Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixing up some of the sync related code

This commit is contained in:
kevgliss 2015-08-03 13:51:27 -07:00
parent 0360ccc666
commit 7d169f7c4c
10 changed files with 66 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemur/certificates/models.py
View File

@ -279,4 +279,4 @@ class Certificate(db.Model):
@event.listens_for(Certificate.destinations, 'append') @event.listens_for(Certificate.destinations, 'append')
def update_destinations(target, value, initiator): def update_destinations(target, value, initiator):
destination_plugin = plugins.get(value.plugin_name) destination_plugin = plugins.get(value.plugin_name)
destination_plugin.upload(target.body, target.private_key, target.chain, value.options) destination_plugin.upload(target.name, target.body, target.private_key, target.chain, value.options)

4
lemur/certificates/service.py
View File

@ -135,10 +135,10 @@ def import_certificate(**kwargs):
""" """
from lemur.users import service as user_service from lemur.users import service as user_service
from lemur.notifications import service as notification_service from lemur.notifications import service as notification_service
cert = Certificate(kwargs['public_certificate']) cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate'])
# TODO future source plugins might have a better understanding of who the 'owner' is we should support this # TODO future source plugins might have a better understanding of who the 'owner' is we should support this
cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0])
cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody')) cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody'))
# NOTE existing certs may not follow our naming standard we will # NOTE existing certs may not follow our naming standard we will

1
lemur/manage.py
View File

@ -180,6 +180,7 @@ def sync_sources(labels, view):
information it discovers. information it discovers.
""" """
if view: if view:
sys.stdout.write("Active", "Label", "Description")
for source in source_service.get_all(): for source in source_service.get_all():
sys.stdout.write( sys.stdout.write(
"[{active}]\t{label}\t{description}!\n".format( "[{active}]\t{label}\t{description}!\n".format(

16
lemur/notifications/service.py
View File

@ -24,6 +24,12 @@ from lemur.certificates import service as cert_service
from lemur.plugins.base import plugins from lemur.plugins.base import plugins
def get_options(name, options):
for o in options:
if o.get('name') == name:
return o
def _get_message_data(cert): def _get_message_data(cert):
""" """
Parse our the certification information needed for our notification Parse our the certification information needed for our notification
@ -45,10 +51,8 @@ def _deduplicate(messages):
""" """
roll_ups = [] roll_ups = []
for data, options in messages: for data, options in messages:
targets = [] o = get_options('recipients', options)
for o in options: targets = o['value'].split(',')
if o.get('name') == 'recipients':
targets = o['value'].split(',')
for m, r, o in roll_ups: for m, r, o in roll_ups:
if r == targets: if r == targets:
@ -148,8 +152,8 @@ def _is_eligible_for_notifications(cert):
days = (cert.not_after - now.naive).days days = (cert.not_after - now.naive).days
for notification in cert.notifications: for notification in cert.notifications:
interval = notification.options['interval'] interval = get_options('interval', notification.options)['value']
unit = notification.options['unit'] unit = get_options('unit', notification.options)['value']
if unit == 'weeks': if unit == 'weeks':
interval *= 7 interval *= 7

10
lemur/plugins/lemur_aws/iam.py
View File

@ -19,17 +19,17 @@ def get_name_from_arn(arn):
return arn.split("/", 1)[1] return arn.split("/", 1)[1]
def upload_cert(account_number, cert, private_key, cert_chain=None): def upload_cert(account_number, name, body, private_key, cert_chain=None):
""" """
Upload a certificate to AWS Upload a certificate to AWS
:param account_number: :param account_number:
:param cert: :param name:
:param private_key: :param private_key:
:param cert_chain: :param cert_chain:
:return: :return:
""" """
return assume_service(account_number, 'iam').upload_server_cert(cert.name, str(cert.body), str(private_key), return assume_service(account_number, 'iam').upload_server_cert(name, str(body), str(private_key),
cert_chain=str(cert_chain)) cert_chain=str(cert_chain))
@ -57,7 +57,7 @@ def get_all_server_certs(account_number):
result = response['list_server_certificates_response']['list_server_certificates_result'] result = response['list_server_certificates_response']['list_server_certificates_result']
for cert in result['server_certificate_metadata_list']: for cert in result['server_certificate_metadata_list']:
certs.append(cert) certs.append(cert['arn'])
if result['is_truncated'] == 'true': if result['is_truncated'] == 'true':
marker = result['marker'] marker = result['marker']
@ -72,7 +72,7 @@ def get_cert_from_arn(arn):
:param arn: :param arn:
:return: :return:
""" """
name = arn.split("/", 1)[1] name = get_name_from_arn(arn)
account_number = arn.split(":")[4] account_number = arn.split(":")[4]
name = name.split("/")[-1] name = name.split("/")[-1]

