Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Various minor cleanups and fixes (#938) 

* Documentation fixes

* Various docstring and help string fixes

* Minor code cleanups

* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
This commit is contained in:
Marti Raudsepp 2017-09-26 01:33:42 +03:00 committed by kevgliss
parent ec5dec4a16
commit 97d83890e0
21 changed files with 48 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -13,6 +13,7 @@
MANIFEST
test.conf
pip-log.txt
package-lock.json
/htmlcov
/cover
/build
@ -27,5 +28,4 @@ pip-log.txt
docs/_build
.editorconfig
.idea
test.conf
lemur/tests/tmp
lemur/tests/tmp

10
CHANGELOG.rst
View File

@ -93,7 +93,7 @@ Issuer Plugin Owners
--------------------
This release may break your plugins, the keys in `issuer_options` have been changed from `camelCase` to `under_score`.
This change was made to break a undue reliance on downstream options maintains a more pythonic naming convention. Renaming
This change was made to break an undue reliance on downstream options maintains a more pythonic naming convention. Renaming
these keys should be fairly trivial, additionally pull requests have been submitted to affected plugins to help ease the transition.
.. note:: This change only affects issuer plugins and does not affect any other types of plugins.
@ -103,10 +103,10 @@ these keys should be fairly trivial, additionally pull requests have been submit
stricter input validation and better error messages when validation fails.
* Closed `#146 <https://github.com/Netflix/lemur/issues/146>`_ - Moved authority type to first pane of authority creation wizard.
* Closed `#147 <https://github.com/Netflix/lemur/issues/147>`_ - Added and refactored the relationship between authorities and their
root certificates. Displays the certificates (and chains) next the the authority in question.
root certificates. Displays the certificates (and chains) next to the authority in question.
* Closed `#199 <https://github.com/Netflix/lemur/issues/199>`_ - Ensures that the dates submitted to Lemur during authority and
certificate creation are actually dates.
* Closed `#230 <https://github.com/Netflix/lemur/issues/230>`_ - Migrated authority dropdown to a ui-select based dropdown, this
* Closed `#230 <https://github.com/Netflix/lemur/issues/230>`_ - Migrated authority dropdown to an ui-select based dropdown, this
should be easier to determine what authorities are available and when an authority has actually been selected.
* Closed `#254 <https://github.com/Netflix/lemur/issues/254>`_ - Forces certificate names to be generally unique. If a certificate name
(generated or otherwise) is found to be a duplicate we increment by appending a counter.
@ -168,6 +168,6 @@ these keys should be fairly trivial, additionally pull requests have been submit
0.1.5 - 2015-10-26
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Switched from use a AES static key to Fernet encryption.
* **SECURITY ISSUE**: Switched from use an AES static key to Fernet encryption.
Affects all versions prior to 0.1.5. If upgrading this will require a data migration.
see: `Upgrading Lemur <https://lemur.readthedocs.com/adminstration#UpgradingLemur>`_
see: `Upgrading Lemur <https://lemur.readthedocs.io/administration#UpgradingLemur>`_

6
README.rst
View File

@ -5,8 +5,8 @@ Lemur
:alt: Join the chat at https://gitter.im/Netflix/lemur
:target: https://gitter.im/Netflix/lemur?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
.. image:: https://readthedocs.org/projects/lemur/badge/?version=latest
:target: https://lemur.readthedocs.org
.. image:: https://readthedocs.io/projects/lemur/badge/?version=latest
:target: https://lemur.readthedocs.io
:alt: Latest Docs
.. image:: https://img.shields.io/badge/NetflixOSS-active-brightgreen.svg
@ -25,7 +25,7 @@ Project resources
=================
- `Lemur Blog Post <http://techblog.netflix.com/2015/09/introducing-lemur.html>`_
- `Documentation <http://lemur.readthedocs.org/>`_
- `Documentation <http://lemur.readthedocs.io/>`_
- `Source code <https://github.com/netflix/lemur>`_
- `Issue tracker <https://github.com/netflix/lemur/issues>`_
- `Docker <https://github.com/Netflix/lemur-docker>`_

6
docs/administration.rst
View File

@ -28,14 +28,14 @@ Basic Configuration
LOG_FILE = "/logs/lemur/lemur-test.log"
.. data:: debug
.. data:: DEBUG
:noindex:
Sets the flask debug flag to true (if supported by the webserver)
::
debug = False
DEBUG = False
.. warning::
This should never be used in a production environment as it exposes Lemur to
@ -959,7 +959,7 @@ After you have the latest version of the Lemur code base you must run any needed
This will ensure that any needed tables or columns are created or destroyed.
.. note::
Internally, this uses `Alembic <https://alembic.readthedocs.org/en/latest/>`_ to manage database migrations.
Internally, this uses `Alembic <http://alembic.zzzcomputing.com/en/latest/>`_ to manage database migrations.
.. note::
By default Alembic looks for the `migrations` folder in the current working directory.The migrations folder is

