Merge pull request #2959 from hosseinsh/improve-enable-autorotate

improving logging and the possibility of …
This commit is contained in:
Hossein Shafagh 2020-05-08 09:43:11 -07:00 committed by GitHub
commit 53c314cb41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -483,18 +483,33 @@ def check_revoked():
@manager.command
def automatically_enable_autorotate():
"""
This function automatically enables autorotation for unexpired certificates that are
This function automatically enables auto-rotation for unexpired certificates that are
attached to an endpoint but do not have autorotate enabled.
WARNING: This will overwrite the Auto-rotate toggle!
"""
log_data = {
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
}
permitted_authorities = current_app.config.get("ENABLE_AUTO_ROTATE_AUTHORITY", [])
eligible_certs = get_all_certs_attached_to_endpoint_without_autorotate()
for cert in eligible_certs:
if cert.authority_id not in permitted_authorities:
continue
log_data["certificate"] = cert.name
log_data["certificate_id"] = cert.id
log_data["message"] = "Enabling auto-rotate for certificate"
current_app.logger.info(log_data)
# TODO: add the cert destination to the logging
metrics.send("automatically_enable_autorotate",
"counter", 1,
metric_tags={"certificate": cert.name,
"certificate_id": cert.id,
"authority_id": cert.authority_id,
"authority_name": Authority.get(cert.authority_id).name})
cert.rotation = True
database.update(cert)