Merge branch 'master' into master
This commit is contained in:
commit
51bc7d0231
@ -1,6 +1,87 @@
|
||||
Changelog
|
||||
=========
|
||||
|
||||
0.8.0 - `2020-11-13`
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
This release comes after more than two years and contains many interesting new features and improvements.
|
||||
In addition to multiple new plugins, such as ACME-http01, ADCS, PowerDNS, UltraDNS, Entrust, SNS, many of Lemur's existing
|
||||
flows have improved.
|
||||
|
||||
In the future, we plan to do frequent releases.
|
||||
|
||||
|
||||
Summary of notable changes:
|
||||
|
||||
- AWS S3 plugin: added delete, get methods, and support for uploading/deleting acme tokens
|
||||
- ACME plugin:
|
||||
- revamp of the plugin
|
||||
- support for http01 domain validation, via S3 and SFTP as destination for the acme token
|
||||
- support for CNAME delegated domain validation
|
||||
- store-acme-account-details
|
||||
- PowerDNS plugin
|
||||
- UltraDNS plugin
|
||||
- ADCS plugin
|
||||
- SNS plugin
|
||||
- Entrust plugin
|
||||
- Rotation:
|
||||
- respecting keyType and extensions
|
||||
- region-by-region rotation option
|
||||
- default to auto-rotate when cert attached to endpoint
|
||||
- default to 1y validity during rotation for multi-year browser-trusted certs
|
||||
- Certificate: search_by_name, and important performance improvements
|
||||
- UI
|
||||
- reducing the EC curve options to the relevant ones
|
||||
- edit option for notifications, destinations and sources
|
||||
- showing 13 month validity as default
|
||||
- option to hide certs expired since 3month
|
||||
- faster Permalink (no search involved)
|
||||
- commonName Auto Added as DNS in the UI
|
||||
- improved search and cert lookup
|
||||
- celery tasks instead of crone, for better logging and monitoring
|
||||
- countless bugfixes
|
||||
- group-lookup-fix-referral
|
||||
- url_context_path
|
||||
- duplicate notification
|
||||
- digicert-time-bug-fix
|
||||
- improved-csr-support
|
||||
- fix-cryptography-intermediate-ca
|
||||
- enhanced logging
|
||||
- vault-k8s-auth
|
||||
- cfssl-key-fix
|
||||
- cert-sync-endpoint-find-by-hash
|
||||
- nlb-naming-bug
|
||||
- fix_vault_api_v2_append
|
||||
- aid_openid_roles_provider_integration
|
||||
- rewrite-java-keystore-use-pyjks
|
||||
- vault_kv2
|
||||
|
||||
|
||||
To see the full list of changes, you can run
|
||||
|
||||
$ git log --merges --first-parent master --pretty=format:"%h %<(10,trunc)%aN %C(white)%<(15)%ar%Creset %C(red bold)%<(15)%D%Creset %s" | grep -v "depend"
|
||||
|
||||
|
||||
Special thanks to all who contributed to this release, notably:
|
||||
|
||||
- `peschmae <https://github.com/peschmae>`_
|
||||
- `sirferl <https://github.com/sirferl>`_
|
||||
- `lukasmrtvy <https://github.com/lukasmrtvy>`_
|
||||
- `intgr <https://github.com/intgr>`_
|
||||
- `kush-bavishi <https://github.com/kush-bavishi>`_
|
||||
- `alwaysjolley <https://github.com/alwaysjolley>`_
|
||||
- `jplana <https://github.com/jplana>`_
|
||||
- `explody <https://github.com/explody>`_
|
||||
- `titouanc <https://github.com/titouanc>`_
|
||||
- `jramosf <https://github.com/jramosf>`_
|
||||
|
||||
|
||||
Upgrading
|
||||
---------
|
||||
|
||||
.. note:: This release will need a migration change. Please follow the `documentation <https://lemur.readthedocs.io/en/latest/administration.html#upgrading-lemur>`_ to upgrade Lemur.
