Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02

2020-04-05 21:47:24 -07:00 · 2020-04-05 21:47:24 -07:00 · 46e0d1953b
parent f82ec24dfa 9ddfd9f3b1
commit 46e0d1953b
4 changed files with 21 additions and 8 deletions
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@ -332,7 +332,7 @@ def clean_all_sources():
    metrics.send(f"{function}.success", 'counter', 1)


-@celery.task(soft_time_limit=600)
+@celery.task(soft_time_limit=3600)
 def clean_source(source):
    """
    This celery task will clean the specified source. This is a destructive operation that will delete unused
--- a/lemur/plugins/lemur_aws/iam.py
+++ b/lemur/plugins/lemur_aws/iam.py
@ -24,6 +24,12 @@ def retry_throttled(exception):
        if exception.response["Error"]["Code"] == "NoSuchEntity":
            return False

+        # No need to retry deletion requests if there is a DeleteConflict error.
+        # This error indicates that the certificate is still attached to an entity
+        # and cannot be deleted.
+        if exception.response["Error"]["Code"] == "DeleteConflict":
+            return False
+
    metrics.send("iam_retry", "counter", 1, metric_tags={"exception": str(exception)})
    return True

--- a/lemur/sources/cli.py
+++ b/lemur/sources/cli.py
@ -58,6 +58,13 @@ def execute_clean(plugin, certificate, source):
    try:
        plugin.clean(certificate, source.options)
        certificate.sources.remove(source)
+
+        # If we want to remove the source from the certificate, we also need to clear any equivalent destinations to
+        # prevent Lemur from re-uploading the certificate.
+        for destination in certificate.destinations:
+            if destination.label == source.label:
+                certificate.destinations.remove(destination)
+
        certificate_service.database.update(certificate)
        return SUCCESS_METRIC_STATUS
    except Exception as e:
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -5,28 +5,28 @@
 #    pip-compile --no-index --output-file=requirements-dev.txt requirements-dev.in
 #
 aspy.yaml==1.3.0          # via pre-commit
-bleach==3.1.1             # via readme-renderer
+bleach==3.1.4             # via readme-renderer
 certifi==2019.11.28       # via requests
 cffi==1.14.0              # via cryptography
 cfgv==2.0.1               # via pre-commit
 chardet==3.0.4            # via requests
 cryptography==2.8         # via secretstorage
 docutils==0.15.2          # via readme-renderer
-flake8==3.5.0
+flake8==3.5.0             # via -r requirements-dev.in
 identify==1.4.9           # via pre-commit
 idna==2.8                 # via requests
-invoke==1.3.0
+invoke==1.3.0             # via -r requirements-dev.in
 jeepney==0.4.2            # via secretstorage
 keyring==21.0.0           # via twine
 mccabe==0.6.1             # via flake8
-nodeenv==1.3.3
+nodeenv==1.3.3            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
-pre-commit==1.21.0
+pre-commit==1.21.0        # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8
 pycparser==2.19           # via cffi
 pyflakes==1.6.0           # via flake8
 pygments==2.5.2           # via readme-renderer
-pyyaml==5.2
+pyyaml==5.2               # via -r requirements-dev.in, aspy.yaml, pre-commit
 readme-renderer==24.0     # via twine
 requests-toolbelt==0.9.1  # via twine
 requests==2.22.0          # via requests-toolbelt, twine
@ -34,7 +34,7 @@ secretstorage==3.1.2      # via keyring
 six==1.13.0               # via bleach, cfgv, cryptography, pre-commit, readme-renderer
 toml==0.10.0              # via pre-commit
 tqdm==4.41.1              # via twine
-twine==3.1.1
+twine==3.1.1              # via -r requirements-dev.in
 urllib3==1.25.7           # via requests
 virtualenv==16.7.9        # via pre-commit
 webencodings==0.5.1       # via bleach