4
lemur/auth/views.py
View File

@ -132,8 +132,8 @@ class Ping(Resource):
this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an
OAuth2 provider you want to use Lemur there would be two steps:
1. Define your own class that inherits from :class:`flask.ext.restful.Resource` and create the HTTP methods the \
provider uses for it's callbacks.
1. Define your own class that inherits from :class:`flask_restful.Resource` and create the HTTP methods the \
provider uses for its callbacks.
2. Add or change the Lemur AngularJS Configuration to point to your new provider
"""
def __init__(self):

4
lemur/certificates/schemas.py
View File

@ -146,7 +146,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
notify = fields.Boolean()
rotation_policy = fields.Nested(RotationPolicyNestedOutputSchema)
# Note aliasing is the first step in deprecating these fields.
# Note aliasing is the first step in deprecating these fields.
cn = fields.String() # deprecated
common_name = fields.String(attribute='cn')
@ -177,7 +177,7 @@ class CertificateOutputSchema(LemurOutputSchema):
rotation = fields.Boolean()
# Note aliasing is the first step in deprecating these fields.
# Note aliasing is the first step in deprecating these fields.
notify = fields.Boolean()
active = fields.Boolean(attribute='notify')

1
lemur/certificates/service.py
View File

@ -291,7 +291,6 @@ def render(args):
Certificate.authority_id.in_(sub_query)
)
)
return database.sort_and_page(query, Certificate, args)
elif 'destination' in terms:
query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))

2
lemur/certificates/verify.py
View File

@ -19,7 +19,7 @@ def ocsp_verify(cert_path, issuer_chain_path):
"""
Attempts to verify a certificate via OCSP. OCSP is a more modern version
of CRL in that it will query the OCSP URI in order to determine if the
certificate as been revoked
certificate has been revoked
:param cert_path:
:param issuer_chain_path:

26
lemur/certificates/views.py
View File

@ -84,7 +84,7 @@ class CertificatesList(AuthenticatedResource):
"deleted": null,
"notifications": [{
"id": 1
}]
}],
"signingAlgorithm": "sha256",
"user": {
"username": "jane",
@ -169,7 +169,7 @@ class CertificatesList(AuthenticatedResource):
},
"replacements": [{
"id": 1
},
}],
"notify": true,
"validityEnd": "2026-01-01T08:00:00.000Z",
"authority": {
@ -215,7 +215,7 @@ class CertificatesList(AuthenticatedResource):
"deleted": null,
"notifications": [{
"id": 1
}]
}],
"signingAlgorithm": "sha256",
"user": {
"username": "jane",
@ -232,7 +232,7 @@ class CertificatesList(AuthenticatedResource):
"replaces": [{
"id": 1
}],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{
@ -331,7 +331,7 @@ class CertificatesUpload(AuthenticatedResource):
"deleted": null,
"notifications": [{
"id": 1
}]
}],
"signingAlgorithm": "sha256",
"user": {
"username": "jane",
@ -346,7 +346,7 @@ class CertificatesUpload(AuthenticatedResource):
"name": "*.test.example.net"
}],
"replaces": [],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{
@ -417,7 +417,7 @@ class CertificatePrivateKey(AuthenticatedResource):
Content-Type: text/javascript
{
"key": "-----BEGIN ...",
"key": "-----BEGIN ..."
}
:reqheader Authorization: OAuth token to authenticate
@ -495,7 +495,7 @@ class Certificates(AuthenticatedResource):
"deleted": null,
"notifications": [{
"id": 1
}]
}],
"signingAlgorithm": "sha256",
"user": {
"username": "jane",
@ -509,7 +509,7 @@ class Certificates(AuthenticatedResource):
"id": 1090,
"name": "*.test.example.net"
}],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"replaces": [],
"replaced": [],
@ -605,7 +605,7 @@ class Certificates(AuthenticatedResource):
"description": "This is a google group based role created by Lemur",
"name": "joe@example.com"
}],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"san": null
}
@ -697,7 +697,7 @@ class NotificationCertificatesList(AuthenticatedResource):
"deleted": null,
"notifications": [{
"id": 1
}]
}],
"signingAlgorithm": "sha256",
"user": {
"username": "jane",
@ -713,7 +713,7 @@ class NotificationCertificatesList(AuthenticatedResource):
}],
"replaces": [],
"replaced": [],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{
@ -820,7 +820,7 @@ class CertificatesReplacementsList(AuthenticatedResource):
}],
"replaces": [],
"replaced": [],
"rotation": True,
"rotation": true,
"rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{

2
lemur/default.conf.py
View File

@ -9,7 +9,7 @@ THREADS_PER_PAGE = 8
# These will need to be set to `True` if you are developing locally
CORS = False
debug = False
DEBUG = False
# Logging

