From f836c6fff6cdea1911b9d9771aae38ecade96870 Mon Sep 17 00:00:00 2001 From: Kush Bavishi Date: Mon, 17 Jun 2019 10:41:11 -0700 Subject: [PATCH 1/8] API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago. --- lemur/certificates/service.py | 12 +++++++----- lemur/certificates/views.py | 1 + 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 544c03d8..d9370232 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -329,12 +329,14 @@ def render(args): """ query = database.session_query(Certificate) - time_range = args.pop("time_range") - if not time_range: - six_month_old = arrow.now()\ - .shift(months=current_app.config.get("HIDE_EXPIRED_CERTS_AFTER_MONTHS", -6))\ + show_expired = args.pop("showExpired") + if show_expired != 1: + one_month_old = arrow.now()\ + .shift(months=current_app.config.get("HIDE_EXPIRED_CERTS_AFTER_MONTHS", -1))\ .format("YYYY-MM-DD") - query = query.filter(Certificate.not_after > six_month_old) + query = query.filter(Certificate.not_after > one_month_old) + + time_range = args.pop("time_range") destination_id = args.pop("destination_id") notification_id = args.pop("notification_id", None) diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 61a74a59..1a003e78 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -347,6 +347,7 @@ class CertificatesList(AuthenticatedResource): ) parser.add_argument("creator", type=str, location="args") parser.add_argument("show", type=str, location="args") + parser.add_argument("showExpired", type=int, location="args") args = parser.parse_args() args["user"] = g.user From 56917614a20a0a295d88c8a3fee03566fe9188c7 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 19 Jun 2019 09:46:44 -0400 Subject: [PATCH 2/8] fixing regex to be more flexable --- lemur/plugins/lemur_vault_dest/plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_vault_dest/plugin.py b/lemur/plugins/lemur_vault_dest/plugin.py index 803b0a0c..21c6784e 100644 --- a/lemur/plugins/lemur_vault_dest/plugin.py +++ b/lemur/plugins/lemur_vault_dest/plugin.py @@ -69,14 +69,14 @@ class VaultSourcePlugin(SourcePlugin): 'name': 'vaultPath', 'type': 'str', 'required': True, - 'validation': '^([a-zA-Z0-9_-]+/?)+$', + 'validation': '^([a-zA-Z0-9._-]+/?)+$', 'helpMessage': 'Must be a valid Vault secrets path' }, { 'name': 'objectName', 'type': 'str', 'required': True, - 'validation': '[0-9a-zA-Z:_-]+', + 'validation': '[0-9a-zA-Z.:_-]+', 'helpMessage': 'Object Name to search' }, ] From bbf50cf0b05033f2e72c17413d6c7635697f5c73 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Thu, 20 Jun 2019 08:26:32 -0400 Subject: [PATCH 3/8] updated dest as well as src --- lemur/plugins/lemur_vault_dest/plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_vault_dest/plugin.py b/lemur/plugins/lemur_vault_dest/plugin.py index c7db9b58..b6d1ed75 100644 --- a/lemur/plugins/lemur_vault_dest/plugin.py +++ b/lemur/plugins/lemur_vault_dest/plugin.py @@ -177,14 +177,14 @@ class VaultDestinationPlugin(DestinationPlugin): "name": "vaultPath", "type": "str", "required": True, - "validation": "^([a-zA-Z0-9_-]+/?)+$", + "validation": "^([a-zA-Z0-9._-]+/?)+$", "helpMessage": "Must be a valid Vault secrets path", }, { "name": "objectName", "type": "str", "required": False, - "validation": "[0-9a-zA-Z:_-]+", + "validation": "[0-9a-zA-Z.:_-]+", "helpMessage": "Name to bundle certs under, if blank use cn", }, { From 68815b8f44a6d787efee2f9e31e849c88edbe65c Mon Sep 17 00:00:00 2001 From: Kush Bavishi Date: Thu, 20 Jun 2019 15:04:40 -0700 Subject: [PATCH 4/8] UI changes - Button to show / hide expired certs. --- .../app/angular/certificates/view/view.js | 31 +++++++++++++++++++ .../angular/certificates/view/view.tpl.html | 5 +++ 2 files changed, 36 insertions(+) diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js index 6712e62a..1d68d9f2 100644 --- a/lemur/static/app/angular/certificates/view/view.js +++ b/lemur/static/app/angular/certificates/view/view.js @@ -19,6 +19,9 @@ angular.module('lemur') .