Merge branch 'master' into kubernetes-fix
This commit is contained in:
commit
70381c4c89
|
@ -238,17 +238,7 @@ def reissue(old_certificate_name, commit):
|
||||||
|
|
||||||
if not old_cert:
|
if not old_cert:
|
||||||
for certificate in get_all_pending_reissue():
|
for certificate in get_all_pending_reissue():
|
||||||
try:
|
request_reissue(certificate, commit)
|
||||||
request_reissue(certificate, commit)
|
|
||||||
except Exception as e:
|
|
||||||
sentry.captureException()
|
|
||||||
current_app.logger.exception(
|
|
||||||
"Error reissuing certificate: {}".format(certificate.name), exc_info=True)
|
|
||||||
print(
|
|
||||||
"[!] Failed to reissue certificates. Reason: {}".format(
|
|
||||||
e
|
|
||||||
)
|
|
||||||
)
|
|
||||||
else:
|
else:
|
||||||
request_reissue(old_cert, commit)
|
request_reissue(old_cert, commit)
|
||||||
|
|
||||||
|
@ -275,30 +265,31 @@ def query(fqdns, issuer, owner, expired):
|
||||||
table = []
|
table = []
|
||||||
|
|
||||||
q = database.session_query(Certificate)
|
q = database.session_query(Certificate)
|
||||||
|
if issuer:
|
||||||
|
sub_query = database.session_query(Authority.id) \
|
||||||
|
.filter(Authority.name.ilike('%{0}%'.format(issuer))) \
|
||||||
|
.subquery()
|
||||||
|
|
||||||
sub_query = database.session_query(Authority.id) \
|
q = q.filter(
|
||||||
.filter(Authority.name.ilike('%{0}%'.format(issuer))) \
|
or_(
|
||||||
.subquery()
|
Certificate.issuer.ilike('%{0}%'.format(issuer)),
|
||||||
|
Certificate.authority_id.in_(sub_query)
|
||||||
q = q.filter(
|
)
|
||||||
or_(
|
|
||||||
Certificate.issuer.ilike('%{0}%'.format(issuer)),
|
|
||||||
Certificate.authority_id.in_(sub_query)
|
|
||||||
)
|
)
|
||||||
)
|
if owner:
|
||||||
|
q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner)))
|
||||||
q = q.filter(Certificate.owner.ilike('%{0}%'.format(owner)))
|
|
||||||
|
|
||||||
if not expired:
|
if not expired:
|
||||||
q = q.filter(Certificate.expired == False) # noqa
|
q = q.filter(Certificate.expired == False) # noqa
|
||||||
|
|
||||||
for f in fqdns.split(','):
|
if fqdns:
|
||||||
q = q.filter(
|
for f in fqdns.split(','):
|
||||||
or_(
|
q = q.filter(
|
||||||
Certificate.cn.ilike('%{0}%'.format(f)),
|
or_(
|
||||||
Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f)))
|
Certificate.cn.ilike('%{0}%'.format(f)),
|
||||||
|
Certificate.domains.any(Domain.name.ilike('%{0}%'.format(f)))
|
||||||
|
)
|
||||||
)
|
)
|
||||||
)
|
|
||||||
|
|
||||||
for c in q.all():
|
for c in q.all():
|
||||||
table.append([c.id, c.name, c.owner, c.issuer])
|
table.append([c.id, c.name, c.owner, c.issuer])
|
||||||
|
@ -373,10 +364,7 @@ def check_revoked():
|
||||||
else:
|
else:
|
||||||
status = verify_string(cert.body, "")
|
status = verify_string(cert.body, "")
|
||||||
|
|
||||||
if status is None:
|
cert.status = 'valid' if status else 'revoked'
|
||||||
cert.status = 'unknown'
|
|
||||||
else:
|
|
||||||
cert.status = 'valid' if status else 'revoked'
|
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
sentry.captureException()
|
sentry.captureException()
|
||||||
|
|
|
@ -350,6 +350,7 @@ class SubjectAlternativeNameExtension(Field):
|
||||||
value = value.dotted_string
|
value = value.dotted_string
|
||||||
else:
|
else:
|
||||||
current_app.logger.warning('Unknown SubAltName type: {name}'.format(name=name))
|
current_app.logger.warning('Unknown SubAltName type: {name}'.format(name=name))
|
||||||
|
continue
|
||||||
|
|
||||||
general_names.append({'nameType': name_type, 'value': value})