13
lemur/plugins/lemur_aws/plugin.py
View File

@ -13,7 +13,7 @@ from lemur.plugins import lemur_aws as aws
def find_value(name, options): def find_value(name, options):
for o in options: for o in options:
if o.get(name): if o['name'] == name:
return o['value'] return o['value']
@ -41,8 +41,8 @@ class AWSDestinationPlugin(DestinationPlugin):
# 'port': {'type': 'int'} # 'port': {'type': 'int'}
# } # }
def upload(self, cert, private_key, cert_chain, options, **kwargs): def upload(self, name, body, private_key, cert_chain, options, **kwargs):
iam.upload_cert(find_value('accountNumber', options), cert, private_key, cert_chain=cert_chain) iam.upload_cert(find_value('accountNumber', options), name, body, private_key, cert_chain=cert_chain)
e = find_value('elb', options) e = find_value('elb', options)
if e: if e:
@ -68,14 +68,15 @@ class AWSSourcePlugin(SourcePlugin):
}, },
] ]
def get_certificates(self, **kwargs): def get_certificates(self, options, **kwargs):
certs = [] certs = []
arns = elb.get_all_server_certs(kwargs['account_number']) arns = iam.get_all_server_certs(find_value('accountNumber', options))
for arn in arns: for arn in arns:
cert_body = iam.get_cert_from_arn(arn) cert_body, cert_chain = iam.get_cert_from_arn(arn)
cert_name = iam.get_name_from_arn(arn) cert_name = iam.get_name_from_arn(arn)
cert = dict( cert = dict(
public_certificate=cert_body, public_certificate=cert_body,
intermediate_certificate=cert_chain,
name=cert_name name=cert_name
) )
certs.append(cert) certs.append(cert)

50
lemur/sources/service.py
View File

@ -11,6 +11,7 @@ from lemur import database
from lemur.sources.models import Source from lemur.sources.models import Source
from lemur.certificates.models import Certificate from lemur.certificates.models import Certificate
from lemur.certificates import service as cert_service from lemur.certificates import service as cert_service
from lemur.destinations import service as destination_service
from lemur.plugins.base import plugins from lemur.plugins.base import plugins
@ -19,7 +20,7 @@ def _disassociate_certs_from_source(current_certificates, found_certificates, so
missing = [] missing = []
for cc in current_certificates: for cc in current_certificates:
for fc in found_certificates: for fc in found_certificates:
if fc.body == cc.body: if fc['public_certificate'] == cc.body:
break break
else: else:
missing.append(cc) missing.append(cc)
@ -36,6 +37,34 @@ def _disassociate_certs_from_source(current_certificates, found_certificates, so
c.sources.delete(s) c.sources.delete(s)
def sync_create(certificate, source):
cert = cert_service.import_certificate(**certificate)
cert.sources.append(source)
sync_update_destination(cert, source)
database.update(cert)
def sync_update(certificate, source):
for s in certificate.sources:
if s.label == source.label:
break
else:
certificate.sources.append(source)
sync_update_destination(certificate, source)
database.update(certificate)
def sync_update_destination(certificate, source):
dest = destination_service.get_by_label(source.label)
if dest:
for d in certificate.destinations:
if d.label == source.label:
break
else:
certificate.destinations.append(dest)
def sync(labels=None): def sync(labels=None):
new, updated = 0, 0 new, updated = 0, 0
c_certificates = cert_service.get_all_certs() c_certificates = cert_service.get_all_certs()
@ -46,30 +75,21 @@ def sync(labels=None):
if source.label not in labels: if source.label not in labels:
continue continue
current_app.logger.error("Retrieving certificates from {0}".format(source.title)) current_app.logger.error("Retrieving certificates from {0}".format(source.label))
s = plugins.get(source.plugin_name) s = plugins.get(source.plugin_name)
certificates = s.get_certificates(source.options) certificates = s.get_certificates(source.options)
for certificate in certificates: for certificate in certificates:
exists = cert_service.find_duplicates(certificate) exists = cert_service.find_duplicates(certificate['public_certificate'])
if not exists: if not exists:
cert = cert_service.import_certificate(**certificate) sync_create(certificate, source)
cert.sources.append(source)
database.update(cert)
new += 1 new += 1
# check to make sure that existing certificates have the current source associated with it # check to make sure that existing certificates have the current source associated with it
if len(exists) == 1: elif len(exists) == 1:
for s in cert.sources: sync_update(exists[0], source)
if s.label == source.label:
break
else:
cert.sources.append(source)
updated += 1 updated += 1
else: else:
current_app.logger.warning( current_app.logger.warning(
"Multiple certificates found, attempt to deduplicate the following certificates: {0}".format( "Multiple certificates found, attempt to deduplicate the following certificates: {0}".format(

