diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py index 250a4558..89d51034 100644 --- a/lemur/certificates/schemas.py +++ b/lemur/certificates/schemas.py @@ -25,12 +25,12 @@ from lemur.schemas import ( AssociatedDestinationSchema, AssociatedCertificateSchema, AssociatedNotificationSchema, + AssociatedDnsProviderSchema, PluginInputSchema, ExtensionSchema, AssociatedRoleSchema, EndpointNestedOutputSchema, AssociatedRotationPolicySchema, - DnsProviderSchema ) from lemur.users.schemas import UserNestedOutputSchema @@ -69,8 +69,7 @@ class CertificateInputSchema(CertificateCreationSchema): replaces = fields.Nested(AssociatedCertificateSchema, missing=[], many=True) replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True) # deprecated roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True) - dns_provider = fields.Nested(DnsProviderSchema, missing={}, required=False, allow_none=True) - dns_provider_id = fields.Integer(required=False, allow_none=True) + dns_provider = fields.Nested(AssociatedDnsProviderSchema, required=False) csr = fields.String(validate=validators.csr) diff --git a/lemur/migrations/versions/3adfdd6598df_.py b/lemur/migrations/versions/3adfdd6598df_.py index 25f53442..1f290153 100644 --- a/lemur/migrations/versions/3adfdd6598df_.py +++ b/lemur/migrations/versions/3adfdd6598df_.py @@ -71,8 +71,12 @@ def upgrade(): existing_type=sa.INTEGER(), nullable=True) + print("Creating dns_providers_id foreign key on pending_certs table") + op.create_foreign_key(None, 'pending_certs', 'dns_providers', ['dns_provider_id'], ['id'], ondelete='CASCADE') def downgrade(): + print("Removing dns_providers_id foreign key on pending_certs table") + op.drop_constraint(None, 'pending_certs', type_='foreignkey') print("Reverting column types in the api_keys table") op.alter_column('api_keys', 'user_id', existing_type=sa.INTEGER(), diff --git a/lemur/pending_certificates/models.py b/lemur/pending_certificates/models.py index cc9f7b54..4f02d84b 100644 --- a/lemur/pending_certificates/models.py +++ b/lemur/pending_certificates/models.py @@ -38,7 +38,7 @@ class PendingCertificate(db.Model): private_key = Column(Vault, nullable=True) date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False) - dns_provider_id = Column(Integer(), nullable=True) + dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE")) status = Column(String(128)) @@ -97,6 +97,6 @@ class PendingCertificate(db.Model): self.rotation = kwargs.get('rotation') self.rotation_policy = kwargs.get('rotation_policy') try: - self.dns_provider_id = kwargs.get('dns_provider')["id"] - except (AttributeError, KeyError, TypeError): - self.dns_provider_id = kwargs.get('dns_provider_id') + self.dns_provider_id = kwargs.get('dns_provider').id + except (AttributeError, KeyError, TypeError, Exception): + pass diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py index 4b93544d..47042308 100644 --- a/lemur/plugins/lemur_acme/plugin.py +++ b/lemur/plugins/lemur_acme/plugin.py @@ -260,11 +260,12 @@ class ACMEIssuerPlugin(IssuerPlugin): pending = [] certs = [] for pending_cert in pending_certs: - acme_client, registration = setup_acme_client(pending_cert.authority) - order_info = authorization_service.get(pending_cert.external_id) - dns_provider = dns_provider_service.get(pending_cert.dns_provider_id) - dns_provider_type = self.get_dns_provider(dns_provider.provider_type) try: + acme_client, registration = setup_acme_client(pending_cert.authority) + order_info = authorization_service.get(pending_cert.external_id) + dns_provider = dns_provider_service.get(pending_cert.dns_provider_id) + dns_provider_type = self.get_dns_provider(dns_provider.provider_type) + authorizations = get_authorizations( acme_client, order_info.account_number, order_info.domains, dns_provider_type) pending.append({ @@ -323,14 +324,9 @@ class ACMEIssuerPlugin(IssuerPlugin): authority = issuer_options.get('authority') create_immediately = issuer_options.get('create_immediately', False) acme_client, registration = setup_acme_client(authority) - dns_provider_d = issuer_options.get('dns_provider') - if not dns_provider_d: - try: - dns_provider = dns_provider_service.get(issuer_options['dns_provider_id']) - except KeyError: - raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.") - else: - dns_provider = dns_provider_service.get(dns_provider_d.get("id")) + dns_provider = issuer_options.get('dns_provider') + if not dns_provider: + raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.") credentials = json.loads(dns_provider.credentials) current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type)) diff --git a/lemur/schemas.py b/lemur/schemas.py index 24cdc1c8..7f9e89cf 100644 --- a/lemur/schemas.py +++ b/lemur/schemas.py @@ -21,6 +21,7 @@ from lemur.plugins.utils import get_plugin_option from lemur.roles.models import Role from lemur.users.models import User from lemur.authorities.models import Authority +from lemur.dns_providers.models import DnsProviders from lemur.policies.models import RotationPolicy from lemur.certificates.models import Certificate from lemur.destinations.models import Destination @@ -105,6 +106,15 @@ class AssociatedAuthoritySchema(LemurInputSchema): return fetch_objects(Authority, data, many=many) +class AssociatedDnsProviderSchema(LemurInputSchema): + id = fields.Int() + name = fields.String() + + @post_load + def get_object(self, data, many=False): + return fetch_objects(DnsProviders, data, many=many) + + class AssociatedRoleSchema(LemurInputSchema): id = fields.Int() name = fields.String() @@ -159,11 +169,6 @@ class AssociatedRotationPolicySchema(LemurInputSchema): return fetch_objects(RotationPolicy, data, many=many) -class DnsProviderSchema(LemurInputSchema): - id = fields.Integer() - name = fields.String() - - class PluginInputSchema(LemurInputSchema): plugin_options = fields.List(fields.Dict(), validate=validate_options) slug = fields.String(required=True)