Merge pull request #2158 from castrapel/celery_pending

Add async call to create pending cert when needed
This commit is contained in:
Curtis 2018-11-28 15:22:31 -08:00 committed by GitHub
commit 67b476e6d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 47 additions and 40 deletions

View File

@ -138,7 +138,6 @@ class Certificate(db.Model):
logs = relationship('Log', backref='certificate') logs = relationship('Log', backref='certificate')
endpoints = relationship('Endpoint', backref='certificate') endpoints = relationship('Endpoint', backref='certificate')
rotation_policy = relationship("RotationPolicy") rotation_policy = relationship("RotationPolicy")
sensitive_fields = ('private_key',) sensitive_fields = ('private_key',)
def __init__(self, **kwargs): def __init__(self, **kwargs):

View File

@ -276,6 +276,14 @@ def create(**kwargs):
certificate_issued.send(certificate=cert, authority=cert.authority) certificate_issued.send(certificate=cert, authority=cert.authority)
metrics.send('certificate_issued', 'counter', 1, metric_tags=dict(owner=cert.owner, issuer=cert.issuer)) metrics.send('certificate_issued', 'counter', 1, metric_tags=dict(owner=cert.owner, issuer=cert.issuer))
if isinstance(cert, PendingCertificate):
# We need to refresh the pending certificate to avoid "Instance is not bound to a Session; "
# "attribute refresh operation cannot proceed"
pending_cert = database.session_query(PendingCertificate).get(cert.id)
from lemur.common.celery import fetch_acme_cert
if not current_app.config.get("ACME_DISABLE_AUTORESOLVE", False):
fetch_acme_cert.apply_async((pending_cert.id,), countdown=5)
return cert return cert

View File

@ -25,8 +25,8 @@ flask_app = create_app()
def make_celery(app): def make_celery(app):
celery = Celery(app.import_name, backend=app.config['CELERY_RESULT_BACKEND'], celery = Celery(app.import_name, backend=app.config.get('CELERY_RESULT_BACKEND'),
broker=app.config['CELERY_BROKER_URL']) broker=app.config.get('CELERY_BROKER_URL'))
celery.conf.update(app.config) celery.conf.update(app.config)
TaskBase = celery.Task TaskBase = celery.Task

View File

@ -47,7 +47,7 @@ from lemur.logs.models import Log # noqa
from lemur.endpoints.models import Endpoint # noqa from lemur.endpoints.models import Endpoint # noqa
from lemur.policies.models import RotationPolicy # noqa from lemur.policies.models import RotationPolicy # noqa
from lemur.pending_certificates.models import PendingCertificate # noqa from lemur.pending_certificates.models import PendingCertificate # noqa
from lemur.dns_providers.models import DnsProvider # noqa
manager = Manager(create_app) manager = Manager(create_app)
manager.add_option('-c', '--config', dest='config') manager.add_option('-c', '--config', dest='config')

View File

@ -1,7 +1,7 @@
# This is just Python which means you can inherit and tweak settings # This is just Python which means you can inherit and tweak settings
import os import os
_basedir = os.path.abspath(os.path.dirname(__file__)) _basedir = os.path.abspath(os.path.dirname(__file__))
THREADS_PER_PAGE = 8 THREADS_PER_PAGE = 8
@ -78,14 +78,12 @@ DIGICERT_API_KEY = 'api-key'
DIGICERT_ORG_ID = 111111 DIGICERT_ORG_ID = 111111
DIGICERT_ROOT = "ROOT" DIGICERT_ROOT = "ROOT"
VERISIGN_URL = 'http://example.com' VERISIGN_URL = 'http://example.com'
VERISIGN_PEM_PATH = '~/' VERISIGN_PEM_PATH = '~/'
VERISIGN_FIRST_NAME = 'Jim' VERISIGN_FIRST_NAME = 'Jim'
VERISIGN_LAST_NAME = 'Bob' VERISIGN_LAST_NAME = 'Bob'
VERSIGN_EMAIL = 'jim@example.com' VERSIGN_EMAIL = 'jim@example.com'
ACME_AWS_ACCOUNT_NUMBER = '11111111111' ACME_AWS_ACCOUNT_NUMBER = '11111111111'
ACME_PRIVATE_KEY = ''' ACME_PRIVATE_KEY = '''
@ -180,6 +178,7 @@ ACME_URL = 'https://acme-v01.api.letsencrypt.org'
ACME_EMAIL = 'jim@example.com' ACME_EMAIL = 'jim@example.com'
ACME_TEL = '4088675309' ACME_TEL = '4088675309'
ACME_DIRECTORY_URL = 'https://acme-v01.api.letsencrypt.org' ACME_DIRECTORY_URL = 'https://acme-v01.api.letsencrypt.org'
ACME_DISABLE_AUTORESOLVE = True
LDAP_AUTH = True LDAP_AUTH = True
LDAP_BIND_URI = 'ldap://localhost' LDAP_BIND_URI = 'ldap://localhost'

