Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into generalizing-api

This commit is contained in:
Hossein Shafagh 2019-06-20 16:13:04 -07:00 committed by GitHub
parent 34cdd29a50 5b8c600261
commit 39d65db7fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 83 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM python:3.5 FROM python:3.7
RUN apt-get update RUN apt-get update
RUN apt-get install -y make software-properties-common curl RUN apt-get install -y make software-properties-common curl
RUN curl -sL https://deb.nodesource.com/setup_7.x | bash - RUN curl -sL https://deb.nodesource.com/setup_7.x | bash -

18
lemur/notifications/messaging.py
View File

@ -52,7 +52,7 @@ def get_certificates(exclude=None):
certs = [] certs = []
for c in windowed_query(q, Certificate.id, 100): for c in windowed_query(q, Certificate.id, 10000):
if needs_notification(c): if needs_notification(c):
certs.append(c) certs.append(c)
@ -140,12 +140,6 @@ def send_expiration_notifications(exclude):
notification_data.append(cert_data) notification_data.append(cert_data)
security_data.append(cert_data) security_data.append(cert_data)
notification_recipient = get_plugin_option(
"recipients", notification.options
)
if notification_recipient:
notification_recipient = notification_recipient.split(",")
if send_notification( if send_notification(
"expiration", notification_data, [owner], notification "expiration", notification_data, [owner], notification
): ):
@ -153,10 +147,16 @@ def send_expiration_notifications(exclude):
else: else:
failure += 1 failure += 1
notification_recipient = get_plugin_option(
"recipients", notification.options
)
if notification_recipient:
notification_recipient = notification_recipient.split(",")
# removing owner and security_email from notification_recipient
notification_recipient = [i for i in notification_recipient if i not in security_email and i != owner]
if ( if (
notification_recipient notification_recipient
and owner != notification_recipient
and security_email != notification_recipient
): ):
if send_notification( if send_notification(
"expiration", "expiration",

8
lemur/plugins/lemur_vault_dest/plugin.py
View File

@ -67,14 +67,14 @@ class VaultSourcePlugin(SourcePlugin):
"name": "vaultPath", "name": "vaultPath",
"type": "str", "type": "str",
"required": True, "required": True,
"validation": "^([a-zA-Z0-9_-]+/?)+$", "validation": "^([a-zA-Z0-9._-]+/?)+$",
"helpMessage": "Must be a valid Vault secrets path", "helpMessage": "Must be a valid Vault secrets path",
}, },
{ {
"name": "objectName", "name": "objectName",
"type": "str", "type": "str",
"required": True, "required": True,
"validation": "[0-9a-zA-Z:_-]+", "validation": "[0-9a-zA-Z.:_-]+",
"helpMessage": "Object Name to search", "helpMessage": "Object Name to search",
}, },
] ]
@ -177,14 +177,14 @@ class VaultDestinationPlugin(DestinationPlugin):
"name": "vaultPath", "name": "vaultPath",
"type": "str", "type": "str",
"required": True, "required": True,
"validation": "^([a-zA-Z0-9_-]+/?)+$", "validation": "^([a-zA-Z0-9._-]+/?)+$",
"helpMessage": "Must be a valid Vault secrets path", "helpMessage": "Must be a valid Vault secrets path",
}, },
{ {
"name": "objectName", "name": "objectName",
"type": "str", "type": "str",
"required": False, "required": False,
"validation": "[0-9a-zA-Z:_-]+", "validation": "[0-9a-zA-Z.:_-]+",
"helpMessage": "Name to bundle certs under, if blank use cn", "helpMessage": "Name to bundle certs under, if blank use cn",
}, },
{ {

2
lemur/static/app/angular/certificates/certificate/tracking.tpl.html
View File

@ -33,6 +33,8 @@
uib-tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' by clicking 'More Options'" uib-tooltip="If you need a certificate with multiple domains enter your primary domain here and the rest under 'Subject Alternate Names' by clicking 'More Options'"
ng-model="certificate.commonName" placeholder="Common Name" class="form-control" ng-model="certificate.commonName" placeholder="Common Name" class="form-control"
ng-maxlength="64" ng-maxlength="64"
ng-blur="certificate.attachCommonName()"
ng-focus="certificate.removeCommonName()"
required/> required/>
<p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block"> <p ng-show="trackingForm.commonName.$invalid && !trackingForm.commonName.$pristine" class="help-block">

