Merge branch 'master' into generalizing-api

2019-06-20 16:13:04 -07:00 · 2019-06-20 16:13:04 -07:00 · 39d65db7fd
parent 34cdd29a50 5b8c600261
commit 39d65db7fd
11 changed files with 83 additions and 46 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM python:3.5
+FROM python:3.7
 RUN apt-get update
 RUN apt-get install -y make software-properties-common curl
 RUN curl -sL https://deb.nodesource.com/setup_7.x | bash -
--- a/lemur/notifications/messaging.py
+++ b/lemur/notifications/messaging.py
@ -52,7 +52,7 @@ def get_certificates(exclude=None):

    certs = []

-    for c in windowed_query(q, Certificate.id, 100):
+    for c in windowed_query(q, Certificate.id, 10000):
        if needs_notification(c):
            certs.append(c)

@ -140,12 +140,6 @@ def send_expiration_notifications(exclude):
                notification_data.append(cert_data)
                security_data.append(cert_data)

-            notification_recipient = get_plugin_option(
-                "recipients", notification.options
-            )
-            if notification_recipient:
-                notification_recipient = notification_recipient.split(",")
-
            if send_notification(
                "expiration", notification_data, [owner], notification
            ):
@ -153,10 +147,16 @@ def send_expiration_notifications(exclude):
            else:
                failure += 1

+            notification_recipient = get_plugin_option(
+                "recipients", notification.options
+            )
+            if notification_recipient:
+                notification_recipient = notification_recipient.split(",")
+                # removing owner and security_email from notification_recipient
+                notification_recipient = [i for i in notification_recipient if i not in security_email and i != owner]
+
            if (
                notification_recipient
-                and owner != notification_recipient
-                and security_email != notification_recipient
            ):
                if send_notification(
                    "expiration",
--- a/lemur/plugins/lemur_vault_dest/plugin.py
+++ b/lemur/plugins/lemur_vault_dest/plugin.py
@ -67,14 +67,14 @@ class VaultSourcePlugin(SourcePlugin):
            "name": "vaultPath",
            "type": "str",
            "required": True,
-            "validation": "^([a-zA-Z0-9_-]+/?)+$",
+            "validation": "^([a-zA-Z0-9._-]+/?)+$",
            "helpMessage": "Must be a valid Vault secrets path",
        },
        {
            "name": "objectName",
            "type": "str",
            "required": True,
-            "validation": "[0-9a-zA-Z:_-]+",
+            "validation": "[0-9a-zA-Z.:_-]+",
            "helpMessage": "Object Name to search",
        },
    ]
@ -177,14 +177,14 @@ class VaultDestinationPlugin(DestinationPlugin):
            "name": "vaultPath",
            "type": "str",
            "required": True,
-            "validation": "^([a-zA-Z0-9_-]+/?)+$",
+            "validation": "^([a-zA-Z0-9._-]+/?)+$",
            "helpMessage": "Must be a valid Vault secrets path",
        },
        {
            "name": "objectName",
            "type": "str",
            "required": False,
-            "validation": "[0-9a-zA-Z:_-]+",
+            "validation": "[0-9a-zA-Z.:_-]+",
            "helpMessage": "Name to bundle certs under, if blank use cn",
        },
        {
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@ -33,6 +33,8 @@
               uib-tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' by clicking 'More Options'"
               ng-model="certificate.commonName" placeholder="Common Name" class="form-control"
               ng-maxlength="64"
+               ng-blur="certificate.attachCommonName()"
+               ng-focus="certificate.removeCommonName()"
               required/>

        <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@ -18,6 +18,26 @@ angular.module('lemur')
          this.authority = authority;
          this.authority.maxDate = moment(this.authority.notAfter).subtract(1, 'days').format('YYYY/MM/DD');
        },
+        attachCommonName: function () {
+          if (this.extensions === undefined) {
+            this.extensions = {};
+          }
+
+          if (this.extensions.subAltNames === undefined) {
+            this.extensions.subAltNames = {'names': []};
+          }
+
+          if (angular.isString(this.commonName)) {
+            this.extensions.subAltNames.names.unshift({'nameType': 'DNSName', 'value': this.commonName});
+          }
+        },
+        removeCommonName: function () {
+          if (angular.isDefined(this.extensions) && angular.isDefined(this.extensions.subAltNames)) {
+            if (angular.equals(this.extensions.subAltNames.names[0].value, this.commonName)) {
+              this.extensions.subAltNames.names.shift();
+            }
+          }
+        },
        attachSubAltName: function () {
          if (this.extensions === undefined) {
            this.extensions = {};
--- a/lemur/static/app/angular/certificates/view/view.js
+++ b/lemur/static/app/angular/certificates/view/view.js
@ -17,7 +17,7 @@ angular.module('lemur')
      });
  })

