Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes (#476) 

* Ensures that Vault can accept bytes and strings.

* Make restricted domains optional.

* Fixing notify flag.
This commit is contained in:
kevgliss 2016-11-04 09:16:41 -07:00 committed by GitHub
parent 2b79474060
commit 4afedaf537
4 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lemur/certificates/service.py
View File

@ -102,20 +102,20 @@ def export(cert, export_plugin):
return plugin.export(cert.body, cert.chain, cert.private_key, export_plugin['pluginOptions']) return plugin.export(cert.body, cert.chain, cert.private_key, export_plugin['pluginOptions'])
def update(cert_id, owner, description, active, destinations, notifications, replaces, roles): def update(cert_id, owner, description, notify, destinations, notifications, replaces, roles):
""" """
Updates a certificate Updates a certificate
:param cert_id: :param cert_id:
:param owner: :param owner:
:param description: :param description:
:param active: :param notify:
:param destinations: :param destinations:
:param notifications: :param notifications:
:param replaces: :param replaces:
:return: :return:
""" """
cert = get(cert_id) cert = get(cert_id)
cert.active = active cert.notify = notify
cert.description = description cert.description = description
cert.destinations = destinations cert.destinations = destinations
cert.notifications = notifications cert.notifications = notifications

2
lemur/certificates/views.py
View File

@ -593,7 +593,7 @@ class Certificates(AuthenticatedResource):
certificate_id, certificate_id,
data['owner'], data['owner'],
data['description'], data['description'],
data['active'], data['notify'],
data['destinations'], data['destinations'],
data['notifications'], data['notifications'],
data['replacements'], data['replacements'],

3
lemur/common/validators.py
View File

@ -46,7 +46,8 @@ def sensitive_domain(domain):
:param domain: :param domain:
:return: :return:
""" """
restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS'] restricted_domains = current_app.config.get('LEMUR_RESTRICTED_DOMAINS', [])
if restricted_domains:
domains = domain_service.get_by_name(domain) domains = domain_service.get_by_name(domain)
for domain in domains: for domain in domains:
# we only care about non-admins # we only care about non-admins

15
lemur/utils.py
View File

@ -7,6 +7,7 @@
""" """
import os import os
import sys import sys
import six
from flask import current_app from flask import current_app
from cryptography.fernet import Fernet, MultiFernet from cryptography.fernet import Fernet, MultiFernet
import sqlalchemy.types as types import sqlalchemy.types as types
@ -96,11 +97,15 @@ class Vault(types.TypeDecorator):
if not value: if not value:
return return
# we only support strings and they should be of type bytes for Fernet if sys.version_info[0] <= 2:
if sys.version_info[0] >= 3:
return MultiFernet(self.keys).encrypt(value)
return MultiFernet(self.keys).encrypt(bytes(value)) return MultiFernet(self.keys).encrypt(bytes(value))
# ensure bytes for fernet
if isinstance(value, six.string_types):
value = value.encode('utf-8')
return MultiFernet(self.keys).encrypt(value)
def process_result_value(self, value, dialect): def process_result_value(self, value, dialect):
""" """
Decrypt values on the way out of the database. Decrypt values on the way out of the database.
@ -117,6 +122,6 @@ class Vault(types.TypeDecorator):
if not value: if not value:
return return
if sys.version_info[0] >= 3: if sys.version_info[0] <= 2:
return str(MultiFernet(self.keys).decrypt(value), 'utf8')
return MultiFernet(self.keys).decrypt(value) return MultiFernet(self.keys).decrypt(value)
return MultiFernet(self.keys).decrypt(value).decode('utf8')