dns_provider ui

This commit is contained in:
Curtis Castrapel 2018-04-27 11:18:41 -07:00
parent c5cb01bd33
commit 532872b3c6
10 changed files with 228 additions and 42 deletions

View File

@ -102,7 +102,7 @@ class Certificate(db.Model):
serial = Column(String(128)) serial = Column(String(128))
cn = Column(String(128)) cn = Column(String(128))
deleted = Column(Boolean, index=True) deleted = Column(Boolean, index=True)
dns_provider_id = Column(Integer(), nullable=True) dns_provider_id = Column(Integer(), ForeignKey('dns_providers.id', ondelete='cascade'), nullable=True)
not_before = Column(ArrowType) not_before = Column(ArrowType)
not_after = Column(ArrowType) not_after = Column(ArrowType)

View File

@ -3,11 +3,15 @@ from sqlalchemy.dialects.postgresql import JSON
from sqlalchemy_utils import ArrowType from sqlalchemy_utils import ArrowType
from lemur.database import db from lemur.database import db
from lemur.plugins.base import plugins
class DnsProviders(db.Model): class DnsProviders(db.Model):
__tablename__ = 'dns_providers' __tablename__ = 'dns_providers'
id = Column(Integer(), primary_key=True) id = Column(
Integer(),
primary_key=True,
)
name = Column(String(length=256), unique=True, nullable=True) name = Column(String(length=256), unique=True, nullable=True)
description = Column(String(length=1024), nullable=True) description = Column(String(length=1024), nullable=True)
provider_type = Column(String(length=256), nullable=True) provider_type = Column(String(length=256), nullable=True)
@ -17,3 +21,16 @@ class DnsProviders(db.Model):
status = Column(String(length=128), nullable=True) status = Column(String(length=128), nullable=True)
options = Column(JSON, nullable=True) options = Column(JSON, nullable=True)
domains = Column(JSON, nullable=True) domains = Column(JSON, nullable=True)
def __init__(self, name, description, provider_type, credentials):
self.name = name
self.description = description
self.provider_type = provider_type
self.credentials = credentials
@property
def plugin(self):
return plugins.get(self.plugin_name)
def __repr__(self):
return "DnsProviders(name={name})".format(name=self.name)

View File

@ -1,5 +1,5 @@
from lemur.common.fields import ArrowDateTime from lemur.common.fields import ArrowDateTime
from lemur.common.schema import LemurOutputSchema from lemur.common.schema import LemurInputSchema, LemurOutputSchema
from marshmallow import fields from marshmallow import fields
@ -15,4 +15,13 @@ class DnsProvidersNestedOutputSchema(LemurOutputSchema):
date_created = ArrowDateTime() date_created = ArrowDateTime()
dns_provider_schema = DnsProvidersNestedOutputSchema() class DnsProvidersNestedInputSchema(LemurInputSchema):
__envelope__ = False
name = fields.String()
description = fields.String()
provider_type = fields.Dict()
dns_provider_output_schema = DnsProvidersNestedOutputSchema()
dns_provider_input_schema = DnsProvidersNestedInputSchema()