6
lemur/factory.py
View File

@ -188,8 +188,10 @@ def install_plugins(app):
# ensure that we have some way to notify
with app.app_context():
slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification")
try:
slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification")
plugins.get(slug)
except KeyError:
raise Exception("Unable to location notification plugin: {slug}. Ensure that LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin.".format(slug=slug))
raise Exception("Unable to location notification plugin: {slug}. Ensure that "
"LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin."
.format(slug=slug))

2
lemur/manage.py
View File

@ -375,7 +375,7 @@ class LemurServer(Command):
app = WSGIApplication()
# run startup tasks on a app like object
# run startup tasks on an app like object
validate_conf(current_app, REQUIRED_VARIABLES)
app.app_uri = 'lemur:create_app(config="{0}")'.format(current_app.config.get('CONFIG_PATH'))

2
lemur/notifications/messaging.py
View File

@ -143,7 +143,7 @@ def send_expiration_notifications(exclude):
def send_rotation_notification(certificate, notification_plugin=None):
"""
Sends a report to certificate owners when their certificate as been
Sends a report to certificate owners when their certificate has been
rotated.
:param certificate:

2
lemur/plugins/base/v1.py
View File

@ -101,7 +101,7 @@ class IPlugin(local):
Returns a list of tuples pointing to various resources for this plugin.
>>> def get_resource_links(self):
>>> return [
>>> ('Documentation', 'http://lemury.readthedocs.org'),
>>> ('Documentation', 'https://lemur.readthedocs.io'),
>>> ('Bug Tracker', 'https://github.com/Netflix/lemur/issues'),
>>> ('Source', 'https://github.com/Netflix/lemur'),
>>> ]

2
lemur/plugins/lemur_aws/elb.py
View File

@ -98,7 +98,7 @@ def get_all_elbs_v2(**kwargs):
@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs):
"""
Get a listener ARN from a endpoint.
Get a listener ARN from an endpoint.
:param endpoint_name:
:param endpoint_port:
:return:

2
lemur/plugins/lemur_linuxdst/plugin.py
View File

@ -62,7 +62,7 @@ class LinuxDstPlugin(DestinationPlugin):
"name": "exportType",
"required": True,
"value": "NGINX",
"helpMessage": "Reference the docs for an explaination of each export type",
"helpMessage": "Reference the docs for an explanation of each export type",
"type": "select"
}
]

2
lemur/plugins/lemur_linuxdst/remote_host.py
View File

@ -19,7 +19,7 @@ def copy_cert(cert_cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_port, dst
sftp = ssh.open_sftp()
# make the directory on the destination server
# files will be in a a folder based on the cert_cn
# files will be in a folder based on the cert_cn
# example:
# destination folder: /etc/nginx/certs/
# files will go in: /etc/nginx/certs/your.cn.com/cert.pem

4
lemur/plugins/lemur_openssl/plugin.py
View File

@ -98,7 +98,7 @@ class OpenSSLExportPlugin(ExportPlugin):
'name': 'passphrase',
'type': 'str',
'required': False,
'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8.',
'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this.',
'validation': ''
},
{
@ -111,7 +111,7 @@ class OpenSSLExportPlugin(ExportPlugin):
def export(self, body, chain, key, options, **kwargs):
"""
Generates a Java Keystore or Truststore
Generates a PKCS#12 archive.
:param key:
:param chain:

5
lemur/static/app/angular/certificates/view/view.tpl.html
View File

@ -113,7 +113,7 @@
<span class="pull-right">{{ certificate.serialHex }}</span>
</li>
<li
uib-tooltip="Lemur will attempt to check a certificates validity, this is used to track whether a certificate as been revoked"
uib-tooltip="Lemur will attempt to check a certificates validity, this is used to track whether a certificate has been revoked"
class="list-group-item">
<strong>Validity</strong>
<span class="pull-right">
@ -179,7 +179,7 @@
<ul class="list-group">
<li class="list-group-item" ng-repeat="replaces in certificate.replaces">
<strong>{{ replaces.name }}</strong>
<p>{{ replaces.description}}</p>
<p>{{ replaces.description }}</p>
</li>
</ul>
</uib-tab>
@ -221,4 +221,3 @@
</div>
</div>
</div>
</div>

2
lemur/static/app/angular/domains/view/view.js vendored
View File

@ -45,7 +45,7 @@ angular.module('lemur')
body: 'Unable to update! ' + response.data.message,
timeout: 100000
});
domain.sensitive = domain.sensitive ? false : true;
domain.sensitive = !domain.sensitive;
});
};

2
lemur/static/app/index.html
View File

@ -95,7 +95,7 @@
<div class="container">
<p class="text-muted">
<span>Lemur is broken regularly by <a href="https://github.com/Netflix/lemur.git">Netflix</a>.</span>
<span class="pull-right">Confused? Check out our <a href="https://lemur.readthedocs.org/en/latest">docs</a>!</span>
<span class="pull-right">Confused? Check out our <a href="https://lemur.readthedocs.io/en/latest">docs</a>!</span>
</p>
</div>
</footer>