-  .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) {
+  .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, $location, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) {
    $scope.filter = $stateParams;
    $scope.certificateTable = new ngTableParams({
      page: 1,            // show first page
@ -29,11 +29,24 @@ angular.module('lemur')
    }, {
      total: 0,           // length of data
      getData: function ($defer, params) {
-        CertificateApi.getList(params.url())
-          .then(function (data) {
-            params.total(data.total);
-            $defer.resolve(data);
-          });
+        $scope.path = $location.path();
+        // Handle Permalink clicks through a separate API
+        // Clicking on Permalink adds the certificate name to the URL after "certificates/", which is used to identify the click
+        if ($scope.path.indexOf('certificates/') > -1 && $scope.path.split('/')[2].length > 0) {
+          $scope.certificateName = $scope.path.split('/')[2];
+          CertificateApi.one('name').one($scope.certificateName).getList()
+            .then(function (data) {
+              params.total(data.total);
+              $defer.resolve(data);
+            });
+        }
+        else {
+          CertificateApi.getList(params.url())
+              .then(function (data) {
+                params.total(data.total);
+                $defer.resolve(data);
+              });
+        }
      }
    });

--- a/package.json
+++ b/package.json
@ -9,7 +9,6 @@
    "bower": "^1.8.2",
    "browser-sync": "^2.3.1",
    "del": "^2.2.2",
-    "gulp": "^3.8.11",
    "gulp-autoprefixer": "^3.1.1",
    "gulp-cache": "^0.4.5",
    "gulp-concat": "^2.4.1",
@ -60,6 +59,7 @@
    "test": "gulp test"
  },
  "devDependencies": {
+    "gulp": "^3.9.1",
    "jshint": "^2.8.0",
    "karma-chrome-launcher": "^2.0.0"
  }
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@ -10,15 +10,15 @@ alembic-autogenerate-enums==0.0.2
 alembic==1.0.10
 amqp==2.5.0
 aniso8601==6.0.0
-arrow==0.13.2
+arrow==0.14.2
 asn1crypto==0.24.0
 asyncpool==1.0
 babel==2.7.0              # via sphinx
 bcrypt==3.1.6
 billiard==3.6.0.0
 blinker==1.4
-boto3==1.9.158
-botocore==1.12.158
+boto3==1.9.160
+botocore==1.12.160
 celery[redis]==4.3.0
 certifi==2019.3.9
 certsrv==2.1.1
@ -26,7 +26,7 @@ cffi==1.12.3
 chardet==3.0.4
 click==7.0
 cloudflare==2.3.0
-cryptography==2.6.1
+cryptography==2.7
 dnspython3==1.15.0
 dnspython==1.15.0
 docutils==0.14
@ -36,7 +36,7 @@ flask-cors==3.0.7
 flask-mail==0.9.1
 flask-migrate==2.5.2
 flask-principal==0.4.0
-flask-replicated==1.2
+flask-replicated==1.3
 flask-restful==0.3.7
 flask-script==2.0.6
 flask-sqlalchemy==2.4.0
@ -53,10 +53,10 @@ jinja2==2.10.1
 jmespath==0.9.4
 josepy==1.1.0
 jsonlines==1.2.0
-kombu==4.6.0
+kombu==4.5.0
 lockfile==0.12.2
 logmatic-python==0.1.7
-mako==1.0.10
+mako==1.0.11
 markupsafe==1.1.1
 marshmallow-sqlalchemy==0.16.3
 marshmallow==2.19.2
@ -91,7 +91,7 @@ s3transfer==0.2.0
 six==1.12.0
 snowballstemmer==1.2.1    # via sphinx
 sphinx-rtd-theme==0.4.3
-sphinx==2.0.1
+sphinx==2.1.0
 sphinxcontrib-applehelp==1.0.1  # via sphinx
 sphinxcontrib-devhelp==1.0.1  # via sphinx
 sphinxcontrib-htmlhelp==1.0.2  # via sphinx
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@ -12,16 +12,16 @@ aws-sam-translator==1.11.0  # via cfn-lint
 aws-xray-sdk==2.4.2       # via moto
 bandit==1.6.0
 black==19.3b0
-boto3==1.9.158            # via aws-sam-translator, moto
+boto3==1.9.160            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.12.158        # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.12.160        # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2019.3.9         # via requests
 cffi==1.12.3              # via cryptography
-cfn-lint==0.21.3          # via moto
+cfn-lint==0.21.4          # via moto
 chardet==3.0.4            # via requests
 click==7.0                # via black, flask
 coverage==4.5.3
