PR feedback: add config option to enable rotation emails, add cert count and type to email
This commit is contained in:
parent
4c2227f23c
commit
42957cffc7
@ -286,7 +286,7 @@ Supported types:
|
||||
|
||||
* CA certificate expiration
|
||||
* Pending ACME certificate failure
|
||||
* Certificate rotation (currently disabled in code)
|
||||
* Certificate rotation
|
||||
|
||||
**Default notifications**
|
||||
|
||||
@ -352,6 +352,12 @@ Whenever a pending ACME certificate fails to be issued, Lemur will send a notifi
|
||||
and security team (as specified by the ``LEMUR_SECURITY_TEAM_EMAIL`` configuration parameter). This email is not sent if
|
||||
the pending certificate had notifications disabled.
|
||||
|
||||
**Certificate rotation**
|
||||
|
||||
Whenever a cert is rotated, Lemur will send a notification via email to the certificate owner. This notification is
|
||||
disabled by default; to enable it, you must set the option ``--notify`` (when using cron) or the configuration parameter
|
||||
``ENABLE_ROTATION_NOTIFICATION`` (when using celery).
|
||||
|
||||
**Email notifications**
|
||||
|
||||
Templates for emails are located under `lemur/plugins/lemur_email/templates` and can be modified for your needs.
|
||||
|
@ -864,3 +864,13 @@ def cleanup_after_revoke(certificate):
|
||||
|
||||
database.update(certificate)
|
||||
return error_message
|
||||
|
||||
|
||||
def get_issued_cert_count_for_authority(authority):
|
||||
"""
|
||||
Returns the count of certs issued by the specified authority.
|
||||
|
||||
:return:
|
||||
"""
|
||||
query = database.session_query(Certificate.id).filter(Authority.id == authority.id)
|
||||
return database.get_count(query)
|
||||
|
@ -656,11 +656,12 @@ def certificate_rotate(**kwargs):
|
||||
|
||||
current_app.logger.debug(log_data)
|
||||
try:
|
||||
notify = current_app.config.get("ENABLE_ROTATION_NOTIFICATION", None)
|
||||
if region:
|
||||
log_data["region"] = region
|
||||
cli_certificate.rotate_region(None, None, None, None, True, region)
|
||||
cli_certificate.rotate_region(None, None, None, notify, True, region)
|
||||
else:
|
||||
cli_certificate.rotate(None, None, None, None, True)
|
||||
cli_certificate.rotate(None, None, None, notify, True)
|
||||
except SoftTimeLimitExceeded:
|
||||
log_data["message"] = "Certificate rotate: Time limit exceeded."
|
||||
current_app.logger.error(log_data)
|
||||
|
@ -19,9 +19,10 @@ from sqlalchemy import and_
|
||||
from sqlalchemy.sql.expression import false, true
|
||||
|
||||
from lemur import database
|
||||
from lemur.certificates import service as certificates_service
|
||||
from lemur.certificates.models import Certificate
|
||||
from lemur.certificates.schemas import certificate_notification_output_schema
|
||||
from lemur.common.utils import windowed_query
|
||||
from lemur.common.utils import windowed_query, is_selfsigned
|
||||
from lemur.constants import FAILURE_METRIC_STATUS, SUCCESS_METRIC_STATUS
|
||||
from lemur.extensions import metrics, sentry
|
||||
from lemur.pending_certificates.schemas import pending_certificate_output_schema
|
||||
@ -241,6 +242,8 @@ def send_authority_expiration_notifications():
|
||||
cert_data = certificate_notification_output_schema.dump(
|
||||
certificate
|
||||
).data
|
||||
cert_data['self_signed'] = is_selfsigned(certificate.parsed_cert)
|
||||
cert_data['issued_cert_count'] = certificates_service.get_issued_cert_count_for_authority(certificate.root_authority)
|
||||
notification_data.append(cert_data)
|
||||
|
||||
email_recipients = security_email + [owner]
|
||||
|
@ -91,7 +91,12 @@
|
||||
<span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:20px;color:#202020">{{ certificate.name }}</span>
|
||||
<br>
|
||||
<span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:13px;color:#727272">
|
||||
{{ certificate.endpoints | length }} Endpoints
|
||||
{% if certificate.self_signed %}
|
||||
<b>Root</b>
|
||||
{% else %}
|
||||
Subordinate
|
||||
{% endif %} CA
|
||||
<br>{{ certificate.issued_cert_count }} issued certificates
|
||||
<br>{{ certificate.owner }}
|
||||
<br>{{ certificate.validityEnd | time }}
|
||||
<a href="https://{{ hostname }}/#/certificates/{{ certificate.name }}" target="_blank">Details</a>
|
||||
|
Loading…
Reference in New Issue
Block a user