|
general_names.append({'nameType': name_type, 'value': value})
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,14 @@ COLUMNS = ["notification_id", "certificate_id"]
|
||||||
|
|
||||||
|
|
||||||
def upgrade():
|
def upgrade():
|
||||||
|
connection = op.get_bind()
|
||||||
|
# Delete duplicate entries
|
||||||
|
connection.execute("""\
|
||||||
|
DELETE FROM certificate_notification_associations WHERE ctid NOT IN (
|
||||||
|
-- Select the first tuple ID for each (notification_id, certificate_id) combination and keep that
|
||||||
|
SELECT min(ctid) FROM certificate_notification_associations GROUP BY notification_id, certificate_id
|
||||||
|
)
|
||||||
|
""")
|
||||||
op.create_unique_constraint(CONSTRAINT_NAME, TABLE, COLUMNS)
|
op.create_unique_constraint(CONSTRAINT_NAME, TABLE, COLUMNS)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -13,9 +13,8 @@ chardet==3.0.4 # via requests
|
||||||
docutils==0.14 # via readme-renderer
|
docutils==0.14 # via readme-renderer
|
||||||
flake8==3.5.0
|
flake8==3.5.0
|
||||||
identify==1.1.7 # via pre-commit
|
identify==1.1.7 # via pre-commit
|
||||||
idna==2.7 # via requests
|
idna==2.8 # via requests
|
||||||
importlib-metadata==0.7 # via pre-commit
|
importlib-metadata==0.7 # via pre-commit
|
||||||
importlib-resources==1.0.2 # via pre-commit
|
|
||||||
invoke==1.2.0
|
invoke==1.2.0
|
||||||
mccabe==0.6.1 # via flake8
|
mccabe==0.6.1 # via flake8
|
||||||
nodeenv==1.3.3
|
nodeenv==1.3.3
|
||||||
|
@ -23,12 +22,12 @@ pkginfo==1.4.2 # via twine
|
||||||
pre-commit==1.12.0
|
pre-commit==1.12.0
|
||||||
pycodestyle==2.3.1 # via flake8
|
pycodestyle==2.3.1 # via flake8
|
||||||
pyflakes==1.6.0 # via flake8
|
pyflakes==1.6.0 # via flake8
|
||||||
pygments==2.3.0 # via readme-renderer
|
pygments==2.3.1 # via readme-renderer
|
||||||
pyyaml==3.13 # via aspy.yaml, pre-commit
|
pyyaml==3.13 # via aspy.yaml, pre-commit
|
||||||
readme-renderer==24.0 # via twine
|
readme-renderer==24.0 # via twine
|
||||||
requests-toolbelt==0.8.0 # via twine
|
requests-toolbelt==0.8.0 # via twine
|
||||||
requests==2.20.1 # via requests-toolbelt, twine
|
requests==2.21.0 # via requests-toolbelt, twine
|
||||||
six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer
|
six==1.12.0 # via bleach, cfgv, pre-commit, readme-renderer
|
||||||
toml==0.10.0 # via pre-commit
|
toml==0.10.0 # via pre-commit
|
||||||
tqdm==4.28.1 # via twine
|
tqdm==4.28.1 # via twine
|
||||||
twine==1.12.1
|
twine==1.12.1
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
#
|
#
|
||||||
# pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in
|
# pip-compile --no-index --output-file requirements-docs.txt requirements-docs.in
|
||||||
#
|
#
|
||||||
acme==0.28.0
|
acme==0.29.1
|
||||||
alabaster==0.7.12 # via sphinx
|
alabaster==0.7.12 # via sphinx
|
||||||
alembic-autogenerate-enums==0.0.2
|
alembic-autogenerate-enums==0.0.2
|
||||||
alembic==1.0.5
|
alembic==1.0.5
|
||||||
|
@ -15,12 +15,12 @@ asn1crypto==0.24.0
|
||||||
asyncpool==1.0
|
asyncpool==1.0
|
||||||
babel==2.6.0 # via sphinx
|
babel==2.6.0 # via sphinx
|
||||||
bcrypt==3.1.4
|
bcrypt==3.1.4
|
||||||
billiard==3.5.0.4
|
billiard==3.5.0.5
|
||||||
blinker==1.4
|
blinker==1.4
|
||||||
boto3==1.9.53
|
boto3==1.9.60
|
||||||
botocore==1.12.53
|
botocore==1.12.60
|
||||||
celery[redis]==4.2.1
|
celery[redis]==4.2.1
|
||||||
certifi==2018.10.15
|
certifi==2018.11.29
|
||||||
cffi==1.11.5
|
cffi==1.11.5
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