View File

@ -2,11 +2,10 @@ import json
import pytest import pytest
from lemur.pending_certificates.views import * # noqa
from .vectors import CSR_STR, INTERMEDIATE_CERT_STR, VALID_ADMIN_API_TOKEN, VALID_ADMIN_HEADER_TOKEN, \ from .vectors import CSR_STR, INTERMEDIATE_CERT_STR, VALID_ADMIN_API_TOKEN, VALID_ADMIN_HEADER_TOKEN, \
VALID_USER_HEADER_TOKEN, WILDCARD_CERT_STR VALID_USER_HEADER_TOKEN, WILDCARD_CERT_STR
from lemur.pending_certificates.views import * # noqa
def test_increment_attempt(pending_certificate): def test_increment_attempt(pending_certificate):
from lemur.pending_certificates.service import increment_attempt from lemur.pending_certificates.service import increment_attempt
@ -17,7 +16,8 @@ def test_increment_attempt(pending_certificate):
def test_create_pending_certificate(async_issuer_plugin, async_authority, user): def test_create_pending_certificate(async_issuer_plugin, async_authority, user):
from lemur.certificates.service import create from lemur.certificates.service import create
pending_cert = create(authority=async_authority, csr=CSR_STR, owner='joe@example.com', creator=user['user'], common_name='ACommonName') pending_cert = create(authority=async_authority, csr=CSR_STR, owner='joe@example.com', creator=user['user'],
common_name='ACommonName')
assert pending_cert.external_id == '12345' assert pending_cert.external_id == '12345'

View File

@ -14,7 +14,7 @@ docutils==0.14 # via readme-renderer
flake8==3.5.0 flake8==3.5.0
identify==1.1.7 # via pre-commit identify==1.1.7 # via pre-commit
idna==2.7 # via requests idna==2.7 # via requests
importlib-metadata==0.6 # via pre-commit importlib-metadata==0.7 # via pre-commit
importlib-resources==1.0.2 # via pre-commit importlib-resources==1.0.2 # via pre-commit
invoke==1.2.0 invoke==1.2.0
mccabe==0.6.1 # via flake8 mccabe==0.6.1 # via flake8
@ -23,7 +23,7 @@ pkginfo==1.4.2 # via twine
pre-commit==1.12.0 pre-commit==1.12.0
pycodestyle==2.3.1 # via flake8 pycodestyle==2.3.1 # via flake8
pyflakes==1.6.0 # via flake8 pyflakes==1.6.0 # via flake8
pygments==2.2.0 # via readme-renderer pygments==2.3.0 # via readme-renderer
pyyaml==3.13 # via aspy.yaml, pre-commit pyyaml==3.13 # via aspy.yaml, pre-commit
readme-renderer==24.0 # via twine readme-renderer==24.0 # via twine
requests-toolbelt==0.8.0 # via twine requests-toolbelt==0.8.0 # via twine

