Fixing up some of the sync related code

This commit is contained in:
kevgliss 2015-08-03 13:51:27 -07:00
parent 0360ccc666
commit 7d169f7c4c
10 changed files with 66 additions and 42 deletions

View File

@ -279,4 +279,4 @@ class Certificate(db.Model):
@event.listens_for(Certificate.destinations, 'append')
def update_destinations(target, value, initiator):
destination_plugin = plugins.get(value.plugin_name)
destination_plugin.upload(target.body, target.private_key, target.chain, value.options)
destination_plugin.upload(target.name, target.body, target.private_key, target.chain, value.options)

View File

@ -135,10 +135,10 @@ def import_certificate(**kwargs):
"""
from lemur.users import service as user_service
from lemur.notifications import service as notification_service
cert = Certificate(kwargs['public_certificate'])
cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate'])
# TODO future source plugins might have a better understanding of who the 'owner' is we should support this
cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL'))
cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0])
cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody'))
# NOTE existing certs may not follow our naming standard we will

View File

@ -180,6 +180,7 @@ def sync_sources(labels, view):
information it discovers.
"""
if view:
sys.stdout.write("Active", "Label", "Description")
for source in source_service.get_all():
sys.stdout.write(
"[{active}]\t{label}\t{description}!\n".format(

View File

@ -24,6 +24,12 @@ from lemur.certificates import service as cert_service
from lemur.plugins.base import plugins
def get_options(name, options):
for o in options:
if o.get('name') == name:
return o
def _get_message_data(cert):
"""
Parse our the certification information needed for our notification
@ -45,9 +51,7 @@ def _deduplicate(messages):
"""
roll_ups = []
for data, options in messages:
targets = []
for o in options:
if o.get('name') == 'recipients':
o = get_options('recipients', options)
targets = o['value'].split(',')
for m, r, o in roll_ups:
@ -148,8 +152,8 @@ def _is_eligible_for_notifications(cert):
days = (cert.not_after - now.naive).days
for notification in cert.notifications:
interval = notification.options['interval']
unit = notification.options['unit']
interval = get_options('interval', notification.options)['value']
unit = get_options('unit', notification.options)['value']
if unit == 'weeks':
interval *= 7

View File

@ -19,17 +19,17 @@ def get_name_from_arn(arn):
return arn.split("/", 1)[1]
def upload_cert(account_number, cert, private_key, cert_chain=None):
def upload_cert(account_number, name, body, private_key, cert_chain=None):
"""
Upload a certificate to AWS
:param account_number:
:param cert:
:param name:
:param private_key:
:param cert_chain:
:return:
"""
return assume_service(account_number, 'iam').upload_server_cert(cert.name, str(cert.body), str(private_key),
return assume_service(account_number, 'iam').upload_server_cert(name, str(body), str(private_key),
cert_chain=str(cert_chain))
@ -57,7 +57,7 @@ def get_all_server_certs(account_number):
result = response['list_server_certificates_response']['list_server_certificates_result']
for cert in result['server_certificate_metadata_list']:
certs.append(cert)
certs.append(cert['arn'])
if result['is_truncated'] == 'true':
marker = result['marker']
@ -72,7 +72,7 @@ def get_cert_from_arn(arn):
:param arn:
:return:
"""
name = arn.split("/", 1)[1]
name = get_name_from_arn(arn)
account_number = arn.split(":")[4]
name = name.split("/")[-1]

View File

@ -13,7 +13,7 @@ from lemur.plugins import lemur_aws as aws
def find_value(name, options):
for o in options:
if o.get(name):
if o['name'] == name:
return o['value']
@ -41,8 +41,8 @@ class AWSDestinationPlugin(DestinationPlugin):
# 'port': {'type': 'int'}
# }
def upload(self, cert, private_key, cert_chain, options, **kwargs):
iam.upload_cert(find_value('accountNumber', options), cert, private_key, cert_chain=cert_chain)
def upload(self, name, body, private_key, cert_chain, options, **kwargs):
iam.upload_cert(find_value('accountNumber', options), name, body, private_key, cert_chain=cert_chain)
e = find_value('elb', options)
if e:
@ -68,14 +68,15 @@ class AWSSourcePlugin(SourcePlugin):
},
]
def get_certificates(self, **kwargs):
def get_certificates(self, options, **kwargs):
certs = []
arns = elb.get_all_server_certs(kwargs['account_number'])
arns = iam.get_all_server_certs(find_value('accountNumber', options))
for arn in arns:
cert_body = iam.get_cert_from_arn(arn)
cert_body, cert_chain = iam.get_cert_from_arn(arn)
cert_name = iam.get_name_from_arn(arn)
cert = dict(
public_certificate=cert_body,
intermediate_certificate=cert_chain,
name=cert_name
)
certs.append(cert)