click==7.0
|
click==7.0
|
||||||
|
@ -49,7 +49,7 @@ jinja2==2.10
|
||||||
jmespath==0.9.3
|
jmespath==0.9.3
|
||||||
josepy==1.1.0
|
josepy==1.1.0
|
||||||
jsonlines==1.2.0
|
jsonlines==1.2.0
|
||||||
kombu==4.2.1
|
kombu==4.2.2
|
||||||
lockfile==0.12.2
|
lockfile==0.12.2
|
||||||
mako==1.0.7
|
mako==1.0.7
|
||||||
markupsafe==1.1.0
|
markupsafe==1.1.0
|
||||||
|
@ -65,8 +65,8 @@ psycopg2==2.7.6.1
|
||||||
pyasn1-modules==0.2.2
|
pyasn1-modules==0.2.2
|
||||||
pyasn1==0.4.4
|
pyasn1==0.4.4
|
||||||
pycparser==2.19
|
pycparser==2.19
|
||||||
pygments==2.3.0 # via sphinx
|
pygments==2.3.1 # via sphinx
|
||||||
pyjwt==1.6.4
|
pyjwt==1.7.0
|
||||||
pynacl==1.3.0
|
pynacl==1.3.0
|
||||||
pyopenssl==18.0.0
|
pyopenssl==18.0.0
|
||||||
pyparsing==2.3.0 # via packaging
|
pyparsing==2.3.0 # via packaging
|
||||||
|
@ -87,7 +87,7 @@ sphinx-rtd-theme==0.4.2
|
||||||
sphinx==1.8.2
|
sphinx==1.8.2
|
||||||
sphinxcontrib-httpdomain==1.7.0
|
sphinxcontrib-httpdomain==1.7.0
|
||||||
sphinxcontrib-websupport==1.1.0 # via sphinx
|
sphinxcontrib-websupport==1.1.0 # via sphinx
|
||||||
sqlalchemy-utils==0.33.8
|
sqlalchemy-utils==0.33.9
|
||||||
sqlalchemy==1.2.14
|
sqlalchemy==1.2.14
|
||||||
tabulate==0.8.2
|
tabulate==0.8.2
|
||||||
urllib3==1.24.1
|
urllib3==1.24.1
|
||||||
|
|
|
@ -8,9 +8,9 @@ asn1crypto==0.24.0 # via cryptography
|
||||||
atomicwrites==1.2.1 # via pytest
|
atomicwrites==1.2.1 # via pytest
|
||||||
attrs==18.2.0 # via pytest
|
attrs==18.2.0 # via pytest
|
||||||
aws-xray-sdk==0.95 # via moto
|
aws-xray-sdk==0.95 # via moto
|
||||||
boto3==1.9.60 # via moto
|
boto3==1.9.67 # via moto
|
||||||
boto==2.49.0 # via moto
|
boto==2.49.0 # via moto
|
||||||
botocore==1.12.60 # via boto3, moto, s3transfer
|
botocore==1.12.67 # via boto3, moto, s3transfer
|
||||||
certifi==2018.11.29 # via requests
|
certifi==2018.11.29 # via requests
|
||||||
cffi==1.11.5 # via cryptography
|
cffi==1.11.5 # via cryptography
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
|
@ -22,11 +22,11 @@ docker==3.6.0 # via moto
|
||||||
docutils==0.14 # via botocore
|
docutils==0.14 # via botocore
|
||||||
ecdsa==0.13 # via python-jose
|
ecdsa==0.13 # via python-jose
|
||||||
factory-boy==2.11.1
|
factory-boy==2.11.1
|
||||||
faker==1.0.0
|
faker==1.0.1
|
||||||
flask==1.0.2 # via pytest-flask
|
flask==1.0.2 # via pytest-flask
|
||||||
freezegun==0.3.11
|
freezegun==0.3.11
|
||||||
future==0.17.1 # via python-jose
|
future==0.17.1 # via python-jose
|
||||||
idna==2.7 # via cryptography, requests
|
idna==2.8 # via cryptography, requests
|
||||||
itsdangerous==1.1.0 # via flask
|
itsdangerous==1.1.0 # via flask
|
||||||
jinja2==2.10 # via flask, moto
|
jinja2==2.10 # via flask, moto
|
||||||
jmespath==0.9.3 # via boto3, botocore
|
jmespath==0.9.3 # via boto3, botocore
|
||||||
|
@ -46,16 +46,16 @@ pycryptodome==3.7.2 # via python-jose
|
||||||
pyflakes==2.0.0
|
pyflakes==2.0.0
|
||||||
pytest-flask==0.14.0
|
pytest-flask==0.14.0
|
||||||
pytest-mock==1.10.0
|
pytest-mock==1.10.0
|
||||||
pytest==4.0.1
|
pytest==4.0.2
|
||||||
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
|
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
|
||||||
python-jose==2.0.2 # via moto
|
python-jose==2.0.2 # via moto
|
||||||
pytz==2018.7 # via moto
|
pytz==2018.7 # via moto
|
||||||
pyyaml==3.13 # via pyaml
|
pyyaml==3.13 # via pyaml
|
||||||
requests-mock==1.5.2
|
requests-mock==1.5.2
|
||||||
requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses
|
requests==2.21.0 # via aws-xray-sdk, docker, moto, requests-mock, responses
|
||||||
responses==0.10.4 # via moto
|
responses==0.10.5 # via moto
|
||||||
s3transfer==0.1.13 # via boto3
|
s3transfer==0.1.13 # via boto3
|
||||||
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
six==1.12.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
||||||
text-unidecode==1.2 # via faker
|
text-unidecode==1.2 # via faker
|
||||||
urllib3==1.24.1 # via botocore, requests
|
urllib3==1.24.1 # via botocore, requests
|
||||||
websocket-client==0.54.0 # via docker
|
websocket-client==0.54.0 # via docker
|
||||||
|
|
|
@ -12,11 +12,11 @@ aniso8601==4.0.1 # via flask-restful
|
||||||
arrow==0.12.1
|
arrow==0.12.1
|
||||||
asn1crypto==0.24.0 # via cryptography
|
asn1crypto==0.24.0 # via cryptography
|
||||||
asyncpool==1.0
|
asyncpool==1.0
|
||||||
bcrypt==3.1.4 # via flask-bcrypt, paramiko
|
bcrypt==3.1.5 # via flask-bcrypt, paramiko
|
||||||
billiard==3.5.0.5 # via celery
|
billiard==3.5.0.5 # via celery
|
||||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||||
boto3==1.9.60
|
boto3==1.9.67
|
||||||
botocore==1.12.60
|
botocore==1.12.67
|
||||||
celery[redis]==4.2.1
|
celery[redis]==4.2.1
|
||||||
certifi==2018.11.29
|
certifi==2018.11.29
|
||||||
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
||||||
|
@ -33,13 +33,13 @@ flask-cors==3.0.7
|
||||||
flask-mail==0.9.1
|
flask-mail==0.9.1
|
||||||
flask-migrate==2.3.1
|
flask-migrate==2.3.1
|
||||||
flask-principal==0.4.0
|
flask-principal==0.4.0
|
||||||
flask-restful==0.3.6
|
flask-restful==0.3.7
|
||||||
flask-script==2.0.6
|
flask-script==2.0.6
|
||||||
flask-sqlalchemy==2.3.2
|
flask-sqlalchemy==2.3.2
|
||||||
flask==1.0.2
|
flask==1.0.2
|
||||||
future==0.17.1
|
future==0.17.1
|
||||||
gunicorn==19.9.0
|
gunicorn==19.9.0
|
||||||
idna==2.7 # via cryptography, requests
|
idna==2.8 # via cryptography, requests
|
||||||
inflection==0.3.1
|
inflection==0.3.1
|
||||||
itsdangerous==1.1.0 # via flask
|
itsdangerous==1.1.0 # via flask
|
||||||
jinja2==2.10
|
jinja2==2.10
|
||||||
|
@ -61,7 +61,7 @@ psycopg2==2.7.6.1
|
||||||
pyasn1-modules==0.2.2 # via python-ldap
|
pyasn1-modules==0.2.2 # via python-ldap
|
||||||
pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
|
pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
|
||||||
pycparser==2.19 # via cffi
|
pycparser==2.19 # via cffi
|
||||||
pyjwt==1.7.0
|
pyjwt==1.7.1
|
||||||
pynacl==1.3.0 # via paramiko
|
pynacl==1.3.0 # via paramiko
|
||||||
pyopenssl==18.0.0
|
pyopenssl==18.0.0
|
||||||
pyrfc3339==1.1 # via acme
|
pyrfc3339==1.1 # via acme
|
||||||
|
@ -73,12 +73,12 @@ pyyaml==3.13 # via cloudflare
|
||||||
raven[flask]==6.9.0
|
raven[flask]==6.9.0
|
||||||
redis==2.10.6
|
redis==2.10.6
|
||||||
requests-toolbelt==0.8.0 # via acme
|
requests-toolbelt==0.8.0 # via acme
|
||||||
requests[security]==2.20.1
|
requests[security]==2.21.0
|
||||||
retrying==1.3.3
|
retrying==1.3.3
|
||||||
s3transfer==0.1.13 # via boto3
|
s3transfer==0.1.13 # via boto3
|
||||||
six==1.11.0
|
six==1.12.0
|
||||||
sqlalchemy-utils==0.33.9
|
sqlalchemy-utils==0.33.9
|
||||||
sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
|
sqlalchemy==1.2.15 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
|
||||||
tabulate==0.8.2
|
tabulate==0.8.2
|
||||||
urllib3==1.24.1 # via botocore, requests
|
urllib3==1.24.1 # via botocore, requests
|
||||||
vine==1.1.4 # via amqp
|
vine==1.1.4 # via amqp
|
||||||
|
|
Loading…
Reference in New Issue