Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1509 from intgr/fill-missing-rotation-policy 

Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
This commit is contained in:
Curtis 2018-08-07 09:40:09 -07:00 committed by GitHub
parent e0c6d6dd7d cf71f88680
commit 3463848cb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 50 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemur/certificates/service.py
View File

@ -514,7 +514,9 @@ def get_certificate_primitives(certificate):
certificate via `create`.
"""
start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data
ser = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data)
assert not ser.errors, "Error re-serializing certificate: %s" % ser.errors
data = ser.data
# we can't quite tell if we are using a custom name, as this is an automated process (typically)
# we will rely on the Lemur generated name

33
lemur/migrations/versions/1db4f82bc780_.py Normal file
View File

@ -0,0 +1,33 @@
"""Add default rotation_policy to certs where it's missing
Revision ID: 1db4f82bc780
Revises: 3adfdd6598df
Create Date: 2018-08-03 12:56:44.565230
"""
# revision identifiers, used by Alembic.
revision = '1db4f82bc780'
down_revision = '3adfdd6598df'
import logging
from alembic import op
log = logging.getLogger(__name__)
def upgrade():
connection = op.get_bind()
result = connection.execute("""\
UPDATE certificates
SET rotation_policy_id=(SELECT id FROM rotation_policies WHERE name='default')
WHERE rotation_policy_id IS NULL
RETURNING id
""")
log.info("Filled rotation_policy for %d certificates" % result.rowcount)
def downgrade():
pass

3
lemur/tests/conf.py
View File

@ -23,7 +23,8 @@ LEMUR_ENCRYPTION_KEYS = 'o61sBLNBSGtAckngtNrfVNd8xy8Hp9LBGDstTbMbqCY='
# List of domain regular expressions that non-admin users can issue
LEMUR_WHITELISTED_DOMAINS = [
'^[a-zA-Z0-9-]+\.example\.com$'
'^[a-zA-Z0-9-]+\.example\.com$',
'^example\d+\.long\.com$',
]
# Mail Server

21
lemur/tests/factories.py
View File

@ -31,6 +31,16 @@ class BaseFactory(SQLAlchemyModelFactory):
sqlalchemy_session = db.session
class RotationPolicyFactory(BaseFactory):
"""Rotation Factory."""
name = Sequence(lambda n: 'policy{0}'.format(n))
days = 30
class Meta:
"""Factory configuration."""
model = RotationPolicy
class CertificateFactory(BaseFactory):
"""Certificate factory."""
name = Sequence(lambda n: 'certificate{0}'.format(n))
@ -43,6 +53,7 @@ class CertificateFactory(BaseFactory):
description = FuzzyText(length=128)
active = True
date_created = FuzzyDate(date(2016, 1, 1), date(2020, 1, 1))
rotation_policy = SubFactory(RotationPolicyFactory)
class Meta:
"""Factory Configuration."""
@ -150,16 +161,6 @@ class AsyncAuthorityFactory(AuthorityFactory):
authority_certificate = SubFactory(CertificateFactory)
class RotationPolicyFactory(BaseFactory):
"""Rotation Factory."""
name = Sequence(lambda n: 'policy{0}'.format(n))
days = 30
class Meta:
"""Factory configuration."""
model = RotationPolicy
class DestinationFactory(BaseFactory):
"""Destination factory."""
plugin_name = 'test-destination'

2
lemur/tests/test_certificates.py
View File

@ -46,7 +46,7 @@ def test_get_certificate_primitives(certificate):
with freeze_time(datetime.date(year=2016, month=10, day=30)):
primitives = get_certificate_primitives(certificate)
assert len(primitives) == 24
assert len(primitives) == 25
def test_certificate_output_schema(session, certificate, issuer_plugin):