View File

@ -11,6 +11,7 @@ from lemur import database
from lemur.sources.models import Source
from lemur.certificates.models import Certificate
from lemur.certificates import service as cert_service
from lemur.destinations import service as destination_service
from lemur.plugins.base import plugins
@ -19,7 +20,7 @@ def _disassociate_certs_from_source(current_certificates, found_certificates, so
missing = []
for cc in current_certificates:
for fc in found_certificates:
if fc.body == cc.body:
if fc['public_certificate'] == cc.body:
break
else:
missing.append(cc)
@ -36,6 +37,34 @@ def _disassociate_certs_from_source(current_certificates, found_certificates, so
c.sources.delete(s)
def sync_create(certificate, source):
cert = cert_service.import_certificate(**certificate)
cert.sources.append(source)
sync_update_destination(cert, source)
database.update(cert)
def sync_update(certificate, source):
for s in certificate.sources:
if s.label == source.label:
break
else:
certificate.sources.append(source)
sync_update_destination(certificate, source)
database.update(certificate)
def sync_update_destination(certificate, source):
dest = destination_service.get_by_label(source.label)
if dest:
for d in certificate.destinations:
if d.label == source.label:
break
else:
certificate.destinations.append(dest)
def sync(labels=None):
new, updated = 0, 0
c_certificates = cert_service.get_all_certs()
@ -46,30 +75,21 @@ def sync(labels=None):
if source.label not in labels:
continue
current_app.logger.error("Retrieving certificates from {0}".format(source.title))
current_app.logger.error("Retrieving certificates from {0}".format(source.label))
s = plugins.get(source.plugin_name)
certificates = s.get_certificates(source.options)
for certificate in certificates:
exists = cert_service.find_duplicates(certificate)
exists = cert_service.find_duplicates(certificate['public_certificate'])
if not exists:
cert = cert_service.import_certificate(**certificate)
cert.sources.append(source)
database.update(cert)
sync_create(certificate, source)
new += 1
# check to make sure that existing certificates have the current source associated with it
if len(exists) == 1:
for s in cert.sources:
if s.label == source.label:
break
else:
cert.sources.append(source)
elif len(exists) == 1:
sync_update(exists[0], source)
updated += 1
else:
current_app.logger.warning(
"Multiple certificates found, attempt to deduplicate the following certificates: {0}".format(

View File

@ -9,8 +9,6 @@ angular.module('lemur')
})
.controller('DashboardController', function ($scope, $rootScope, $filter, $location, LemurRestangular) {
var baseAccounts = LemurRestangular.all('accounts');
$scope.colours = [
{
fillColor: 'rgba(41, 171, 224, 0.2)',

View File

@ -38,7 +38,7 @@ angular.module('lemur')
if (plugin.slug === $scope.notification.pluginName) {
plugin.pluginOptions = $scope.notification.notificationOptions;
$scope.notification.plugin = plugin;
};
}
});
});

View File

@ -43,7 +43,7 @@ install_requires = [
'pyopenssl==0.15.1',
'pyjwt==1.0.1',
'xmltodict==0.9.2',
'lockfile=0.10.2'
'lockfile==0.10.2'
]
tests_require = [
@ -136,10 +136,10 @@ setup(
'lemur.plugins': [
'verisign_issuer = lemur.plugins.lemur_verisign.plugin:VerisignIssuerPlugin',
'cloudca_issuer = lemur.plugins.lemur_cloudca.plugin:CloudCAIssuerPlugin',
'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin'
'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin',
'aws_destination = lemur.plugins.lemur_aws.plugin:AWSDestinationPlugin',
'aws_source = lemur.plugins.lemur_aws.plugin:AWSSourcePlugin'
'email_notification = lemur.plugins.lemur_email.plugin:EmailNotificationPlugin'
'aws_source = lemur.plugins.lemur_aws.plugin:AWSSourcePlugin',
'email_notification = lemur.plugins.lemur_email.plugin:EmailNotificationPlugin',
],
},
classifiers=[