20
lemur/static/app/angular/certificates/services.js vendored
View File

@ -18,6 +18,26 @@ angular.module('lemur')
this.authority = authority; this.authority = authority;
this.authority.maxDate = moment(this.authority.notAfter).subtract(1, 'days').format('YYYY/MM/DD'); this.authority.maxDate = moment(this.authority.notAfter).subtract(1, 'days').format('YYYY/MM/DD');
}, },
attachCommonName: function () {
if (this.extensions === undefined) {
this.extensions = {};
}
if (this.extensions.subAltNames === undefined) {
this.extensions.subAltNames = {'names': []};
}
if (angular.isString(this.commonName)) {
this.extensions.subAltNames.names.unshift({'nameType': 'DNSName', 'value': this.commonName});
}
},
removeCommonName: function () {
if (angular.isDefined(this.extensions) && angular.isDefined(this.extensions.subAltNames)) {
if (angular.equals(this.extensions.subAltNames.names[0].value, this.commonName)) {
this.extensions.subAltNames.names.shift();
}
}
},
attachSubAltName: function () { attachSubAltName: function () {
if (this.extensions === undefined) { if (this.extensions === undefined) {
this.extensions = {}; this.extensions = {};

25
lemur/static/app/angular/certificates/view/view.js vendored
View File

@ -17,7 +17,7 @@ angular.module('lemur')
}); });
}) })
.controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) { .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, $location, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) {
$scope.filter = $stateParams; $scope.filter = $stateParams;
$scope.certificateTable = new ngTableParams({ $scope.certificateTable = new ngTableParams({
page: 1, // show first page page: 1, // show first page
@ -29,11 +29,24 @@ angular.module('lemur')
}, { }, {
total: 0, // length of data total: 0, // length of data
getData: function ($defer, params) { getData: function ($defer, params) {
CertificateApi.getList(params.url()) $scope.path = $location.path();
.then(function (data) { // Handle Permalink clicks through a separate API
params.total(data.total); // Clicking on Permalink adds the certificate name to the URL after "certificates/", which is used to identify the click
$defer.resolve(data); if ($scope.path.indexOf('certificates/') > -1 && $scope.path.split('/')[2].length > 0) {
}); $scope.certificateName = $scope.path.split('/')[2];
CertificateApi.one('name').one($scope.certificateName).getList()
.then(function (data) {
params.total(data.total);
$defer.resolve(data);
});
}
else {
CertificateApi.getList(params.url())
.then(function (data) {
params.total(data.total);
$defer.resolve(data);
});
}
} }
}); });

2
package.json
View File

@ -9,7 +9,6 @@
"bower": "^1.8.2", "bower": "^1.8.2",
"browser-sync": "^2.3.1", "browser-sync": "^2.3.1",
"del": "^2.2.2", "del": "^2.2.2",
"gulp": "^3.8.11",
"gulp-autoprefixer": "^3.1.1", "gulp-autoprefixer": "^3.1.1",
"gulp-cache": "^0.4.5", "gulp-cache": "^0.4.5",
"gulp-concat": "^2.4.1", "gulp-concat": "^2.4.1",
@ -60,6 +59,7 @@
"test": "gulp test" "test": "gulp test"
}, },
"devDependencies": { "devDependencies": {
"gulp": "^3.9.1",
"jshint": "^2.8.0", "jshint": "^2.8.0",
"karma-chrome-launcher": "^2.0.0" "karma-chrome-launcher": "^2.0.0"
} }

16
requirements-docs.txt
View File

@ -10,15 +10,15 @@ alembic-autogenerate-enums==0.0.2
alembic==1.0.10 alembic==1.0.10
amqp==2.5.0 amqp==2.5.0
aniso8601==6.0.0 aniso8601==6.0.0
arrow==0.13.2 arrow==0.14.2
asn1crypto==0.24.0 asn1crypto==0.24.0
asyncpool==1.0 asyncpool==1.0
babel==2.7.0 # via sphinx babel==2.7.0 # via sphinx
bcrypt==3.1.6 bcrypt==3.1.6
billiard==3.6.0.0 billiard==3.6.0.0
blinker==1.4 blinker==1.4
boto3==1.9.158 boto3==1.9.160
botocore==1.12.158 botocore==1.12.160
celery[redis]==4.3.0 celery[redis]==4.3.0
certifi==2019.3.9 certifi==2019.3.9
certsrv==2.1.1 certsrv==2.1.1
@ -26,7 +26,7 @@ cffi==1.12.3
chardet==3.0.4 chardet==3.0.4
click==7.0 click==7.0
cloudflare==2.3.0 cloudflare==2.3.0
cryptography==2.6.1 cryptography==2.7
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 dnspython==1.15.0
docutils==0.14 docutils==0.14
@ -36,7 +36,7 @@ flask-cors==3.0.7
flask-mail==0.9.1 flask-mail==0.9.1
flask-migrate==2.5.2 flask-migrate==2.5.2
flask-principal==0.4.0 flask-principal==0.4.0
flask-replicated==1.2 flask-replicated==1.3
flask-restful==0.3.7 flask-restful==0.3.7
flask-script==2.0.6 flask-script==2.0.6
flask-sqlalchemy==2.4.0 flask-sqlalchemy==2.4.0
@ -53,10 +53,10 @@ jinja2==2.10.1
jmespath==0.9.4 jmespath==0.9.4
josepy==1.1.0 josepy==1.1.0
jsonlines==1.2.0 jsonlines==1.2.0
kombu==4.6.0 kombu==4.5.0
lockfile==0.12.2 lockfile==0.12.2
logmatic-python==0.1.7 logmatic-python==0.1.7
mako==1.0.10 mako==1.0.11
markupsafe==1.1.1 markupsafe==1.1.1
marshmallow-sqlalchemy==0.16.3 marshmallow-sqlalchemy==0.16.3
marshmallow==2.19.2 marshmallow==2.19.2
@ -91,7 +91,7 @@ s3transfer==0.2.0
six==1.12.0 six==1.12.0
snowballstemmer==1.2.1 # via sphinx snowballstemmer==1.2.1 # via sphinx
sphinx-rtd-theme==0.4.3 sphinx-rtd-theme==0.4.3
sphinx==2.0.1 sphinx==2.1.0
sphinxcontrib-applehelp==1.0.1 # via sphinx sphinxcontrib-applehelp==1.0.1 # via sphinx
sphinxcontrib-devhelp==1.0.1 # via sphinx sphinxcontrib-devhelp==1.0.1 # via sphinx
sphinxcontrib-htmlhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.2 # via sphinx

