From 968dd52f6f1ddd017b048c7769780a94039b0810 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Thu, 8 Dec 2016 15:52:27 -0800
Subject: [PATCH] Fixes (#576)

* Fixing email notification

* Adding endpoint expiration

* Fixing endpoint type for ELBs

* Allowing verisign to include additional SANs
---
 lemur/certificates/cli.py              |  2 --
 lemur/endpoints/cli.py                 | 35 ++++++++++++++++++++++++++
 lemur/manage.py                        |  2 ++
 lemur/plugins/lemur_aws/plugin.py      |  2 +-
 lemur/plugins/lemur_email/plugin.py    |  4 +--
 lemur/plugins/lemur_verisign/plugin.py |  4 +++
 6 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 lemur/endpoints/cli.py

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index 8d0e299b..312f9452 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -121,8 +121,6 @@ def rotate(new_certificate_name=False, old_certificate_name=False, message=False
 
 @manager.command
 def reissue(old_certificate_name, commit=False):
-    from lemur.certificates.service import get_by_name, reissue_certificate, get_certificate_primitives
-
     old_cert = get_by_name(old_certificate_name)
 
     if not old_cert:
diff --git a/lemur/endpoints/cli.py b/lemur/endpoints/cli.py
new file mode 100644
index 00000000..202f2b4b
--- /dev/null
+++ b/lemur/endpoints/cli.py
@@ -0,0 +1,35 @@
+"""
+.. module: lemur.certificate.cli
+    :platform: Unix
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from flask_script import Manager
+
+import arrow
+from datetime import timedelta
+
+from sqlalchemy import cast
+from sqlalchemy_utils import ArrowType
+
+from lemur import database
+from lemur.extensions import metrics
+from lemur.endpoints.models import Endpoint
+
+
+manager = Manager(usage="Handles all endpoint related tasks.")
+
+
+@manager.option('-ttl', '--time-to-live', type=int, dest='ttl', default=2, help='Time in hours, which endpoint has not been refreshed to remove the endpoint.')
+def expire(ttl):
+    """
+    Removed all endpoints that have not been recently updated.
+    """
+    now = arrow.utcnow()
+    expiration = now - timedelta(hours=ttl)
+    endpoints = database.session_query(Endpoint).filter(cast(Endpoint.last_updated, ArrowType) <= expiration)
+
+    for endpoint in endpoints:
+        database.delete(endpoint)
+        metrics.send('endpoint_expired', 'counter', 1)
diff --git a/lemur/manage.py b/lemur/manage.py
index ac4adf61..5e88296d 100755
--- a/lemur/manage.py
+++ b/lemur/manage.py
@@ -23,6 +23,7 @@ from flask_script.commands import ShowUrls, Clean, Server
 from lemur.sources.cli import manager as source_manager
 from lemur.certificates.cli import manager as certificate_manager
 from lemur.notifications.cli import manager as notification_manager
+from lemur.endpoints.cli import manager as endpoint_manager
 
 from lemur import database
 from lemur.users import service as user_service
@@ -630,6 +631,7 @@ def main():
     manager.add_command("source", source_manager)
     manager.add_command("certificate", certificate_manager)
     manager.add_command("notify", notification_manager)
+    manager.add_command("endpoint", endpoint_manager)
     manager.add_command("report", Report())
     manager.run()
 
diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py
index 5e9605a8..2b7a6111 100644
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@@ -147,7 +147,7 @@ class AWSSourcePlugin(SourcePlugin):
                     endpoint = dict(
                         name=e['LoadBalancerName'],
                         dnsname=e['DNSName'],
-                        type='e',
+                        type='elb',
                         port=listener['Listener']['LoadBalancerPort'],
                         certificate_name=iam.get_name_from_arn(listener['Listener']['SSLCertificateId'])
                     )
diff --git a/lemur/plugins/lemur_email/plugin.py b/lemur/plugins/lemur_email/plugin.py
index c98cd2a2..92e0efba 100644
--- a/lemur/plugins/lemur_email/plugin.py
+++ b/lemur/plugins/lemur_email/plugin.py
@@ -31,7 +31,7 @@ def render_html(template_name, message):
     return template.render(dict(messages=message, hostname=current_app.config.get('LEMUR_HOSTNAME')))
 
 
-def send_via_ses(subject, body, targets):
+def send_via_smtp(subject, body, targets):
     """
     Attempts to deliver email notification via SES service.
 
@@ -46,7 +46,7 @@ def send_via_ses(subject, body, targets):
     smtp_mail.send(msg)
 
 
-def send_via_smtp(subject, body, targets):
+def send_via_ses(subject, body, targets):
     """
     Attempts to deliver email notification via SMTP.
     :param subject:
diff --git a/lemur/plugins/lemur_verisign/plugin.py b/lemur/plugins/lemur_verisign/plugin.py
index a6c07b84..48cd48ee 100644
--- a/lemur/plugins/lemur_verisign/plugin.py
+++ b/lemur/plugins/lemur_verisign/plugin.py
@@ -94,6 +94,10 @@ def process_options(options):
         'email': current_app.config.get("VERISIGN_EMAIL")
     }
 
+    if options.get('extensions'):
+        if options['extensions'].get('sub_alt_names'):
+            data['subject_alt_names'] = ",".join(x['value'] for x in options['extensions']['sub_alt_names']['names'])
+
     if options.get('validity_end'):
         period = get_default_issuance(options)
         data['specificEndDate'] = options['validity_end'].format("MM/DD/YYYY")