View File

@ -4,10 +4,10 @@
# #
# pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in # pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in
# #
acme==0.27.1 acme==0.28.0
alabaster==0.7.12 # via sphinx alabaster==0.7.12 # via sphinx
alembic-autogenerate-enums==0.0.2 alembic-autogenerate-enums==0.0.2
alembic==1.0.2 alembic==1.0.5
amqp==2.3.2 amqp==2.3.2
aniso8601==4.0.1 aniso8601==4.0.1
arrow==0.12.1 arrow==0.12.1
@ -17,23 +17,23 @@ babel==2.6.0 # via sphinx
bcrypt==3.1.4 bcrypt==3.1.4
billiard==3.5.0.4 billiard==3.5.0.4
blinker==1.4 blinker==1.4
boto3==1.9.37 boto3==1.9.53
botocore==1.12.37 botocore==1.12.53
celery[redis]==4.2.1 celery[redis]==4.2.1
certifi==2018.10.15 certifi==2018.10.15
cffi==1.11.5 cffi==1.11.5
chardet==3.0.4 chardet==3.0.4
click==7.0 click==7.0
cloudflare==2.1.0 cloudflare==2.1.0
cryptography==2.3.1 cryptography==2.4.2
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 dnspython==1.15.0
docutils==0.14 docutils==0.14
dyn==1.8.1 dyn==1.8.1
flask-bcrypt==0.7.1 flask-bcrypt==0.7.1
flask-cors==3.0.6 flask-cors==3.0.7
flask-mail==0.9.1 flask-mail==0.9.1
flask-migrate==2.3.0 flask-migrate==2.3.1
flask-principal==0.4.0 flask-principal==0.4.0
flask-restful==0.3.6 flask-restful==0.3.6
flask-script==2.0.6 flask-script==2.0.6
@ -61,11 +61,11 @@ packaging==18.0 # via sphinx
paramiko==2.4.2 paramiko==2.4.2
pbr==5.1.1 pbr==5.1.1
pem==18.2.0 pem==18.2.0
psycopg2==2.7.5 psycopg2==2.7.6.1
pyasn1-modules==0.2.2 pyasn1-modules==0.2.2
pyasn1==0.4.4 pyasn1==0.4.4
pycparser==2.19 pycparser==2.19
pygments==2.2.0 # via sphinx pygments==2.3.0 # via sphinx
pyjwt==1.6.4 pyjwt==1.6.4
pynacl==1.3.0 pynacl==1.3.0
pyopenssl==18.0.0 pyopenssl==18.0.0
@ -76,9 +76,9 @@ python-editor==1.0.3
pytz==2018.7 pytz==2018.7
pyyaml==3.13 pyyaml==3.13
raven[flask]==6.9.0 raven[flask]==6.9.0
redis==2.10.6 redis==3.0.1
requests-toolbelt==0.8.0 requests-toolbelt==0.8.0
requests[security]==2.20.0 requests[security]==2.20.1
retrying==1.3.3 retrying==1.3.3
s3transfer==0.1.13 s3transfer==0.1.13
six==1.11.0 six==1.11.0
@ -87,8 +87,8 @@ sphinx-rtd-theme==0.4.2
sphinx==1.8.2 sphinx==1.8.2
sphinxcontrib-httpdomain==1.7.0 sphinxcontrib-httpdomain==1.7.0
sphinxcontrib-websupport==1.1.0 # via sphinx sphinxcontrib-websupport==1.1.0 # via sphinx
sqlalchemy-utils==0.33.6 sqlalchemy-utils==0.33.8
sqlalchemy==1.2.13 sqlalchemy==1.2.14
tabulate==0.8.2 tabulate==0.8.2
urllib3==1.24.1 urllib3==1.24.1
vine==1.1.4 vine==1.1.4

View File

@ -8,21 +8,21 @@ asn1crypto==0.24.0 # via cryptography
atomicwrites==1.2.1 # via pytest atomicwrites==1.2.1 # via pytest
attrs==18.2.0 # via pytest attrs==18.2.0 # via pytest
aws-xray-sdk==0.95 # via moto aws-xray-sdk==0.95 # via moto
boto3==1.9.42 # via moto boto3==1.9.53 # via moto
boto==2.49.0 # via moto boto==2.49.0 # via moto
botocore==1.12.42 # via boto3, moto, s3transfer botocore==1.12.53 # via boto3, moto, s3transfer
certifi==2018.10.15 # via requests certifi==2018.10.15 # via requests
cffi==1.11.5 # via cryptography cffi==1.11.5 # via cryptography
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==7.0 # via flask click==7.0 # via flask
coverage==4.5.2 coverage==4.5.2
cryptography==2.4.1 # via moto cryptography==2.4.2 # via moto
docker-pycreds==0.3.0 # via docker docker-pycreds==0.3.0 # via docker
docker==3.5.1 # via moto docker==3.5.1 # via moto
docutils==0.14 # via botocore docutils==0.14 # via botocore
ecdsa==0.13 # via python-jose ecdsa==0.13 # via python-jose
factory-boy==2.11.1 factory-boy==2.11.1
faker==0.9.2 faker==1.0.0
flask==1.0.2 # via pytest-flask flask==1.0.2 # via pytest-flask
freezegun==0.3.11 freezegun==0.3.11
future==0.17.1 # via python-jose future==0.17.1 # via python-jose
@ -40,20 +40,20 @@ nose==1.3.7
pbr==5.1.1 # via mock pbr==5.1.1 # via mock
pluggy==0.8.0 # via pytest pluggy==0.8.0 # via pytest
py==1.7.0 # via pytest py==1.7.0 # via pytest
pyaml==17.12.1 # via moto pyaml==18.11.0 # via moto
pycparser==2.19 # via cffi pycparser==2.19 # via cffi
pycryptodome==3.7.0 # via python-jose pycryptodome==3.7.2 # via python-jose
pyflakes==2.0.0 pyflakes==2.0.0
pytest-flask==0.14.0 pytest-flask==0.14.0
pytest-mock==1.10.0 pytest-mock==1.10.0
pytest==3.10.1 pytest==4.0.1
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
python-jose==2.0.2 # via moto python-jose==2.0.2 # via moto
pytz==2018.7 # via moto pytz==2018.7 # via moto
pyyaml==3.13 # via pyaml pyyaml==3.13 # via pyaml
requests-mock==1.5.2 requests-mock==1.5.2
requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses
responses==0.10.3 # via moto responses==0.10.4 # via moto
s3transfer==0.1.13 # via boto3 s3transfer==0.1.13 # via boto3
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
text-unidecode==1.2 # via faker text-unidecode==1.2 # via faker