|
||||
|
||||
|
||||
|
||||
0.7 - `2018-05-07`
|
||||
~~~~~~~~~~~~~~
|
||||
|
@ -15,7 +15,7 @@ __title__ = "lemur"
|
||||
__summary__ = "Certificate management and orchestration service"
|
||||
__uri__ = "https://github.com/Netflix/lemur"
|
||||
|
||||
__version__ = "0.7.0"
|
||||
__version__ = "0.8.0"
|
||||
|
||||
__author__ = "The Lemur developers"
|
||||
__email__ = "security@netflix.com"
|
||||
|
@ -419,7 +419,7 @@ class S3DestinationPlugin(ExportDestinationPlugin):
|
||||
:param kwargs:
|
||||
:return:
|
||||
"""
|
||||
current_app.logger.debug("S3 destination plugin is started for HTTP-01 challenge")
|
||||
current_app.logger.debug("S3 destination plugin is started to upload HTTP-01 challenge")
|
||||
|
||||
function = f"{__name__}.{sys._getframe().f_code.co_name}"
|
||||
|
||||
@ -431,16 +431,16 @@ class S3DestinationPlugin(ExportDestinationPlugin):
|
||||
if not prefix.endswith("/"):
|
||||
prefix + "/"
|
||||
|
||||
res = s3.put(bucket_name=bucket_name,
|
||||
region_name=region,
|
||||
prefix=prefix + filename,
|
||||
data=token,
|
||||
encrypt=False,
|
||||
account_number=account_number)
|
||||
res = "Success" if res else "Failure"
|
||||
response = s3.put(bucket_name=bucket_name,
|
||||
region_name=region,
|
||||
prefix=prefix + filename,
|
||||
data=token,
|
||||
encrypt=False,
|
||||
account_number=account_number)
|
||||
res = "Success" if response else "Failure"
|
||||
log_data = {
|
||||
"function": function,
|
||||
"message": "check if any valid certificate is revoked",
|
||||
"message": "upload acme token challenge",
|
||||
"result": res,
|
||||
"bucket_name": bucket_name,
|
||||
"filename": filename
|
||||
@ -449,6 +449,34 @@ class S3DestinationPlugin(ExportDestinationPlugin):
|
||||
metrics.send(f"{function}", "counter", 1, metric_tags={"result": res,
|
||||
"bucket_name": bucket_name,
|
||||
"filename": filename})
|
||||
return response
|
||||
|
||||
def delete_acme_token(self, token_path, options, **kwargs):
|
||||
|
||||
current_app.logger.debug("S3 destination plugin is started to delete HTTP-01 challenge")
|
||||
|
||||
function = f"{__name__}.{sys._getframe().f_code.co_name}"
|
||||
|
||||
account_number = self.get_option("accountNumber", options)
|
||||
bucket_name = self.get_option("bucket", options)
|
||||
prefix = self.get_option("prefix", options)
|
||||
filename = token_path.split("/")[-1]
|
||||
response = s3.delete(bucket_name=bucket_name,
|
||||
prefixed_object_name=prefix + filename,
|
||||
account_number=account_number)
|
||||
res = "Success" if response else "Failure"
|
||||
log_data = {
|
||||
"function": function,
|
||||
"message": "delete acme token challenge",
|
||||
"result": res,
|
||||
"bucket_name": bucket_name,
|
||||
"filename": filename
|
||||
}
|
||||
current_app.logger.info(log_data)
|
||||
metrics.send(f"{function}", "counter", 1, metric_tags={"result": res,
|
||||
"bucket_name": bucket_name,
|
||||
"filename": filename})
|
||||
return response
|
||||
|
||||
|
||||
class SNSNotificationPlugin(ExpirationNotificationPlugin):
|
||||
|
@ -68,10 +68,11 @@ def test_upload_acme_token(app):
|
||||
s3_client.create_bucket(Bucket=bucket)
|
||||
p = plugins.get("aws-s3")
|
||||
|
||||
p.upload_acme_token(token_path=token_path,
|
||||
token_content=token_content,
|
||||
token=token_content,
|
||||
options=additional_options)
|
||||
response = p.upload_acme_token(token_path=token_path,
|
||||
token_content=token_content,
|
||||
token=token_content,
|
||||
options=additional_options)
|
||||
assert response
|
||||
|
||||
response = get(bucket_name=bucket,
|
||||
prefixed_object_name=prefix + token_name,
|
||||
@ -80,3 +81,8 @@ def test_upload_acme_token(app):
|
||||
|
||||
# put data, and getting the same data
|
||||
assert (response == token_content)
|
||||
|
||||
response = p.delete_acme_token(token_path=token_path,
|
||||
options=additional_options,
|
||||
account_number=account)
|
||||
assert response
|
||||
|
@ -79,7 +79,6 @@ pyrfc3339==1.1 # via -r requirements.txt, acme
|
||||
python-dateutil==2.8.1 # via -r requirements.txt, alembic, arrow, botocore
|
||||
python-editor==1.0.4 # via -r requirements.txt, alembic
|
||||
python-json-logger==0.1.11 # via -r requirements.txt, logmatic-python
|
||||
python-ldap==3.3.1 # via -r requirements.txt
|
||||
pytz==2019.3 # via -r requirements.txt, acme, babel, celery, flask-restful, pyrfc3339
|
||||
pyyaml==5.3.1 # via -r requirements.txt, cloudflare
|
||||
raven[flask]==6.10.0 # via -r requirements.txt
|
||||
|
Loading…
Reference in New Issue
Block a user