View File

@ -1,3 +1,5 @@
import json
from flask import current_app from flask import current_app
from lemur import database from lemur import database
from lemur.dns_providers.models import DnsProviders from lemur.dns_providers.models import DnsProviders
@ -15,6 +17,10 @@ def render(args):
def get(dns_provider_id): def get(dns_provider_id):
return database.get(DnsProviders, dns_provider_id)
def get_friendly(dns_provider_id):
""" """
Retrieves a dns provider by its lemur assigned ID. Retrieves a dns provider by its lemur assigned ID.
@ -22,7 +28,17 @@ def get(dns_provider_id):
:rtype : DnsProvider :rtype : DnsProvider
:return: :return:
""" """
return database.get(DnsProviders, dns_provider_id) dns_provider = get(dns_provider_id)
dns_provider_friendly = {
"name": dns_provider.name,
"description": dns_provider.description,
"provider_type": dns_provider.provider_type,
"options": dns_provider.options,
}
if dns_provider.provider_type == "route53":
dns_provider_friendly["account_id"] = json.loads(dns_provider.credentials).get("account_id")
return dns_provider_friendly
def delete(dns_provider_id): def delete(dns_provider_id):
@ -38,4 +54,21 @@ def get_types():
provider_config = current_app.config.get('ACME_DNS_PROVIDER_TYPES') provider_config = current_app.config.get('ACME_DNS_PROVIDER_TYPES')
if not provider_config: if not provider_config:
raise Exception("No DNS Provider configuration specified.") raise Exception("No DNS Provider configuration specified.")
provider_config["total"] = len(provider_config.get("items"))
return provider_config return provider_config
def create(data):
provider_name = data.get("name")
credentials = {}
for item in data.get("provider_type", {}).get("requirements", []):
credentials[item["name"]] = item["value"]
dns_provider = DnsProviders(
name=provider_name,
description=data.get("description"),
provider_type=data.get("provider_type").get("name"),
credentials=json.dumps(credentials),
)
created = database.create(dns_provider)
return created.id

View File

@ -13,7 +13,7 @@ from lemur.auth.service import AuthenticatedResource
from lemur.common.schema import validate_schema from lemur.common.schema import validate_schema
from lemur.common.utils import paginated_parser from lemur.common.utils import paginated_parser
from lemur.dns_providers import service from lemur.dns_providers import service
from lemur.dns_providers.schemas import dns_provider_schema from lemur.dns_providers.schemas import dns_provider_output_schema, dns_provider_input_schema
mod = Blueprint('dns_providers', __name__) mod = Blueprint('dns_providers', __name__)
api = Api(mod) api = Api(mod)
@ -25,7 +25,7 @@ class DnsProvidersList(AuthenticatedResource):
self.reqparse = reqparse.RequestParser() self.reqparse = reqparse.RequestParser()
super(DnsProvidersList, self).__init__() super(DnsProvidersList, self).__init__()
@validate_schema(None, dns_provider_schema) @validate_schema(None, dns_provider_output_schema)
def get(self): def get(self):
""" """
.. http:get:: /dns_providers .. http:get:: /dns_providers
@ -70,7 +70,7 @@ class DnsProvidersList(AuthenticatedResource):
""" """
parser = paginated_parser.copy() parser = paginated_parser.copy()
parser.add_argument('id', type=int, location='args') parser.add_argument('dns_provider_id', type=int, location='args')
parser.add_argument('name', type=str, location='args') parser.add_argument('name', type=str, location='args')
parser.add_argument('type', type=str, location='args') parser.add_argument('type', type=str, location='args')
@ -78,23 +78,92 @@ class DnsProvidersList(AuthenticatedResource):
args['user'] = g.user args['user'] = g.user
return service.render(args) return service.render(args)
@validate_schema(dns_provider_input_schema, None)
@admin_permission.require(http_exception=403)
def post(self, data=None):
"""
Creates a DNS Provider
**Example request**:
{
"provider_type": {
"name": "route53",
"requirements": [
{
"name": "account_id",
"type": "int",
"required": true,
"helpMessage": "AWS Account number",
"value": 12345
}
],
"route": "dns_provider_options",
"reqParams": null,
"restangularized": true,
"fromServer": true,
"parentResource": null,
"restangularCollection": false
},
"name": "provider_name",
"description": "provider_description"
}
**Example request 2**
{
"provider_type": {
"name": "cloudflare",
"requirements": [
{
"name": "email",
"type": "str",
"required": true,
"helpMessage": "Cloudflare Email",
"value": "test@netflix.com"
},
{
"name": "key",
"type": "str",
"required": true,
"helpMessage": "Cloudflare Key",
"value": "secretkey"
}
],
"route": "dns_provider_options",
"reqParams": null,
"restangularized": true,
"fromServer": true,
"parentResource": null,
"restangularCollection": false
},
"name": "provider_name",
"description": "provider_description"
}
:return:
"""
return service.create(data)
class DnsProviders(AuthenticatedResource):
def get(self, dns_provider_id):
return service.get_friendly(dns_provider_id)
@admin_permission.require(http_exception=403) @admin_permission.require(http_exception=403)
def delete(self, dns_provider_id): def delete(self, dns_provider_id):
service.delete(dns_provider_id) service.delete(dns_provider_id)
return {'result': True} return {'result': True}
class DnsProviderTypes(AuthenticatedResource): class DnsProviderOptions(AuthenticatedResource):
""" Defines the 'dns_provider_types' endpoint """ """ Defines the 'dns_provider_types' endpoint """
def __init__(self): def __init__(self):
self.reqparse = reqparse.RequestParser() self.reqparse = reqparse.RequestParser()
super(DnsProviderTypes, self).__init__() super(DnsProviderOptions, self).__init__()
def get(self): def get(self):
return service.get_types() return service.get_types()
api.add_resource(DnsProvidersList, '/dns_providers', endpoint='dns_providers') api.add_resource(DnsProvidersList, '/dns_providers', endpoint='dns_providers')
api.add_resource(DnsProvidersList, '/dns_providers/<int:dns_provider_id>', endpoint='dns_provider') api.add_resource(DnsProviders, '/dns_providers/<int:dns_provider_id>', endpoint='dns_provider')
api.add_resource(DnsProviderTypes, '/dns_provider_types', endpoint='dns_provider_types') api.add_resource(DnsProviderOptions, '/dns_provider_options', endpoint='dns_provider_options')