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, $location, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) { $scope.filter = $stateParams; + $scope.expiredText = ["Show Expired", "Hide Expired"]; + $scope.expiredValue = 0; + $scope.expiredButton = $scope.expiredText[$scope.expiredValue]; $scope.certificateTable = new ngTableParams({ page: 1, // show first page count: 10, // count per page @@ -50,6 +53,34 @@ angular.module('lemur') } }); + $scope.showExpired = function () { + if ($scope.expiredValue === 0) { + $scope.expiredValue = 1; + } + else { + $scope.expiredValue = 0; + } + $scope.expiredButton = $scope.expiredText[$scope.expiredValue]; + $scope.certificateTable = new ngTableParams({ + page: 1, // show first page + count: 10, // count per page + sorting: { + id: 'desc' // initial sorting + }, + filter: $scope.filter + }, { + getData: function ($defer, params) { + $scope.temp = angular.copy(params.url()); + $scope.temp.showExpired = $scope.expiredValue; + CertificateApi.getList($scope.temp) + .then(function (data) { + params.total(data.total); + $defer.resolve(data); + }); + } + }) + }; + $scope.momentService = MomentService; $scope.remove = function (certificate) { diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html index 28b4e08e..ff086a88 100644 --- a/lemur/static/app/angular/certificates/view/view.tpl.html +++ b/lemur/static/app/angular/certificates/view/view.tpl.html @@ -17,6 +17,11 @@ btn-checkbox-true="1" btn-checkbox-false="0">Filter +
+ +
From de0462e54fbf3d492387b05c01977b26aebef975 Mon Sep 17 00:00:00 2001 From: Kush Bavishi Date: Thu, 20 Jun 2019 15:41:32 -0700 Subject: [PATCH 5/8] Added missing semi-colon and changed double quotes to single quotes --- lemur/static/app/angular/certificates/view/view.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/static/app/angular/certificates/view/view.js b/lemur/static/app/angular/certificates/view/view.js index 1d68d9f2..065c778a 100644 --- a/lemur/static/app/angular/certificates/view/view.js +++ b/lemur/static/app/angular/certificates/view/view.js @@ -19,7 +19,7 @@ angular.module('lemur') .controller('CertificatesViewController', function ($q, $scope, $uibModal, $stateParams, $location, CertificateApi, CertificateService, MomentService, ngTableParams, toaster) { $scope.filter = $stateParams; - $scope.expiredText = ["Show Expired", "Hide Expired"]; + $scope.expiredText = ['Show Expired', 'Hide Expired']; $scope.expiredValue = 0; $scope.expiredButton = $scope.expiredText[$scope.expiredValue]; $scope.certificateTable = new ngTableParams({ @@ -78,7 +78,7 @@ angular.module('lemur') $defer.resolve(data); }); } - }) + }); }; $scope.momentService = MomentService; From 34cdd29a5011a84f432fd090670d1c017f536b0d Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Thu, 20 Jun 2019 16:06:26 -0700 Subject: [PATCH 6/8] removing the rotation enabled requirement, to keep the endpoint generic --- lemur/certificates/service.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 544c03d8..3bb46cdc 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -445,7 +445,7 @@ def query_name(certificate_name, args): def query_common_name(common_name, args): """ - Helper function that queries for not expired certificates by common name and owner which have auto-rotate enabled + Helper function that queries for not expired certificates by common name (and owner) :param common_name: :param args: @@ -462,7 +462,6 @@ def query_common_name(common_name, args): Certificate.query.filter(Certificate.cn.ilike(common_name)) .filter(Certificate.owner.ilike(owner)) .filter(Certificate.not_after >= current_time.format("YYYY-MM-DD")) - .filter(Certificate.rotation.is_(True)) .all() ) From 960064d5c6034910e9046c52d55a64f1444b3e4a Mon Sep 17 00:00:00 2001 From: Kush Bavishi Date: Fri, 21 Jun 2019 11:32:16 -0700 Subject: [PATCH 7/8] Color change for Show Expired button --- lemur/static/app/angular/certificates/view/view.tpl.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html index ff086a88..fbed4ca5 100644 --- a/lemur/static/app/angular/certificates/view/view.tpl.html +++ b/lemur/static/app/angular/certificates/view/view.tpl.html @@ -18,7 +18,7 @@ btn-checkbox-false="0">Filter
-
From 4565bd7dc699d2b9982febe580e04d88ae18030c Mon Sep 17 00:00:00 2001 From: Danny Thomas Date: Fri, 21 Jun 2019 13:33:55 -0700 Subject: [PATCH 8/8] Update SAN text --- .../app/angular/certificates/certificate/tracking.tpl.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html index 573510cd..19d8f37f 100644 --- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html @@ -30,7 +30,7 @@