Allow specification of dns provider name only
This commit is contained in:
parent
f4a010e505
commit
52e7ff9919
|
@ -25,12 +25,12 @@ from lemur.schemas import (
|
||||||
AssociatedDestinationSchema,
|
AssociatedDestinationSchema,
|
||||||
AssociatedCertificateSchema,
|
AssociatedCertificateSchema,
|
||||||
AssociatedNotificationSchema,
|
AssociatedNotificationSchema,
|
||||||
|
AssociatedDnsProviderSchema,
|
||||||
PluginInputSchema,
|
PluginInputSchema,
|
||||||
ExtensionSchema,
|
ExtensionSchema,
|
||||||
AssociatedRoleSchema,
|
AssociatedRoleSchema,
|
||||||
EndpointNestedOutputSchema,
|
EndpointNestedOutputSchema,
|
||||||
AssociatedRotationPolicySchema,
|
AssociatedRotationPolicySchema,
|
||||||
DnsProviderSchema
|
|
||||||
)
|
)
|
||||||
from lemur.users.schemas import UserNestedOutputSchema
|
from lemur.users.schemas import UserNestedOutputSchema
|
||||||
|
|
||||||
|
@ -69,8 +69,7 @@ class CertificateInputSchema(CertificateCreationSchema):
|
||||||
replaces = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
|
replaces = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
|
||||||
replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True) # deprecated
|
replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True) # deprecated
|
||||||
roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
|
roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
|
||||||
dns_provider = fields.Nested(DnsProviderSchema, missing={}, required=False, allow_none=True)
|
dns_provider = fields.Nested(AssociatedDnsProviderSchema, required=False)
|
||||||
dns_provider_id = fields.Integer(required=False, allow_none=True)
|
|
||||||
|
|
||||||
csr = fields.String(validate=validators.csr)
|
csr = fields.String(validate=validators.csr)
|
||||||
|
|
||||||
|
|
|
@ -71,8 +71,12 @@ def upgrade():
|
||||||
existing_type=sa.INTEGER(),
|
existing_type=sa.INTEGER(),
|
||||||
nullable=True)
|
nullable=True)
|
||||||
|
|
||||||
|
print("Creating dns_providers_id foreign key on pending_certs table")
|
||||||
|
op.create_foreign_key(None, 'pending_certs', 'dns_providers', ['dns_provider_id'], ['id'], ondelete='CASCADE')
|
||||||
|
|
||||||
def downgrade():
|
def downgrade():
|
||||||
|
print("Removing dns_providers_id foreign key on pending_certs table")
|
||||||
|
op.drop_constraint(None, 'pending_certs', type_='foreignkey')
|
||||||
print("Reverting column types in the api_keys table")
|
print("Reverting column types in the api_keys table")
|
||||||
op.alter_column('api_keys', 'user_id',
|
op.alter_column('api_keys', 'user_id',
|
||||||
existing_type=sa.INTEGER(),
|
existing_type=sa.INTEGER(),
|
||||||
|
|
|
@ -38,7 +38,7 @@ class PendingCertificate(db.Model):
|
||||||
private_key = Column(Vault, nullable=True)
|
private_key = Column(Vault, nullable=True)
|
||||||
|
|
||||||
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
|
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
|
||||||
dns_provider_id = Column(Integer(), nullable=True)
|
dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))
|
||||||
|
|
||||||
status = Column(String(128))
|
status = Column(String(128))
|
||||||
|
|
||||||
|
@ -97,6 +97,6 @@ class PendingCertificate(db.Model):
|
||||||
self.rotation = kwargs.get('rotation')
|
self.rotation = kwargs.get('rotation')
|
||||||
self.rotation_policy = kwargs.get('rotation_policy')
|
self.rotation_policy = kwargs.get('rotation_policy')
|
||||||
try:
|
try:
|
||||||
self.dns_provider_id = kwargs.get('dns_provider')["id"]
|
self.dns_provider_id = kwargs.get('dns_provider').id
|
||||||
except (AttributeError, KeyError, TypeError):
|
except (AttributeError, KeyError, TypeError, Exception):
|
||||||
self.dns_provider_id = kwargs.get('dns_provider_id')
|
pass
|
||||||
|
|
|
@ -260,11 +260,12 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
pending = []
|
pending = []
|
||||||
certs = []
|
certs = []
|
||||||
for pending_cert in pending_certs:
|
for pending_cert in pending_certs:
|
||||||
acme_client, registration = setup_acme_client(pending_cert.authority)
|
|
||||||
order_info = authorization_service.get(pending_cert.external_id)
|
|
||||||
dns_provider = dns_provider_service.get(pending_cert.dns_provider_id)