View File

@ -113,11 +113,12 @@ def setup_acme_client(authority):
if not authority.options: if not authority.options:
raise Exception("Invalid authority. Options not set") raise Exception("Invalid authority. Options not set")
options = {} options = {}
authority_options = json.loads(authority.options)
options[authority_options.get("name")] = authority_options.get("value") for option in json.loads(authority.options):
email = authority_options.get('email', current_app.config.get('ACME_EMAIL')) options[option.get("name")] = option.get("value")
tel = authority_options.get('telephone', current_app.config.get('ACME_TEL')) email = options.get('email', current_app.config.get('ACME_EMAIL'))
directory_url = authority_options.get('acme_url', current_app.config.get('ACME_DIRECTORY_URL')) tel = options.get('telephone', current_app.config.get('ACME_TEL'))
directory_url = options.get('acme_url', current_app.config.get('ACME_DIRECTORY_URL'))
key = jose.JWKRSA(key=generate_private_key('RSA2048')) key = jose.JWKRSA(key=generate_private_key('RSA2048'))
@ -254,7 +255,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type)) current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
dns_provider_type = __import__(dns_provider.provider_type, globals(), locals(), [], 1) dns_provider_type = __import__(dns_provider.provider_type, globals(), locals(), [], 1)
account_number = credentials.get("account_number") account_number = credentials.get("account_id")
if dns_provider.provider_type == 'route53' and not account_number: if dns_provider.provider_type == 'route53' and not account_number:
error = "DNS Provider {} does not have an account number configured.".format(dns_provider.name) error = "DNS Provider {} does not have an account number configured.".format(dns_provider.name)
current_app.logger.error(error) current_app.logger.error(error)

