Allow specification of dns provider name only
This commit is contained in:
parent
f4a010e505
commit
52e7ff9919
|
@ -25,12 +25,12 @@ from lemur.schemas import (
|
|||
AssociatedDestinationSchema,
|
||||
AssociatedCertificateSchema,
|
||||
AssociatedNotificationSchema,
|
||||
AssociatedDnsProviderSchema,
|
||||
PluginInputSchema,
|
||||
ExtensionSchema,
|
||||
AssociatedRoleSchema,
|
||||
EndpointNestedOutputSchema,
|
||||
AssociatedRotationPolicySchema,
|
||||
DnsProviderSchema
|
||||
)
|
||||
from lemur.users.schemas import UserNestedOutputSchema
|
||||
|
||||
|
@ -69,8 +69,7 @@ class CertificateInputSchema(CertificateCreationSchema):
|
|||
replaces = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
|
||||
replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True) # deprecated
|
||||
roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
|
||||
dns_provider = fields.Nested(DnsProviderSchema, missing={}, required=False, allow_none=True)
|
||||
dns_provider_id = fields.Integer(required=False, allow_none=True)
|
||||
dns_provider = fields.Nested(AssociatedDnsProviderSchema, required=False)
|
||||
|
||||
csr = fields.String(validate=validators.csr)
|
||||
|
||||
|
|
|
@ -71,8 +71,12 @@ def upgrade():
|
|||
existing_type=sa.INTEGER(),
|
||||
nullable=True)
|
||||
|
||||
print("Creating dns_providers_id foreign key on pending_certs table")
|
||||
op.create_foreign_key(None, 'pending_certs', 'dns_providers', ['dns_provider_id'], ['id'], ondelete='CASCADE')
|
||||
|
||||
def downgrade():
|
||||
print("Removing dns_providers_id foreign key on pending_certs table")
|
||||
op.drop_constraint(None, 'pending_certs', type_='foreignkey')
|
||||
print("Reverting column types in the api_keys table")
|
||||
op.alter_column('api_keys', 'user_id',
|
||||
existing_type=sa.INTEGER(),
|
||||
|
|
|
@ -38,7 +38,7 @@ class PendingCertificate(db.Model):
|
|||
private_key = Column(Vault, nullable=True)
|
||||
|
||||
date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
|
||||
dns_provider_id = Column(Integer(), nullable=True)
|
||||
dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))
|
||||
|
||||
status = Column(String(128))
|
||||
|
||||
|
@ -97,6 +97,6 @@ class PendingCertificate(db.Model):
|
|||
self.rotation = kwargs.get('rotation')
|
||||
self.rotation_policy = kwargs.get('rotation_policy')
|
||||
try:
|
||||
self.dns_provider_id = kwargs.get('dns_provider')["id"]
|
||||
except (AttributeError, KeyError, TypeError):
|
||||
self.dns_provider_id = kwargs.get('dns_provider_id')
|
||||
self.dns_provider_id = kwargs.get('dns_provider').id
|
||||
except (AttributeError, KeyError, TypeError, Exception):
|
||||
pass
|
||||
|
|
|
@ -260,11 +260,12 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
|||
pending = []
|
||||
certs = []
|
||||
for pending_cert in pending_certs:
|
||||
acme_client, registration = setup_acme_client(pending_cert.authority)
|
||||
order_info = authorization_service.get(pending_cert.external_id)
|
||||
dns_provider = dns_provider_service.get(pending_cert.dns_provider_id)
|
||||
dns_provider_type = self.get_dns_provider(dns_provider.provider_type)
|
||||
try:
|
||||
acme_client, registration = setup_acme_client(pending_cert.authority)
|
||||
order_info = authorization_service.get(pending_cert.external_id)
|
||||
dns_provider = dns_provider_service.get(pending_cert.dns_provider_id)
|
||||
dns_provider_type = self.get_dns_provider(dns_provider.provider_type)
|
||||
|
||||
authorizations = get_authorizations(
|
||||
acme_client, order_info.account_number, order_info.domains, dns_provider_type)
|
||||
pending.append({
|
||||
|
@ -323,14 +324,9 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
|||
authority = issuer_options.get('authority')
|
||||
create_immediately = issuer_options.get('create_immediately', False)
|
||||
acme_client, registration = setup_acme_client(authority)
|
||||
dns_provider_d = issuer_options.get('dns_provider')
|
||||
if not dns_provider_d:
|
||||
try:
|
||||
dns_provider = dns_provider_service.get(issuer_options['dns_provider_id'])
|
||||
except KeyError:
|
||||
raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.")
|
||||
else:
|
||||
dns_provider = dns_provider_service.get(dns_provider_d.get("id"))
|
||||
dns_provider = issuer_options.get('dns_provider')
|
||||
if not dns_provider:
|
||||
raise InvalidConfiguration("DNS Provider setting is required for ACME certificates.")
|
||||
credentials = json.loads(dns_provider.credentials)
|
||||
|
||||
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
|
||||
|
|
|
@ -21,6 +21,7 @@ from lemur.plugins.utils import get_plugin_option
|
|||
from lemur.roles.models import Role
|
||||
from lemur.users.models import User
|
||||
from lemur.authorities.models import Authority
|
||||
from lemur.dns_providers.models import DnsProviders
|
||||
from lemur.policies.models import RotationPolicy
|
||||
from lemur.certificates.models import Certificate
|
||||
from lemur.destinations.models import Destination
|
||||
|
@ -105,6 +106,15 @@ class AssociatedAuthoritySchema(LemurInputSchema):
|
|||
return fetch_objects(Authority, data, many=many)
|
||||
|
||||
|
||||
class AssociatedDnsProviderSchema(LemurInputSchema):
|
||||
id = fields.Int()
|
||||
name = fields.String()
|
||||
|
||||
@post_load
|
||||
def get_object(self, data, many=False):
|
||||
return fetch_objects(DnsProviders, data, many=many)
|
||||
|
||||
|
||||
class AssociatedRoleSchema(LemurInputSchema):
|
||||
id = fields.Int()
|
||||
name = fields.String()
|
||||
|
@ -159,11 +169,6 @@ class AssociatedRotationPolicySchema(LemurInputSchema):
|
|||
return fetch_objects(RotationPolicy, data, many=many)
|
||||
|
||||
|
||||
class DnsProviderSchema(LemurInputSchema):
|
||||
id = fields.Integer()
|
||||
name = fields.String()
|
||||
|
||||
|
||||
class PluginInputSchema(LemurInputSchema):
|
||||
plugin_options = fields.List(fields.Dict(), validate=validate_options)
|
||||
slug = fields.String(required=True)
|
||||
|
|
Loading…
Reference in New Issue