20
requirements-tests.txt
View File

@ -12,16 +12,16 @@ aws-sam-translator==1.11.0 # via cfn-lint
aws-xray-sdk==2.4.2 # via moto aws-xray-sdk==2.4.2 # via moto
bandit==1.6.0 bandit==1.6.0
black==19.3b0 black==19.3b0
boto3==1.9.158 # via aws-sam-translator, moto boto3==1.9.160 # via aws-sam-translator, moto
boto==2.49.0 # via moto boto==2.49.0 # via moto
botocore==1.12.158 # via aws-xray-sdk, boto3, moto, s3transfer botocore==1.12.160 # via aws-xray-sdk, boto3, moto, s3transfer
certifi==2019.3.9 # via requests certifi==2019.3.9 # via requests
cffi==1.12.3 # via cryptography cffi==1.12.3 # via cryptography
cfn-lint==0.21.3 # via moto cfn-lint==0.21.4 # via moto
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==7.0 # via black, flask click==7.0 # via black, flask
coverage==4.5.3 coverage==4.5.3
cryptography==2.6.1 # via moto cryptography==2.7 # via moto
docker==4.0.1 # via moto docker==4.0.1 # via moto
docutils==0.14 # via botocore docutils==0.14 # via botocore
ecdsa==0.13.2 # via python-jose ecdsa==0.13.2 # via python-jose
@ -33,7 +33,7 @@ future==0.17.1 # via aws-xray-sdk, python-jose
gitdb2==2.0.5 # via gitpython gitdb2==2.0.5 # via gitpython
gitpython==2.1.11 # via bandit gitpython==2.1.11 # via bandit
idna==2.8 # via moto, requests idna==2.8 # via moto, requests
importlib-metadata==0.17 # via pluggy importlib-metadata==0.17 # via pluggy, pytest
itsdangerous==1.1.0 # via flask itsdangerous==1.1.0 # via flask
jinja2==2.10.1 # via flask, moto jinja2==2.10.1 # via flask, moto
jmespath==0.9.4 # via boto3, botocore jmespath==0.9.4 # via boto3, botocore
@ -47,30 +47,32 @@ mock==3.0.5 # via moto
more-itertools==7.0.0 # via pytest more-itertools==7.0.0 # via pytest
moto==1.3.8 moto==1.3.8
nose==1.3.7 nose==1.3.7
packaging==19.0 # via pytest
pbr==5.2.1 # via stevedore pbr==5.2.1 # via stevedore
pluggy==0.12.0 # via pytest pluggy==0.12.0 # via pytest
py==1.8.0 # via pytest py==1.8.0 # via pytest
pyasn1==0.4.5 # via rsa pyasn1==0.4.5 # via rsa
pycparser==2.19 # via cffi pycparser==2.19 # via cffi
pyflakes==2.1.1 pyflakes==2.1.1
pyparsing==2.4.0 # via packaging
pytest-flask==0.15.0 pytest-flask==0.15.0
pytest-mock==1.10.4 pytest-mock==1.10.4
pytest==4.5.0 pytest==4.6.2
python-dateutil==2.8.0 # via botocore, faker, freezegun, moto python-dateutil==2.8.0 # via botocore, faker, freezegun, moto
python-jose==3.0.1 # via moto python-jose==3.0.1 # via moto
pytz==2019.1 # via moto pytz==2019.1 # via moto
pyyaml==5.1 pyyaml==5.1
requests-mock==1.6.0 requests-mock==1.6.0
requests==2.21.0 # via cfn-lint, docker, moto, requests-mock, responses requests==2.22.0 # via cfn-lint, docker, moto, requests-mock, responses
responses==0.10.6 # via moto responses==0.10.6 # via moto
rsa==4.0 # via python-jose rsa==4.0 # via python-jose
s3transfer==0.2.0 # via boto3 s3transfer==0.2.0 # via boto3
six==1.12.0 # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client six==1.12.0 # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, faker, freezegun, mock, moto, packaging, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
smmap2==2.0.5 # via gitdb2 smmap2==2.0.5 # via gitdb2
stevedore==1.30.1 # via bandit stevedore==1.30.1 # via bandit
text-unidecode==1.2 # via faker text-unidecode==1.2 # via faker
toml==0.10.0 # via black toml==0.10.0 # via black
urllib3==1.24.3 # via botocore, requests urllib3==1.25.3 # via botocore, requests
wcwidth==0.1.7 # via pytest wcwidth==0.1.7 # via pytest
websocket-client==0.56.0 # via docker websocket-client==0.56.0 # via docker
werkzeug==0.15.4 # via flask, moto, pytest-flask werkzeug==0.15.4 # via flask, moto, pytest-flask