View File

@ -6,6 +6,9 @@ from mock import MagicMock, Mock, patch
class TestAcme(unittest.TestCase): class TestAcme(unittest.TestCase):
def setUp(self):
self.ACMEIssuerPlugin = plugin.ACMEIssuerPlugin()
@patch('lemur.plugins.lemur_acme.plugin.len', return_value=1) @patch('lemur.plugins.lemur_acme.plugin.len', return_value=1)
def test_find_dns_challenge(self, mock_len): def test_find_dns_challenge(self, mock_len):
assert mock_len assert mock_len
@ -103,7 +106,7 @@ class TestAcme(unittest.TestCase):
@patch('lemur.plugins.lemur_acme.plugin.current_app') @patch('lemur.plugins.lemur_acme.plugin.current_app')
def test_setup_acme_client_success(self, mock_current_app, mock_acme): def test_setup_acme_client_success(self, mock_current_app, mock_acme):
mock_authority = Mock() mock_authority = Mock()
mock_authority.options = '{"o": "mock_name", "v": "mock_value"}' mock_authority.options = '[{"name": "mock_name", "value": "mock_value"}]'
mock_client = Mock() mock_client = Mock()
mock_registration = Mock() mock_registration = Mock()
mock_registration.uri = "http://test.com" mock_registration.uri = "http://test.com"
@ -113,3 +116,64 @@ class TestAcme(unittest.TestCase):
result_client, result_registration = plugin.setup_acme_client(mock_authority) result_client, result_registration = plugin.setup_acme_client(mock_authority)
assert result_client assert result_client
assert result_registration assert result_registration
@patch('lemur.plugins.lemur_acme.plugin.current_app')
def test_get_domains_single(self, mock_current_app):
options = {
"common_name": "test.netflix.net"
}
result = plugin.get_domains(options)
self.assertEqual(result, [options["common_name"]])
@patch('lemur.plugins.lemur_acme.plugin.current_app')
def test_get_domains_multiple(self, mock_current_app):
options = {
"common_name": "test.netflix.net",
"extensions": {
"sub_alt_names": {
"names": [
"test2.netflix.net",
"test3.netflix.net"
]
}
}
}
result = plugin.get_domains(options)
self.assertEqual(result, [options["common_name"], "test2.netflix.net", "test3.netflix.net"])
@patch('lemur.plugins.lemur_acme.plugin.start_dns_challenge', return_value="test")
def test_get_authorizations(self, mock_start_dns_challenge):
result = plugin.get_authorizations("acme_client", "account_number", ["domains"], "dns_provider")
self.assertEqual(result, ["test"])
@patch('lemur.plugins.lemur_acme.plugin.complete_dns_challenge', return_value="test")
def test_finalize_authorizations(self, mock_complete_dns_challenge):
mock_authz = []
mock_authz_record = MagicMock()
mock_authz_record.authz = Mock()
mock_authz_record.change_id = 1
mock_authz_record.dns_challenge.validation_domain_name = Mock()
mock_authz_record.dns_challenge.validation = Mock()
mock_authz.append(mock_authz_record)
mock_dns_provider = Mock()
mock_dns_provider.delete_txt_record = Mock()
mock_acme_client = Mock()
result = plugin.finalize_authorizations(mock_acme_client, "account_number", mock_dns_provider, mock_authz)
self.assertEqual(result, mock_authz)
@patch('lemur.plugins.lemur_acme.plugin.current_app')
def test_create_authority(self, mock_current_app):
mock_current_app.config = Mock()
options = {
"plugin": {
"plugin_options": [{
"name": "certificate",
"value": "123"
}]
}
}
acme_root, b, role = self.ACMEIssuerPlugin.create_authority(options)
self.assertEqual(acme_root, "123")
self.assertEqual(b, "")
self.assertEqual(role, [{'username': '', 'password': '', 'name': 'acme'}])