-cryptography==2.6.1       # via moto
+cryptography==2.7         # via moto
 docker==4.0.1             # via moto
 docutils==0.14            # via botocore
 ecdsa==0.13.2             # via python-jose
@ -33,7 +33,7 @@ future==0.17.1            # via aws-xray-sdk, python-jose
 gitdb2==2.0.5             # via gitpython
 gitpython==2.1.11         # via bandit
 idna==2.8                 # via moto, requests
-importlib-metadata==0.17  # via pluggy
+importlib-metadata==0.17  # via pluggy, pytest
 itsdangerous==1.1.0       # via flask
 jinja2==2.10.1            # via flask, moto
 jmespath==0.9.4           # via boto3, botocore
@ -47,30 +47,32 @@ mock==3.0.5               # via moto
 more-itertools==7.0.0     # via pytest
 moto==1.3.8
 nose==1.3.7
+packaging==19.0           # via pytest
 pbr==5.2.1                # via stevedore
 pluggy==0.12.0            # via pytest
 py==1.8.0                 # via pytest
 pyasn1==0.4.5             # via rsa
 pycparser==2.19           # via cffi
 pyflakes==2.1.1
+pyparsing==2.4.0          # via packaging
 pytest-flask==0.15.0
 pytest-mock==1.10.4
-pytest==4.5.0
+pytest==4.6.2
 python-dateutil==2.8.0    # via botocore, faker, freezegun, moto
 python-jose==3.0.1        # via moto
 pytz==2019.1              # via moto
 pyyaml==5.1
 requests-mock==1.6.0
-requests==2.21.0          # via cfn-lint, docker, moto, requests-mock, responses
+requests==2.22.0          # via cfn-lint, docker, moto, requests-mock, responses
 responses==0.10.6         # via moto
 rsa==4.0                  # via python-jose
 s3transfer==0.2.0         # via boto3
-six==1.12.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
+six==1.12.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, packaging, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
 smmap2==2.0.5             # via gitdb2
 stevedore==1.30.1         # via bandit
 text-unidecode==1.2       # via faker
 toml==0.10.0              # via black
-urllib3==1.24.3           # via botocore, requests
+urllib3==1.25.3           # via botocore, requests
 wcwidth==0.1.7            # via pytest
 websocket-client==0.56.0  # via docker
 werkzeug==0.15.4          # via flask, moto, pytest-flask
--- a/requirements.in
+++ b/requirements.in
@ -28,7 +28,7 @@ gunicorn
 hvac # required for the vault destination plugin
 inflection
 jinja2
-kombu
+kombu<4.6.0 # Bug with inspecting active tasks: https://github.com/celery/kombu/issues/1051
 lockfile
 logmatic-python
 marshmallow-sqlalchemy
--- a/requirements.txt
+++ b/requirements.txt
@ -9,14 +9,14 @@ alembic-autogenerate-enums==0.0.2
 alembic==1.0.10           # via flask-migrate
 amqp==2.5.0               # via kombu
 aniso8601==6.0.0          # via flask-restful
-arrow==0.13.2
+arrow==0.14.2
 asn1crypto==0.24.0        # via cryptography
 asyncpool==1.0
 bcrypt==3.1.6             # via flask-bcrypt, paramiko
 billiard==3.6.0.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.9.158
-botocore==1.12.158
+boto3==1.9.160
+botocore==1.12.160
 celery[redis]==4.3.0
 certifi==2019.3.9
 certsrv==2.1.1
@ -24,7 +24,7 @@ cffi==1.12.3              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.0                # via flask
 cloudflare==2.3.0
-cryptography==2.6.1
+cryptography==2.7
 dnspython3==1.15.0
 dnspython==1.15.0         # via dnspython3
 docutils==0.14            # via botocore
@ -34,7 +34,7 @@ flask-cors==3.0.7
 flask-mail==0.9.1
 flask-migrate==2.5.2
 flask-principal==0.4.0
-flask-replicated==1.2
+flask-replicated==1.3
 flask-restful==0.3.7
 flask-script==2.0.6
 flask-sqlalchemy==2.4.0
@ -50,10 +50,10 @@ jinja2==2.10.1
 jmespath==0.9.4           # via boto3, botocore
 josepy==1.1.0             # via acme
 jsonlines==1.2.0          # via cloudflare
-kombu==4.6.0
+kombu==4.5.0
 lockfile==0.12.2
 logmatic-python==0.1.7
-mako==1.0.10              # via alembic
+mako==1.0.11              # via alembic
 markupsafe==1.1.1         # via jinja2, mako
 marshmallow-sqlalchemy==0.16.3
 marshmallow==2.19.2