diff --git a/Dockerfile b/Dockerfile index b9d7335e..b9439be7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.5 +FROM python:3.7 RUN apt-get update RUN apt-get install -y make software-properties-common curl RUN curl -sL https://deb.nodesource.com/setup_7.x | bash - diff --git a/lemur/notifications/messaging.py b/lemur/notifications/messaging.py index 919b73db..82db7b6e 100644 --- a/lemur/notifications/messaging.py +++ b/lemur/notifications/messaging.py @@ -52,7 +52,7 @@ def get_certificates(exclude=None): certs = [] - for c in windowed_query(q, Certificate.id, 100): + for c in windowed_query(q, Certificate.id, 10000): if needs_notification(c): certs.append(c) @@ -140,12 +140,6 @@ def send_expiration_notifications(exclude): notification_data.append(cert_data) security_data.append(cert_data) - notification_recipient = get_plugin_option( - "recipients", notification.options - ) - if notification_recipient: - notification_recipient = notification_recipient.split(",") - if send_notification( "expiration", notification_data, [owner], notification ): @@ -153,10 +147,16 @@ def send_expiration_notifications(exclude): else: failure += 1 + notification_recipient = get_plugin_option( + "recipients", notification.options + ) + if notification_recipient: + notification_recipient = notification_recipient.split(",") + # removing owner and security_email from notification_recipient + notification_recipient = [i for i in notification_recipient if i not in security_email and i != owner] + if ( notification_recipient - and owner != notification_recipient - and security_email != notification_recipient ): if send_notification( "expiration", diff --git a/lemur/plugins/lemur_vault_dest/plugin.py b/lemur/plugins/lemur_vault_dest/plugin.py index 58a6dc18..b6d1ed75 100644 --- a/lemur/plugins/lemur_vault_dest/plugin.py +++ b/lemur/plugins/lemur_vault_dest/plugin.py @@ -67,14 +67,14 @@ class VaultSourcePlugin(SourcePlugin): "name": "vaultPath", "type": "str", "required": True, - "validation": "^([a-zA-Z0-9_-]+/?)+$", + "validation": "^([a-zA-Z0-9._-]+/?)+$", "helpMessage": "Must be a valid Vault secrets path", }, { "name": "objectName", "type": "str", "required": True, - "validation": "[0-9a-zA-Z:_-]+", + "validation": "[0-9a-zA-Z.:_-]+", "helpMessage": "Object Name to search", }, ] @@ -177,14 +177,14 @@ class VaultDestinationPlugin(DestinationPlugin): "name": "vaultPath", "type": "str", "required": True, - "validation": "^([a-zA-Z0-9_-]+/?)+$", + "validation": "^([a-zA-Z0-9._-]+/?)+$", "helpMessage": "Must be a valid Vault secrets path", }, { "name": "objectName", "type": "str", "required": False, - "validation": "[0-9a-zA-Z:_-]+", + "validation": "[0-9a-zA-Z.:_-]+", "helpMessage": "Name to bundle certs under, if blank use cn", }, { diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html index b64f6e3d..573510cd 100644 --- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html @@ -33,6 +33,8 @@ uib-tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' by clicking 'More Options'" ng-model="certificate.commonName" placeholder="Common Name" class="form-control" ng-maxlength="64" + ng-blur="certificate.attachCommonName()" + ng-focus="certificate.removeCommonName()" required/>
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js index ecd7870f..3a23076d 100644 --- a/lemur/static/app/angular/certificates/services.js +++ b/lemur/static/app/angular/certificates/services.js @@ -18,6 +18,26 @@ angular.module('lemur') this.authority = authority; this.authority.maxDate = moment(this.authority.notAfter).subtract(1, 'days').format('YYYY/MM/DD'); }, + attachCommonName: function () { + if (this.extensions === undefined) { + this.extensions = {}; + } + + if (this.extensions.subAltNames === undefined) { + this.extensions.subAltNames = {'names': []}; + } + + if (angular.isString(this.commonName)) { + this.extensions.subAltNames.names.unshift({'nameType': 'DNSName', 'value': this.commonName}); + } + }, + removeCommonName: function () { + if (angular.isDefined(this.extensions) && angular.isDefined(this.extensions.subAltNames)) { + if (angular.equals(this.extensions.subAltNames.names[0].value, this.commonName)) { + this.extensions.subAltNames.names.shift(); + } + } + }, attachSubAltName: function () { if (this.extensions === undefined) { this.extensions = {}; diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js index 0008dd64..6712e62a 100644 --- a/lemur/static/app/angular/certificates/view/view.js +++ b/lemur/static/app/angular/certificates/view/view.js @@ -17,7 +17,7 @@ angular.module('lemur') }); }) - .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) { + .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, $location, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) { $scope.filter = $stateParams; $scope.certificateTable = new ngTableParams({ page: 1, // show first page @@ -29,11 +29,24 @@ angular.module('lemur') }, { total: 0, // length of data getData: function ($defer, params) { - CertificateApi.getList(params.url()) - .then(function (data) { - params.total(data.total); - $defer.resolve(data); - }); + $scope.path = $location.path(); + // Handle Permalink clicks through a separate API + // Clicking on Permalink adds the certificate name to the URL after "certificates/", which is used to identify the click + if ($scope.path.indexOf('certificates/') > -1 && $scope.path.split('/')[2].length > 0) { + $scope.certificateName = $scope.path.split('/')[2]; + CertificateApi.one('name').one($scope.certificateName).getList() + .then(function (data) { + params.total(data.total); + $defer.resolve(data); + }); + } + else { + CertificateApi.getList(params.url()) + .then(function (data) { + params.total(data.total); + $defer.resolve(data); + }); + } } }); diff --git a/package.json b/package.json index f47978db..fe1267a6 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,6 @@ "bower": "^1.8.2", "browser-sync": "^2.3.1", "del": "^2.2.2", - "gulp": "^3.8.11", "gulp-autoprefixer": "^3.1.1", "gulp-cache": "^0.4.5", "gulp-concat": "^2.4.1", @@ -60,6 +59,7 @@ "test": "gulp test" }, "devDependencies": { + "gulp": "^3.9.1", "jshint": "^2.8.0", "karma-chrome-launcher": "^2.0.0" } diff --git a/requirements-docs.txt b/requirements-docs.txt index fbd70c49..c0fe427e 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -10,15 +10,15 @@ alembic-autogenerate-enums==0.0.2 alembic==1.0.10 amqp==2.5.0 aniso8601==6.0.0 -arrow==0.13.2 +arrow==0.14.2 asn1crypto==0.24.0 asyncpool==1.0 babel==2.7.0 # via sphinx bcrypt==3.1.6 billiard==3.6.0.0 blinker==1.4 -boto3==1.9.158 -botocore==1.12.158 +boto3==1.9.160 +botocore==1.12.160 celery[redis]==4.3.0 certifi==2019.3.9 certsrv==2.1.1 @@ -26,7 +26,7 @@ cffi==1.12.3 chardet==3.0.4 click==7.0 cloudflare==2.3.0 -cryptography==2.6.1 +cryptography==2.7 dnspython3==1.15.0 dnspython==1.15.0 docutils==0.14 @@ -36,7 +36,7 @@ flask-cors==3.0.7 flask-mail==0.9.1 flask-migrate==2.5.2 flask-principal==0.4.0 -flask-replicated==1.2 +flask-replicated==1.3 flask-restful==0.3.7 flask-script==2.0.6 flask-sqlalchemy==2.4.0 @@ -53,10 +53,10 @@ jinja2==2.10.1 jmespath==0.9.4 josepy==1.1.0 jsonlines==1.2.0 -kombu==4.6.0 +kombu==4.5.0 lockfile==0.12.2 logmatic-python==0.1.7 -mako==1.0.10 +mako==1.0.11 markupsafe==1.1.1 marshmallow-sqlalchemy==0.16.3 marshmallow==2.19.2 @@ -91,7 +91,7 @@ s3transfer==0.2.0 six==1.12.0 snowballstemmer==1.2.1 # via sphinx sphinx-rtd-theme==0.4.3 -sphinx==2.0.1 +sphinx==2.1.0 sphinxcontrib-applehelp==1.0.1 # via sphinx sphinxcontrib-devhelp==1.0.1 # via sphinx sphinxcontrib-htmlhelp==1.0.2 # via sphinx diff --git a/requirements-tests.txt b/requirements-tests.txt index cf53fa17..77bc92af 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -12,16 +12,16 @@ aws-sam-translator==1.11.0 # via cfn-lint aws-xray-sdk==2.4.2 # via moto bandit==1.6.0 black==19.3b0 -boto3==1.9.158 # via aws-sam-translator, moto +boto3==1.9.160 # via