making the revocation to be scoped based on the authority plugin name

2020-05-22 17:29:30 -07:00 · 2020-05-22 17:29:30 -07:00 · 49c4a9c3b2
parent c669cd23f0
commit 49c4a9c3b2
2 changed files with 10 additions and 7 deletions
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@ -468,7 +468,7 @@ def check_revoked():
    as `unknown`.
    """

-    certs = get_all_valid_certs(current_app.config.get("CHECK_REVOCATION_AUTHORITY_IDS", []))
+    certs = get_all_valid_certs(current_app.config.get("SUPPORTED_REVOCATION_AUTHORITY_PLUGINS", []))
    for cert in certs:
        try:
            if cert.chain:
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -102,17 +102,20 @@ def get_all_certs():
    return Certificate.query.all()


-def get_all_valid_certs(authority_ids):
+def get_all_valid_certs(authority_plugin_name):
    """
-    Retrieves all valid (not expired) certificates within Lemur, for the given authority_ids
-    ignored if no authority_ids provided.
+    Retrieves all valid (not expired) certificates within Lemur, for the given authority plugin names
+    ignored if no authority_plugin_name provided.
+
+    Note that depending on the DB size retrieving all certificates might an expensive operation

    :return:
    """
-    if authority_ids:
+    if authority_plugin_name:
        return (
-            Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD"))
-            .filter(Certificate.authority_id.in_(authority_ids)).all()
+            Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter(
+                Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
+                Authority.plugin_name.in_(authority_plugin_name)).all()
        )
    else:
        return (