2
lemur/static/app/angular/dashboard/dashboard.js vendored
View File

@ -9,8 +9,6 @@ angular.module('lemur')
}) })
.controller('DashboardController', function ($scope, $rootScope, $filter, $location, LemurRestangular) { .controller('DashboardController', function ($scope, $rootScope, $filter, $location, LemurRestangular) {
var baseAccounts = LemurRestangular.all('accounts');
$scope.colours = [ $scope.colours = [
{ {
fillColor: 'rgba(41, 171, 224, 0.2)', fillColor: 'rgba(41, 171, 224, 0.2)',

2
lemur/static/app/angular/notifications/notification/notification.js vendored
View File

@ -38,7 +38,7 @@ angular.module('lemur')
if (plugin.slug === $scope.notification.pluginName) { if (plugin.slug === $scope.notification.pluginName) {
plugin.pluginOptions = $scope.notification.notificationOptions; plugin.pluginOptions = $scope.notification.notificationOptions;
$scope.notification.plugin = plugin; $scope.notification.plugin = plugin;
}; }
}); });
}); });

8
setup.py
View File

@ -43,7 +43,7 @@ install_requires = [
'pyopenssl==0.15.1', 'pyopenssl==0.15.1',
'pyjwt==1.0.1', 'pyjwt==1.0.1',
'xmltodict==0.9.2', 'xmltodict==0.9.2',
'lockfile=0.10.2' 'lockfile==0.10.2'
] ]
tests_require = [ tests_require = [
@ -136,10 +136,10 @@ setup(
'lemur.plugins': [ 'lemur.plugins': [
'verisign_issuer = lemur.plugins.lemur_verisign.plugin:VerisignIssuerPlugin', 'verisign_issuer = lemur.plugins.lemur_verisign.plugin:VerisignIssuerPlugin',
'cloudca_issuer = lemur.plugins.lemur_cloudca.plugin:CloudCAIssuerPlugin', 'cloudca_issuer = lemur.plugins.lemur_cloudca.plugin:CloudCAIssuerPlugin',
'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin' 'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin',
'aws_destination = lemur.plugins.lemur_aws.plugin:AWSDestinationPlugin', 'aws_destination = lemur.plugins.lemur_aws.plugin:AWSDestinationPlugin',
'aws_source = lemur.plugins.lemur_aws.plugin:AWSSourcePlugin' 'aws_source = lemur.plugins.lemur_aws.plugin:AWSSourcePlugin',
'email_notification = lemur.plugins.lemur_email.plugin:EmailNotificationPlugin' 'email_notification = lemur.plugins.lemur_email.plugin:EmailNotificationPlugin',
], ],
}, },
classifiers=[ classifiers=[