diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py index 7a46138c..c4a95187 100644 --- a/lemur/certificates/cli.py +++ b/lemur/certificates/cli.py @@ -238,17 +238,7 @@ def reissue(old_certificate_name, commit): if not old_cert: for certificate in get_all_pending_reissue(): - try: - request_reissue(certificate, commit) - except Exception as e: - sentry.captureException() - current_app.logger.exception( - "Error reissuing certificate: {}".format(certificate.name), exc_info=True) - print( - "[!] Failed to reissue certificates. Reason: {}".format( - e - ) - ) + request_reissue(certificate, commit) else: request_reissue(old_cert, commit) @@ -275,30 +265,31 @@ def query(fqdns, issuer, owner, expired): table = [] q = database.session_query(Certificate) + if issuer: + sub_query = database.session_query(Authority.id) \ + .filter(Authority.name.ilike('%{0}%'.format(issuer))) \ + .subquery() - sub_query = database.session_query(Authority.id) \ - .filter(Authority.name.ilike('%{0}%'.format(issuer))) \ - .subquery() - - q = q.filter( - or_( - Certificate.issuer.ilike('%{0}%'.format(issuer)), - Certificate.authority_id.in_(sub_query) + q = q.filter( + or_( + Certificate.issuer.ilike('%{0}%'.format(issuer)), + Certificate.authority_id.in_(sub_query) + ) ) - ) - - q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner))) + if owner: + q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner))) if not expired: q = q.filter(Certificate.expired == False) # noqa - for f in fqdns.split(','): - q = q.filter( - or_( - Certificate.cn.ilike('%{0}%'.format(f)), - Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f))) + if fqdns: + for f in fqdns.split(','): + q = q.filter( + or_( + Certificate.cn.ilike('%{0}%'.format(f)), + Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f))) + ) ) - ) for c in q.all(): table.append([c.id, c.name, c.owner, c.issuer]) @@ -373,10 +364,7 @@ def check_revoked(): else: status = verify_string(cert.body, "") - if status is None: - cert.status = 'unknown' - else: - cert.status = 'valid' if status else 'revoked' + cert.status = 'valid' if status else 'revoked' except Exception as e: sentry.captureException() diff --git a/lemur/common/fields.py b/lemur/common/fields.py index 9a0198e9..5ab0c6f0 100644 --- a/lemur/common/fields.py +++ b/lemur/common/fields.py @@ -350,6 +350,7 @@ class SubjectAlternativeNameExtension(Field): value = value.dotted_string else: current_app.logger.warning('Unknown SubAltName type: {name}'.format(name=name)) + continue general_names.append({'nameType': name_type, 'value': value}) diff --git a/lemur/migrations/versions/449c3d5c7299_.py b/lemur/migrations/versions/449c3d5c7299_.py index 1dcb7ab5..0bc30db1 100644 --- a/lemur/migrations/versions/449c3d5c7299_.py +++ b/lemur/migrations/versions/449c3d5c7299_.py @@ -21,6 +21,14 @@ COLUMNS = ["notification_id", "certificate_id"] def upgrade(): + connection = op.get_bind() + # Delete duplicate entries + connection.execute("""\ + DELETE FROM certificate_notification_associations WHERE ctid NOT IN ( + -- Select the first tuple ID for each (notification_id, certificate_id) combination and keep that + SELECT min(ctid) FROM certificate_notification_associations GROUP BY notification_id, certificate_id + ) + """) op.create_unique_constraint(CONSTRAINT_NAME, TABLE, COLUMNS) diff --git a/requirements-dev.txt b/requirements-dev.txt index d74b07f9..7b427b20 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -13,9 +13,8 @@ chardet==3.0.4 # via requests docutils==0.14 # via readme-renderer flake8==3.5.0 identify==1.1.7 # via pre-commit -idna==2.7 # via requests +idna==2.8 # via requests importlib-metadata==0.7 # via pre-commit -importlib-resources==1.0.2 # via pre-commit invoke==1.2.0 mccabe==0.6.1 # via flake8 nodeenv==1.3.3 @@ -23,12 +22,12 @@ pkginfo==1.4.2 # via twine pre-commit==1.12.0 pycodestyle==2.3.1 # via flake8 pyflakes==1.6.0 # via flake8 -pygments==2.3.0 # via readme-renderer +pygments==2.3.1 # via readme-renderer pyyaml==3.13 # via aspy.yaml, pre-commit readme-renderer==24.0 # via twine requests-toolbelt==0.8.0 # via twine -requests==2.20.1 # via requests-toolbelt, twine -six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer +requests==2.21.0 # via requests-toolbelt, twine +six==1.12.0 # via bleach, cfgv, pre-commit, readme-renderer toml==0.10.0 # via pre-commit tqdm==4.28.1 # via twine twine==1.12.1 diff --git a/requirements-docs.txt b/requirements-docs.txt index 35ca4322..3f036915 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -4,7 +4,7 @@ # # pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in # -acme==0.28.0 +acme==0.29.1 alabaster==0.7.12 # via sphinx alembic-autogenerate-enums==0.0.2 alembic==1.0.5 @@ -15,12 +15,12 @@ asn1crypto==0.24.0 asyncpool==1.0 babel==2.6.0 # via sphinx bcrypt==3.1.4 -billiard==3.5.0.4 +billiard==3.5.0.5 blinker==1.4 -boto3==1.9.53 -botocore==1.12.53 +boto3==1.9.60 +botocore==1.12.60 celery[redis]==4.2.1 -certifi==2018.10.15 +certifi==2018.11.29 cffi==1.11.5 chardet==3.0.4 click==7.0 @@ -49,7 +49,7 @@ jinja2==2.10 jmespath==0.9.3 josepy==1.1.0 jsonlines==1.2.0 -kombu==4.2.1 +kombu==4.2.2 lockfile==0.12.2 mako==1.0.7 markupsafe==1.1.0 @@ -65,8 +65,8 @@ psycopg2==2.7.6.1 pyasn1-modules==0.2.2 pyasn1==0.4.4 pycparser==2.19 -pygments==2.3.0 # via sphinx -pyjwt==1.6.4 +pygments==2.3.1 # via sphinx +pyjwt==1.7.0 pynacl==1.3.0 pyopenssl==18.0.0 pyparsing==2.3.0 # via packaging @@ -87,7 +87,7 @@ sphinx-rtd-theme==0.4.2 sphinx==1.8.2 sphinxcontrib-httpdomain==1.7.0 sphinxcontrib-websupport==1.1.0 # via sphinx -sqlalchemy-utils==0.33.8 +sqlalchemy-utils==0.33.9 sqlalchemy==1.2.14 tabulate==0.8.2 urllib3==1.24.1 diff --git a/requirements-tests.txt b/requirements-tests.txt index e328b38a..59c626f7 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -8,9 +8,9 @@ asn1crypto==0.24.0 # via cryptography atomicwrites==1.2.1 # via pytest attrs==18.2.0 # via pytest aws-xray-sdk==0.95 # via moto -boto3==1.9.60 # via moto +boto3==1.9.67 # via moto boto==2.49.0 # via moto -botocore==1.12.60 # via boto3, moto, s3transfer +botocore==1.12.67 # via boto3, moto, s3transfer certifi==2018.11.29 # via requests cffi==1.11.5 # via cryptography chardet==3.0.4 # via requests @@ -22,11 +22,11 @@ docker==3.6.0 # via moto docutils==0.14 # via botocore ecdsa==0.13 # via python-jose factory-boy==2.11.1 -faker==1.0.0 +faker==1.0.1 flask==1.0.2 # via pytest-flask freezegun==0.3.11 future==0.17.1 # via python-jose -idna==2.7 # via cryptography, requests +idna==2.8 # via cryptography, requests itsdangerous==1.1.0 # via flask jinja2==2.10 # via flask, moto jmespath==0.9.3 # via boto3, botocore @@ -46,16 +46,16 @@ pycryptodome==3.7.2 # via python-jose pyflakes==2.0.0 pytest-flask==0.14.0 pytest-mock==1.10.0 -pytest==4.0.1 +pytest==4.0.2 python-dateutil==2.7.5 # via botocore, faker, freezegun, moto python-jose==2.0.2 # via moto pytz==2018.7 # via moto pyyaml==3.13 # via pyaml requests-mock==1.5.2 -requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses -responses==0.10.4 # via moto +requests==2.21.0 # via aws-xray-sdk, docker, moto, requests-mock, responses +responses==0.10.5 # via moto s3transfer==0.1.13 # via boto3 -six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client +six==1.12.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client text-unidecode==1.2 # via faker urllib3==1.24.1 # via botocore, requests websocket-client==0.54.0 # via docker diff --git a/requirements.txt b/requirements.txt index fadcfe4b..7ee9a167 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,11 +12,11 @@ aniso8601==4.0.1 # via flask-restful arrow==0.12.1 asn1crypto==0.24.0 # via cryptography asyncpool==1.0 -bcrypt==3.1.4 # via flask-bcrypt, paramiko +bcrypt==3.1.5 # via flask-bcrypt, paramiko billiard==3.5.0.5 # via celery blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.9.60 -botocore==1.12.60 +boto3==1.9.67 +botocore==1.12.67 celery[redis]==4.2.1 certifi==2018.11.29 cffi==1.11.5 # via bcrypt, cryptography, pynacl @@ -33,13 +33,13 @@ flask-cors==3.0.7 flask-mail==0.9.1 flask-migrate==2.3.1 flask-principal==0.4.0 -flask-restful==0.3.6 +flask-restful==0.3.7 flask-script==2.0.6 flask-sqlalchemy==2.3.2 flask==1.0.2 future==0.17.1 gunicorn==19.9.0 -idna==2.7 # via cryptography, requests +idna==2.8 # via cryptography, requests inflection==0.3.1 itsdangerous==1.1.0 # via flask jinja2==2.10 @@ -61,7 +61,7 @@ psycopg2==2.7.6.1 pyasn1-modules==0.2.2 # via python-ldap pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap pycparser==2.19 # via cffi -pyjwt==1.7.0 +pyjwt==1.7.1 pynacl==1.3.0 # via paramiko pyopenssl==18.0.0 pyrfc3339==1.1 # via acme @@ -73,12 +73,12 @@ pyyaml==3.13 # via cloudflare raven[flask]==6.9.0 redis==2.10.6 requests-toolbelt==0.8.0 # via acme -requests[security]==2.20.1 +requests[security]==2.21.0 retrying==1.3.3 s3transfer==0.1.13 # via boto3 -six==1.11.0 +six==1.12.0 sqlalchemy-utils==0.33.9 -sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils +sqlalchemy==1.2.15 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils tabulate==0.8.2 urllib3==1.24.1 # via botocore, requests vine==1.1.4 # via amqp