|
|
||||||
dns_provider_type = self.get_dns_provider(dns_provider.provider_type)
|
|
||||||
try:
|
try:
|
||||||
|
acme_client, registration = setup_acme_client(pending_cert.authority)
|
||||||
|
order_info = authorization_service.get(pending_cert.external_id)
|
||||||
|
dns_provider = dns_provider_service.get(pending_cert.dns_provider_id)
|
||||||
|
dns_provider_type = self.get_dns_provider(dns_provider.provider_type)
|
||||||
|
|
||||||
authorizations = get_authorizations(
|
authorizations = get_authorizations(
|
||||||
acme_client, order_info.account_number, order_info.domains, dns_provider_type)
|
acme_client, order_info.account_number, order_info.domains, dns_provider_type)
|
||||||
pending.append({
|
pending.append({
|
||||||
|
@ -323,14 +324,9 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
authority = issuer_options.get('authority')
|
authority = issuer_options.get('authority')
|
||||||
create_immediately = issuer_options.get('create_immediately', False)
|
create_immediately = issuer_options.get('create_immediately', False)
|
||||||
acme_client, registration = setup_acme_client(authority)
|
acme_client, registration = setup_acme_client(authority)
|
||||||
dns_provider_d = issuer_options.get('dns_provider')
|
dns_provider = issuer_options.get('dns_provider')
|
||||||
if not dns_provider_d:
|
if not dns_provider:
|
||||||
try:
|
raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.")
|
||||||
dns_provider = dns_provider_service.get(issuer_options['dns_provider_id'])
|
|
||||||
except KeyError:
|
|
||||||
raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.")
|
|
||||||
else:
|
|
||||||
dns_provider = dns_provider_service.get(dns_provider_d.get("id"))
|
|
||||||
credentials = json.loads(dns_provider.credentials)
|
credentials = json.loads(dns_provider.credentials)
|
||||||
|
|
||||||
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
|
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
|
||||||
|
|
|
@ -21,6 +21,7 @@ from lemur.plugins.utils import get_plugin_option
|
||||||
from lemur.roles.models import Role
|
from lemur.roles.models import Role
|
||||||
from lemur.users.models import User
|
from lemur.users.models import User
|
||||||
from lemur.authorities.models import Authority
|
from lemur.authorities.models import Authority
|
||||||
|
from lemur.dns_providers.models import DnsProviders
|
||||||
from lemur.policies.models import RotationPolicy
|
from lemur.policies.models import RotationPolicy
|
||||||
from lemur.certificates.models import Certificate
|
from lemur.certificates.models import Certificate
|
||||||
from lemur.destinations.models import Destination
|
from lemur.destinations.models import Destination
|
||||||
|
@ -105,6 +106,15 @@ class AssociatedAuthoritySchema(LemurInputSchema):
|
||||||
return fetch_objects(Authority, data, many=many)
|
return fetch_objects(Authority, data, many=many)
|
||||||
|
|
||||||
|
|
||||||
|
class AssociatedDnsProviderSchema(LemurInputSchema):
|
||||||
|
id = fields.Int()
|
||||||
|
name = fields.String()
|
||||||
|
|
||||||
|
@post_load
|
||||||
|
def get_object(self, data, many=False):
|
||||||
|
return fetch_objects(DnsProviders, data, many=many)
|
||||||
|
|
||||||
|
|
||||||
class AssociatedRoleSchema(LemurInputSchema):
|
class AssociatedRoleSchema(LemurInputSchema):
|
||||||
id = fields.Int()
|
id = fields.Int()
|
||||||
name = fields.String()
|
name = fields.String()
|
||||||
|
@ -159,11 +169,6 @@ class AssociatedRotationPolicySchema(LemurInputSchema):
|
||||||
return fetch_objects(RotationPolicy, data, many=many)
|
return fetch_objects(RotationPolicy, data, many=many)
|
||||||
|
|
||||||
|
|
||||||
class DnsProviderSchema(LemurInputSchema):
|
|
||||||
id = fields.Integer()
|
|
||||||
name = fields.String()
|
|
||||||
|
|
||||||
|
|
||||||
class PluginInputSchema(LemurInputSchema):
|
class PluginInputSchema(LemurInputSchema):
|
||||||
plugin_options = fields.List(fields.Dict(), validate=validate_options)
|
plugin_options = fields.List(fields.Dict(), validate=validate_options)
|
||||||
slug = fields.String(required=True)
|
slug = fields.String(required=True)
|
||||||
|
|
Loading…
Reference in New Issue