aws-sam-translator, moto boto==2.49.0 # via moto -botocore==1.12.158 # via aws-xray-sdk, boto3, moto, s3transfer +botocore==1.12.160 # via aws-xray-sdk, boto3, moto, s3transfer certifi==2019.3.9 # via requests cffi==1.12.3 # via cryptography -cfn-lint==0.21.3 # via moto +cfn-lint==0.21.4 # via moto chardet==3.0.4 # via requests click==7.0 # via black, flask coverage==4.5.3 -cryptography==2.6.1 # via moto +cryptography==2.7 # via moto docker==4.0.1 # via moto docutils==0.14 # via botocore ecdsa==0.13.2 # via python-jose @@ -33,7 +33,7 @@ future==0.17.1 # via aws-xray-sdk, python-jose gitdb2==2.0.5 # via gitpython gitpython==2.1.11 # via bandit idna==2.8 # via moto, requests -importlib-metadata==0.17 # via pluggy +importlib-metadata==0.17 # via pluggy, pytest itsdangerous==1.1.0 # via flask jinja2==2.10.1 # via flask, moto jmespath==0.9.4 # via boto3, botocore @@ -47,30 +47,32 @@ mock==3.0.5 # via moto more-itertools==7.0.0 # via pytest moto==1.3.8 nose==1.3.7 +packaging==19.0 # via pytest pbr==5.2.1 # via stevedore pluggy==0.12.0 # via pytest py==1.8.0 # via pytest pyasn1==0.4.5 # via rsa pycparser==2.19 # via cffi pyflakes==2.1.1 +pyparsing==2.4.0 # via packaging pytest-flask==0.15.0 pytest-mock==1.10.4 -pytest==4.5.0 +pytest==4.6.2 python-dateutil==2.8.0 # via botocore, faker, freezegun, moto python-jose==3.0.1 # via moto pytz==2019.1 # via moto pyyaml==5.1 requests-mock==1.6.0 -requests==2.21.0 # via cfn-lint, docker, moto, requests-mock, responses +requests==2.22.0 # via cfn-lint, docker, moto, requests-mock, responses responses==0.10.6 # via moto rsa==4.0 # via python-jose s3transfer==0.2.0 # via boto3 -six==1.12.0 # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client +six==1.12.0 # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, packaging, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client smmap2==2.0.5 # via gitdb2 stevedore==1.30.1 # via bandit text-unidecode==1.2 # via faker toml==0.10.0 # via black -urllib3==1.24.3 # via botocore, requests +urllib3==1.25.3 # via botocore, requests wcwidth==0.1.7 # via pytest websocket-client==0.56.0 # via docker werkzeug==0.15.4 # via flask, moto, pytest-flask diff --git a/requirements.in b/requirements.in index ae64c225..d766b7a9 100644 --- a/requirements.in +++ b/requirements.in @@ -28,7 +28,7 @@ gunicorn hvac # required for the vault destination plugin inflection jinja2 -kombu +kombu<4.6.0 # Bug with inspecting active tasks: https://github.com/celery/kombu/issues/1051 lockfile logmatic-python marshmallow-sqlalchemy diff --git a/requirements.txt b/requirements.txt index 7dde8a3d..c19c7b6e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,14 +9,14 @@ alembic-autogenerate-enums==0.0.2 alembic==1.0.10 # via flask-migrate amqp==2.5.0 # via kombu aniso8601==6.0.0 # via flask-restful -arrow==0.13.2 +arrow==0.14.2 asn1crypto==0.24.0 # via cryptography asyncpool==1.0 bcrypt==3.1.6 # via flask-bcrypt, paramiko billiard==3.6.0.0 # via celery blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.9.158 -botocore==1.12.158 +boto3==1.9.160 +botocore==1.12.160 celery[redis]==4.3.0 certifi==2019.3.9 certsrv==2.1.1 @@ -24,7 +24,7 @@ cffi==1.12.3 # via bcrypt, cryptography, pynacl chardet==3.0.4 # via requests click==7.0 # via flask cloudflare==2.3.0 -cryptography==2.6.1 +cryptography==2.7 dnspython3==1.15.0 dnspython==1.15.0 # via dnspython3 docutils==0.14 # via botocore @@ -34,7 +34,7 @@ flask-cors==3.0.7 flask-mail==0.9.1 flask-migrate==2.5.2 flask-principal==0.4.0 -flask-replicated==1.2 +flask-replicated==1.3 flask-restful==0.3.7 flask-script==2.0.6 flask-sqlalchemy==2.4.0 @@ -50,10 +50,10 @@ jinja2==2.10.1 jmespath==0.9.4 # via boto3, botocore josepy==1.1.0 # via acme jsonlines==1.2.0 # via cloudflare -kombu==4.6.0 +kombu==4.5.0 lockfile==0.12.2 logmatic-python==0.1.7 -mako==1.0.10 # via alembic +mako==1.0.11 # via alembic markupsafe==1.1.1 # via jinja2, mako marshmallow-sqlalchemy==0.16.3 marshmallow==2.19.2