2
requirements.in
View File

@ -28,7 +28,7 @@ gunicorn
hvac # required for the vault destination plugin hvac # required for the vault destination plugin
inflection inflection
jinja2 jinja2
kombu kombu<4.6.0 # Bug with inspecting active tasks: https://github.com/celery/kombu/issues/1051
lockfile lockfile
logmatic-python logmatic-python
marshmallow-sqlalchemy marshmallow-sqlalchemy

14
requirements.txt
View File

@ -9,14 +9,14 @@ alembic-autogenerate-enums==0.0.2
alembic==1.0.10 # via flask-migrate alembic==1.0.10 # via flask-migrate
amqp==2.5.0 # via kombu amqp==2.5.0 # via kombu
aniso8601==6.0.0 # via flask-restful aniso8601==6.0.0 # via flask-restful
arrow==0.13.2 arrow==0.14.2
asn1crypto==0.24.0 # via cryptography asn1crypto==0.24.0 # via cryptography
asyncpool==1.0 asyncpool==1.0
bcrypt==3.1.6 # via flask-bcrypt, paramiko bcrypt==3.1.6 # via flask-bcrypt, paramiko
billiard==3.6.0.0 # via celery billiard==3.6.0.0 # via celery
blinker==1.4 # via flask-mail, flask-principal, raven blinker==1.4 # via flask-mail, flask-principal, raven
boto3==1.9.158 boto3==1.9.160
botocore==1.12.158 botocore==1.12.160
celery[redis]==4.3.0 celery[redis]==4.3.0
certifi==2019.3.9 certifi==2019.3.9
certsrv==2.1.1 certsrv==2.1.1
@ -24,7 +24,7 @@ cffi==1.12.3 # via bcrypt, cryptography, pynacl
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==7.0 # via flask click==7.0 # via flask
cloudflare==2.3.0 cloudflare==2.3.0
cryptography==2.6.1 cryptography==2.7
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 # via dnspython3 dnspython==1.15.0 # via dnspython3
docutils==0.14 # via botocore docutils==0.14 # via botocore
@ -34,7 +34,7 @@ flask-cors==3.0.7
flask-mail==0.9.1 flask-mail==0.9.1
flask-migrate==2.5.2 flask-migrate==2.5.2
flask-principal==0.4.0 flask-principal==0.4.0
flask-replicated==1.2 flask-replicated==1.3
flask-restful==0.3.7 flask-restful==0.3.7
flask-script==2.0.6 flask-script==2.0.6
flask-sqlalchemy==2.4.0 flask-sqlalchemy==2.4.0
@ -50,10 +50,10 @@ jinja2==2.10.1
jmespath==0.9.4 # via boto3, botocore jmespath==0.9.4 # via boto3, botocore
josepy==1.1.0 # via acme josepy==1.1.0 # via acme
jsonlines==1.2.0 # via cloudflare jsonlines==1.2.0 # via cloudflare
kombu==4.6.0 kombu==4.5.0
lockfile==0.12.2 lockfile==0.12.2
logmatic-python==0.1.7 logmatic-python==0.1.7
mako==1.0.10 # via alembic mako==1.0.11 # via alembic
markupsafe==1.1.1 # via jinja2, mako markupsafe==1.1.1 # via jinja2, mako
marshmallow-sqlalchemy==0.16.3 marshmallow-sqlalchemy==0.16.3
marshmallow==2.19.2 marshmallow==2.19.2