer may take some time to actually issue a certificate for an order. In this case, a `PendingCertificate` is returned, which holds information to recreate a `Certificate` object at a later time. Then, `get_ordered_certificate()` should be run periodically via `python manage.py pending_certs fetch -i all` to attempt to retrieve an ordered certificate:: def get_ordered_ceriticate(self, order_id): diff --git a/requirements-docs.in b/requirements-docs.in index 6b8f5a81..93dd3968 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -10,6 +10,7 @@ botocore CloudFlare cryptography dnspython3 +dyn Flask Flask-Bcrypt Flask-Cors diff --git a/requirements-docs.txt b/requirements-docs.txt index f3e967c6..b18706ae 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -30,6 +30,8 @@ dnspython==1.15.0 # manual debug docutils==0.15.2 # via sphinx +dyn==1.8.1 + # manual debug idna==2.9 # via requests imagesize==1.2.0 From 40f62a0ad7abb4792ca44cc9755e87a4e1aa5ed5 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:35:55 -0800 Subject: [PATCH 26/31] Add tabulate --- requirements-docs.in | 1 + requirements-docs.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/requirements-docs.in b/requirements-docs.in index 93dd3968..07b3e987 100644 --- a/requirements-docs.in +++ b/requirements-docs.in @@ -33,6 +33,7 @@ pyOpenSSL raven[flask] retrying SQLAlchemy-Utils +tabulate xmltodict # docs specific diff --git a/requirements-docs.txt b/requirements-docs.txt index b18706ae..41d5133b 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -121,6 +121,8 @@ sphinxcontrib-serializinghtml==1.1.4 # via sphinx sqlalchemy-utils==0.36.8 # manual debug +tabulate==0.8.7 + # manual debug urllib3==1.25.8 # via requests xmltodict==0.12.0 From 24c1415983a75eb29d77d7554e06efb614c33c4b Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:47:53 -0800 Subject: [PATCH 27/31] Fix AuthoritiesList post --- lemur/authorities/views.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lemur/authorities/views.py b/lemur/authorities/views.py index 094a5a74..aa3fbf6d 100644 --- a/lemur/authorities/views.py +++ b/lemur/authorities/views.py @@ -218,8 +218,7 @@ class AuthoritiesList(AuthenticatedResource): :arg parent: the parent authority if this is to be a subca :arg signingAlgorithm: algorithm used to sign the authority :arg keyType: key type - :arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored - in an HSM + :arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM :arg keyName: name of the key to store in the HSM (CloudCA) :arg serialNumber: serial number of the authority :arg firstSerial: specifies the starting serial number for certificates issued off of this authority From 5f2e32ff92bf4d8af9407c07ffc28342dd74b635 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 14:52:28 -0800 Subject: [PATCH 28/31] Fix AuthorityVisualizations --- lemur/authorities/views.py | 59 +++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 17 deletions(-) diff --git a/lemur/authorities/views.py b/lemur/authorities/views.py index aa3fbf6d..800c9975 100644 --- a/lemur/authorities/views.py +++ b/lemur/authorities/views.py @@ -493,23 +493,48 @@ class CertificateAuthority(AuthenticatedResource): class AuthorityVisualizations(AuthenticatedResource): def get(self, authority_id): """ - {"name": "flare", - "children": [ - { - "name": "analytics", - "children": [ - { - "name": "cluster", - "children": [ - {"name": "AgglomerativeCluster", "size": 3938}, - {"name": "CommunityStructure", "size": 3812}, - {"name": "HierarchicalCluster", "size": 6714}, - {"name": "MergeEdge", "size": 743} - ] - } - ] - } - ]} + .. http:get:: /authorities/1/visualize + + Authority visualization + + **Example request**: + + .. sourcecode:: http + + GET /certificates/1/visualize HTTP/1.1 + Host: example.com + Accept: application/json, text/javascript + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 200 OK + Vary: Accept + Content-Type: text/javascript + + {"name": "flare", + "children": [ + { + "name": "analytics", + "children": [ + { + "name": "cluster", + "children": [ + {"name": "AgglomerativeCluster", "size": 3938}, + {"name": "CommunityStructure", "size": 3812}, + {"name": "HierarchicalCluster", "size": 6714}, + {"name": "MergeEdge", "size": 743} + ] + } + ] + } + ] + } + + :reqheader Authorization: OAuth token to authenticate + :statuscode 200: no error + :statuscode 403: unauthenticated """ authority = service.get(authority_id) return