PR feedback

2020-12-03 11:30:34 -08:00
parent b40cb5562a
commit 589df0e230
6 changed files with 113 additions and 36 deletions
--- a/lemur/notifications/cli.py
+++ b/lemur/notifications/cli.py
@ -40,9 +40,7 @@ def expirations(exclude):
        print("Starting to notify subscribers about expiring certificates!")
        success, failed = send_expiration_notifications(exclude)
        print(
-            "Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}".format(
-                success=success, failed=failed
-            )
+            f"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}"
        )
        status = SUCCESS_METRIC_STATUS
    except Exception as e:
@ -66,9 +64,7 @@ def authority_expirations():
        success, failed = send_authority_expiration_notifications()
        print(
            "Finished notifying subscribers about expiring certificate authority certificates! "
-            "Sent: {success} Failed: {failed}".format(
-                success=success, failed=failed
-            )
+            f"Sent: {success} Failed: {failed}"
        )
        status = SUCCESS_METRIC_STATUS
    except Exception as e:
--- a/lemur/notifications/messaging.py
+++ b/lemur/notifications/messaging.py
@ -132,7 +132,7 @@ def get_eligible_authority_certificates():
    for owner, owner_certs in groupby(all_certs, lambda x: x.owner):
        # group by expiration interval
        for interval, interval_certs in groupby(owner_certs, lambda x: (x.not_after - now).days):
-            certificates[owner][interval] = list(interval_certs)  # list(c for c in interval_certs)
+            certificates[owner][interval] = list(interval_certs)

    return certificates

--- a/lemur/plugins/lemur_email/templates/authority_expiration.html
+++ b/lemur/plugins/lemur_email/templates/authority_expiration.html
@ -76,7 +76,9 @@
                                            <tr>
                                                <td style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:13px;color:#202020;line-height:1.5">
                                                    <br>This is a Lemur CA certificate expiration notice. The following CA certificates are expiring soon;
-                                                    please take manual action to renew them if necessary. You may also disable notifications via the
+                                                    please take manual action to renew them if necessary. Note that rotating a root CA requires
+                                                    advanced planing and the respective trustStores need to be updated. A sub-CA, on the other hand,
+                                                    does not require any changes to the trustStore. You may also disable notifications via the
                                                    Notify toggle in Lemur if they are no longer in use.
                                                    <table border="0" cellspacing="0" cellpadding="0"
                                                           style="margin-top:48px;margin-bottom:48px">
--- a/lemur/tests/test_messaging.py
+++ b/lemur/tests/test_messaging.py
@ -131,13 +131,13 @@ def test_send_pending_failure_notification(notification_plugin, async_issuer_plu
 def test_get_authority_certificates():
    from lemur.notifications.messaging import get_expiring_authority_certificates

-    certificate_1 = create_cert_that_expires_in_days(180)
-    certificate_2 = create_cert_that_expires_in_days(365)
-    create_cert_that_expires_in_days(364)
-    create_cert_that_expires_in_days(366)
-    create_cert_that_expires_in_days(179)
-    create_cert_that_expires_in_days(181)
-    create_cert_that_expires_in_days(1)
+    certificate_1 = create_ca_cert_that_expires_in_days(180)
+    certificate_2 = create_ca_cert_that_expires_in_days(365)
+    create_ca_cert_that_expires_in_days(364)
+    create_ca_cert_that_expires_in_days(366)
+    create_ca_cert_that_expires_in_days(179)
+    create_ca_cert_that_expires_in_days(181)
+    create_ca_cert_that_expires_in_days(1)

    assert set(get_expiring_authority_certificates()) == {certificate_1, certificate_2}

@ -147,19 +147,19 @@ def test_send_authority_expiration_notifications():
    from lemur.notifications.messaging import send_authority_expiration_notifications
    verify_sender_email()

-    create_cert_that_expires_in_days(180)
-    create_cert_that_expires_in_days(180)  # two on the same day results in a single email
-    create_cert_that_expires_in_days(365)
-    create_cert_that_expires_in_days(364)
-    create_cert_that_expires_in_days(366)
-    create_cert_that_expires_in_days(179)
-    create_cert_that_expires_in_days(181)
-    create_cert_that_expires_in_days(1)
+    create_ca_cert_that_expires_in_days(180)
+    create_ca_cert_that_expires_in_days(180)  # two on the same day results in a single email
+    create_ca_cert_that_expires_in_days(365)
+    create_ca_cert_that_expires_in_days(364)
+    create_ca_cert_that_expires_in_days(366)
+    create_ca_cert_that_expires_in_days(179)
+    create_ca_cert_that_expires_in_days(181)
+    create_ca_cert_that_expires_in_days(1)

    assert send_authority_expiration_notifications() == (2, 0)


-def create_cert_that_expires_in_days(days):
+def create_ca_cert_that_expires_in_days(days):
    now = arrow.utcnow()
    not_after = now + timedelta(days=days, hours=1)  # a bit more than specified since we'll check in the future