View File

@ -36,6 +36,7 @@ pyjwt
pyOpenSSL pyOpenSSL
python_ldap python_ldap
raven[flask] raven[flask]
redis<3 # redis>=3 is not compatible with celery
requests requests
retrying retrying
six six

View File

@ -6,7 +6,7 @@
# #
acme==0.28.0 acme==0.28.0
alembic-autogenerate-enums==0.0.2 alembic-autogenerate-enums==0.0.2
alembic==1.0.2 # via flask-migrate alembic==1.0.5 # via flask-migrate
amqp==2.3.2 # via kombu amqp==2.3.2 # via kombu
aniso8601==4.0.1 # via flask-restful aniso8601==4.0.1 # via flask-restful
arrow==0.12.1 arrow==0.12.1
@ -15,15 +15,15 @@ asyncpool==1.0
bcrypt==3.1.4 # via flask-bcrypt, paramiko bcrypt==3.1.4 # via flask-bcrypt, paramiko
billiard==3.5.0.4 # via celery billiard==3.5.0.4 # via celery
blinker==1.4 # via flask-mail, flask-principal, raven blinker==1.4 # via flask-mail, flask-principal, raven
boto3==1.9.42 boto3==1.9.53
botocore==1.12.42 botocore==1.12.53
celery[redis]==4.2.1 celery[redis]==4.2.1
certifi==2018.10.15 certifi==2018.10.15
cffi==1.11.5 # via bcrypt, cryptography, pynacl cffi==1.11.5 # via bcrypt, cryptography, pynacl
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==7.0 # via flask click==7.0 # via flask
cloudflare==2.1.0 cloudflare==2.1.0
cryptography==2.4.1 cryptography==2.4.2
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 # via dnspython3 dnspython==1.15.0 # via dnspython3
docutils==0.14 # via botocore docutils==0.14 # via botocore
@ -31,7 +31,7 @@ dyn==1.8.1
flask-bcrypt==0.7.1 flask-bcrypt==0.7.1
flask-cors==3.0.7 flask-cors==3.0.7
flask-mail==0.9.1 flask-mail==0.9.1
flask-migrate==2.3.0 flask-migrate==2.3.1
flask-principal==0.4.0 flask-principal==0.4.0
flask-restful==0.3.6 flask-restful==0.3.6
flask-script==2.0.6 flask-script==2.0.6
@ -71,13 +71,13 @@ python-ldap==3.1.0
pytz==2018.7 # via acme, celery, flask-restful, pyrfc3339 pytz==2018.7 # via acme, celery, flask-restful, pyrfc3339
pyyaml==3.13 # via cloudflare pyyaml==3.13 # via cloudflare
raven[flask]==6.9.0 raven[flask]==6.9.0
redis==2.10.6 # via celery redis==2.10.6
requests-toolbelt==0.8.0 # via acme requests-toolbelt==0.8.0 # via acme
requests[security]==2.20.1 requests[security]==2.20.1
retrying==1.3.3 retrying==1.3.3
s3transfer==0.1.13 # via boto3 s3transfer==0.1.13 # via boto3
six==1.11.0 six==1.11.0
sqlalchemy-utils==0.33.6 sqlalchemy-utils==0.33.8
sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
tabulate==0.8.2 tabulate==0.8.2
urllib3==1.24.1 # via botocore, requests urllib3==1.24.1 # via botocore, requests