dict( From 00c64ba52faae3de639426d41f4c6508a4563352 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 15:02:49 -0800 Subject: [PATCH 29/31] More doc style fixes --- lemur/authorities/views.py | 50 +++++++++++++++---------------- lemur/plugins/lemur_aws/plugin.py | 3 +- 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/lemur/authorities/views.py b/lemur/authorities/views.py index 800c9975..16441719 100644 --- a/lemur/authorities/views.py +++ b/lemur/authorities/views.py @@ -132,31 +132,31 @@ class AuthoritiesList(AuthenticatedResource): Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 - { - "country": "US", - "state": "California", - "location": "Los Gatos", - "organization": "Netflix", - "organizationalUnit": "Operations", - "type": "root", - "signingAlgorithm": "sha256WithRSA", - "sensitivity": "medium", - "keyType": "RSA2048", - "plugin": { - "slug": "cloudca-issuer" - }, - "name": "TimeTestAuthority5", - "owner": "secure@example.com", - "description": "test", - "commonName": "AcommonName", - "validityYears": "20", - "extensions": { - "subAltNames": { - "names": [] - }, - "custom": [] - } - } + { + "country": "US", + "state": "California", + "location": "Los Gatos", + "organization": "Netflix", + "organizationalUnit": "Operations", + "type": "root", + "signingAlgorithm": "sha256WithRSA", + "sensitivity": "medium", + "keyType": "RSA2048", + "plugin": { + "slug": "cloudca-issuer" + }, + "name": "TimeTestAuthority5", + "owner": "secure@example.com", + "description": "test", + "commonName": "AcommonName", + "validityYears": "20", + "extensions": { + "subAltNames": { + "names": [] + }, + "custom": [] + } + } **Example response**: diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py index efcce4d0..61c64dab 100644 --- a/lemur/plugins/lemur_aws/plugin.py +++ b/lemur/plugins/lemur_aws/plugin.py @@ -450,7 +450,8 @@ class S3DestinationPlugin(ExportDestinationPlugin): def upload_acme_token(self, token_path, token, options, **kwargs): """ - This is called from the acme http challenge + This is called from the acme http challenge + :param self: :param token_path: :param token: From da9e949e89a86b5a1d82af1f62b2f207c0026eb6 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 15:08:36 -0800 Subject: [PATCH 30/31] Remove extra spaces --- lemur/destinations/service.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/destinations/service.py b/lemur/destinations/service.py index 7bae57f0..5e302c6d 100644 --- a/lemur/destinations/service.py +++ b/lemur/destinations/service.py @@ -21,7 +21,7 @@ def create(label, plugin_name, options, description=None): :param label: Destination common name :param description: - :rtype : Destination + :rtype: Destination :return: New destination """ # remove any sub-plugin objects before try to save the json options @@ -50,7 +50,7 @@ def update(destination_id, label, plugin_name, options, description): :param plugin_name: :param options: :param description: - :rtype : Destination + :rtype: Destination :return: """ destination = get(destination_id) @@ -81,7 +81,7 @@ def get(destination_id): Retrieves an destination by its lemur assigned ID. :param destination_id: Lemur assigned ID - :rtype : Destination + :rtype: Destination :return: """ return database.get(Destination, destination_id) From 360e4c61540d0202c044ea35160d7fc0c4d5f461 Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Wed, 17 Feb 2021 15:10:15 -0800 Subject: [PATCH 31/31] Remove extra spaces --- lemur/notifications/service.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/notifications/service.py b/lemur/notifications/service.py index 5bc5f3e1..fd8ba20f 100644 --- a/lemur/notifications/service.py +++ b/lemur/notifications/service.py @@ -94,7 +94,7 @@ def create(label, plugin_name, options, description, certificates): :param options: :param description: :param certificates: - :rtype : Notification + :rtype: Notification :return: """ notification = Notification( @@ -115,7 +115,7 @@ def update(notification_id, label, plugin_name, options, description, active, ce :param description: :param active: :param certificates: - :rtype : Notification + :rtype: Notification :return: """ notification = get(notification_id) @@ -144,7 +144,7 @@ def get(notification_id): Retrieves an notification by its lemur assigned ID. :param notification_id: Lemur assigned ID - :rtype : Notification + :rtype: Notification :return: """ return database.get(Notification, notification_id)