View File

@ -5,20 +5,12 @@ angular.module('lemur')
.controller('DnsProviderCreateController', function ($scope, $uibModalInstance, PluginService, DnsProviderService, LemurRestangular, toaster) { .controller('DnsProviderCreateController', function ($scope, $uibModalInstance, PluginService, DnsProviderService, LemurRestangular, toaster) {
$scope.dns_provider = LemurRestangular.restangularizeElement(null, {}, 'dns_providers'); $scope.dns_provider = LemurRestangular.restangularizeElement(null, {}, 'dns_providers');
PluginService.getByName('acme-issuer').then(function (acme) { DnsProviderService.getDnsProviderOptions().then(function(res) {
$scope.acme = acme; $scope.options = res;
});
PluginService.getByType('dns_provider').then(function (plugins) {
$scope.plugins = plugins;
});
PluginService.getByType('export').then(function (plugins) {
$scope.exportPlugins = plugins;
}); });
$scope.save = function (dns_provider) { $scope.save = function (dns_provider) {
DnsProviderService.create(dns_provider.then( DnsProviderService.create(dns_provider).then(
function () { function () {
toaster.pop({ toaster.pop({
type: 'success', type: 'success',
@ -35,7 +27,7 @@ angular.module('lemur')
directiveData: response.data, directiveData: response.data,
timeout: 100000 timeout: 100000
}); });
})); });
}; };
$scope.cancel = function () { $scope.cancel = function () {
@ -48,14 +40,6 @@ angular.module('lemur')
DnsProviderApi.get(editId).then(function (dns_provider) { DnsProviderApi.get(editId).then(function (dns_provider) {
$scope.dns_provider = dns_provider; $scope.dns_provider = dns_provider;
PluginService.getByName('acme-issuer').then(function (acme) {
$scope.acme = acme;
_.each($scope.acme, function (opts) {
console.log(opts);
});
});
}); });
$scope.save = function (dns_provider) { $scope.save = function (dns_provider) {

View File

@ -31,11 +31,11 @@
Provider Type Provider Type
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<select class="form-control" ng-model="dns_provider.provider_type" ng-options="plugin for plugin in ['route53', 'cloudflare']" <select class="form-control" ng-model="dns_provider.provider_type" ng-options="item.name for item in options"
required></select> required></select>
</div> </div>
</div> </div>
<div class="form-group" ng-repeat="item in dns_provider.plugin.pluginOptions"> <div class="form-group" ng-repeat="item in dns_provider.provider_type.requirements">
<ng-form name="subForm" class="form-horizontal" role="form" novalidate> <ng-form name="subForm" class="form-horizontal" role="form" novalidate>
<div ng-class="{'has-error': subForm.sub.$invalid, 'has-success': !subForm.sub.$invalid&&subForm.sub.$dirty}"> <div ng-class="{'has-error': subForm.sub.$invalid, 'has-success': !subForm.sub.$invalid&&subForm.sub.$dirty}">
<label class="control-label col-sm-2"> <label class="control-label col-sm-2">

View File

@ -3,7 +3,12 @@ angular.module('lemur')
.service('DnsProviderApi', function (LemurRestangular) { .service('DnsProviderApi', function (LemurRestangular) {
return LemurRestangular.all('dns_providers'); return LemurRestangular.all('dns_providers');
}) })
.service('DnsProviderService', function ($location, DnsProviderApi, PluginService, DnsProviders) {
.service('DnsProviderOptions', function (LemurRestangular) {
return LemurRestangular.all('dns_provider_options');
})
.service('DnsProviderService', function ($location, DnsProviderApi, PluginService, DnsProviders, DnsProviderOptions) {
var DnsProviderService = this; var DnsProviderService = this;
DnsProviderService.findDnsProvidersByName = function (filterValue) { DnsProviderService.findDnsProvidersByName = function (filterValue) {
return DnsProviderApi.getList({'filter[label]': filterValue}) return DnsProviderApi.getList({'filter[label]': filterValue})
@ -16,6 +21,10 @@ angular.module('lemur')
return DnsProviders.get(); return DnsProviders.get();
}; };
DnsProviderService.getDnsProviderOptions = function () {
return DnsProviderOptions.getList();
};
DnsProviderService.create = function (dns_provider) { DnsProviderService.create = function (dns_provider) {
return DnsProviderApi.post(dns_provider); return DnsProviderApi.post(dns_provider);
}; };