PR feedback: add config option to enable rotation emails, add cert count and type to email

lemur/certificates/service.py

@@ -864,3 +864,13 @@ def cleanup_after_revoke(certificate):
 
     database.update(certificate)
     return error_message
+
+
+def get_issued_cert_count_for_authority(authority):
+    """
+    Returns the count of certs issued by the specified authority.
+
+    :return:
+    """
+    query = database.session_query(Certificate.id).filter(Authority.id == authority.id)
+    return database.get_count(query)

lemur/common/celery.py

@@ -656,11 +656,12 @@ def certificate_rotate(**kwargs):
 
     current_app.logger.debug(log_data)
     try:
+        notify = current_app.config.get("ENABLE_ROTATION_NOTIFICATION", None)
         if region:
             log_data["region"] = region
-            cli_certificate.rotate_region(None, None, None, None, True, region)
+            cli_certificate.rotate_region(None, None, None, notify, True, region)
         else:
-            cli_certificate.rotate(None, None, None, None, True)
+            cli_certificate.rotate(None, None, None, notify, True)
     except SoftTimeLimitExceeded:
         log_data["message"] = "Certificate rotate: Time limit exceeded."
         current_app.logger.error(log_data)

lemur/notifications/messaging.py

@@ -19,9 +19,10 @@ from sqlalchemy import and_
 from sqlalchemy.sql.expression import false, true
 
 from lemur import database
+from lemur.certificates import service as certificates_service
 from lemur.certificates.models import Certificate
 from lemur.certificates.schemas import certificate_notification_output_schema
-from lemur.common.utils import windowed_query
+from lemur.common.utils import windowed_query, is_selfsigned
 from lemur.constants import FAILURE_METRIC_STATUS, SUCCESS_METRIC_STATUS
 from lemur.extensions import metrics, sentry
 from lemur.pending_certificates.schemas import pending_certificate_output_schema
@@ -241,6 +242,8 @@ def send_authority_expiration_notifications():
                 cert_data = certificate_notification_output_schema.dump(
                     certificate
                 ).data
+                cert_data['self_signed'] = is_selfsigned(certificate.parsed_cert)
+                cert_data['issued_cert_count'] = certificates_service.get_issued_cert_count_for_authority(certificate.root_authority)
                 notification_data.append(cert_data)
 
             email_recipients = security_email + [owner]

lemur/plugins/lemur_email/templates/authority_expiration.html

@@ -91,7 +91,12 @@
                                                                     <span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:20px;color:#202020">{{ certificate.name }}</span>
                                                                     <br>
                                                                     <span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:13px;color:#727272">
-                                                                        {{ certificate.endpoints | length }} Endpoints
+                                                                       {% if certificate.self_signed %}
+                                                                           <b>Root</b>
+                                                                       {% else %}
+                                                                           Subordinate
+                                                                       {% endif %} CA
+                                                                        <br>{{ certificate.issued_cert_count }} issued certificates
                                                                         <br>{{ certificate.owner }}
                                                                         <br>{{ certificate.validityEnd | time }}
                                                                         <a href="https://{{ hostname }}/#/certificates/{{ certificate.name }}" target="_blank">Details</a>