diff --git a/.gitignore b/.gitignore index a7b00969..eaaaedff 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ MANIFEST test.conf pip-log.txt +package-lock.json /htmlcov /cover /build @@ -27,5 +28,4 @@ pip-log.txt docs/_build .editorconfig .idea -test.conf -lemur/tests/tmp \ No newline at end of file +lemur/tests/tmp diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2b061190..25ec8ce1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -93,7 +93,7 @@ Issuer Plugin Owners -------------------- This release may break your plugins, the keys in `issuer_options` have been changed from `camelCase` to `under_score`. -This change was made to break a undue reliance on downstream options maintains a more pythonic naming convention. Renaming +This change was made to break an undue reliance on downstream options maintains a more pythonic naming convention. Renaming these keys should be fairly trivial, additionally pull requests have been submitted to affected plugins to help ease the transition. .. note:: This change only affects issuer plugins and does not affect any other types of plugins. @@ -103,10 +103,10 @@ these keys should be fairly trivial, additionally pull requests have been submit stricter input validation and better error messages when validation fails. * Closed `#146 `_ - Moved authority type to first pane of authority creation wizard. * Closed `#147 `_ - Added and refactored the relationship between authorities and their - root certificates. Displays the certificates (and chains) next the the authority in question. + root certificates. Displays the certificates (and chains) next to the authority in question. * Closed `#199 `_ - Ensures that the dates submitted to Lemur during authority and certificate creation are actually dates. -* Closed `#230 `_ - Migrated authority dropdown to a ui-select based dropdown, this +* Closed `#230 `_ - Migrated authority dropdown to an ui-select based dropdown, this should be easier to determine what authorities are available and when an authority has actually been selected. * Closed `#254 `_ - Forces certificate names to be generally unique. If a certificate name (generated or otherwise) is found to be a duplicate we increment by appending a counter. @@ -168,6 +168,6 @@ these keys should be fairly trivial, additionally pull requests have been submit 0.1.5 - 2015-10-26 ~~~~~~~~~~~~~~~~~~ -* **SECURITY ISSUE**: Switched from use a AES static key to Fernet encryption. +* **SECURITY ISSUE**: Switched from use an AES static key to Fernet encryption. Affects all versions prior to 0.1.5. If upgrading this will require a data migration. - see: `Upgrading Lemur `_ + see: `Upgrading Lemur `_ diff --git a/README.rst b/README.rst index ecba21d0..9582f756 100644 --- a/README.rst +++ b/README.rst @@ -5,8 +5,8 @@ Lemur :alt: Join the chat at https://gitter.im/Netflix/lemur :target: https://gitter.im/Netflix/lemur?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge -.. image:: https://readthedocs.org/projects/lemur/badge/?version=latest - :target: https://lemur.readthedocs.org +.. image:: https://readthedocs.io/projects/lemur/badge/?version=latest + :target: https://lemur.readthedocs.io :alt: Latest Docs .. image:: https://img.shields.io/badge/NetflixOSS-active-brightgreen.svg @@ -25,7 +25,7 @@ Project resources ================= - `Lemur Blog Post `_ -- `Documentation `_ +- `Documentation `_ - `Source code `_ - `Issue tracker `_ - `Docker `_ diff --git a/docs/administration.rst b/docs/administration.rst index 84aab664..fca81f1a 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -28,14 +28,14 @@ Basic Configuration LOG_FILE = "/logs/lemur/lemur-test.log" -.. data:: debug +.. data:: DEBUG :noindex: Sets the flask debug flag to true (if supported by the webserver) :: - debug = False + DEBUG = False .. warning:: This should never be used in a production environment as it exposes Lemur to @@ -959,7 +959,7 @@ After you have the latest version of the Lemur code base you must run any needed This will ensure that any needed tables or columns are created or destroyed. .. note:: - Internally, this uses `Alembic `_ to manage database migrations. + Internally, this uses `Alembic `_ to manage database migrations. .. note:: By default Alembic looks for the `migrations` folder in the current working directory.The migrations folder is diff --git a/lemur/auth/views.py b/lemur/auth/views.py index 9d231cff..251fdacc 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -132,8 +132,8 @@ class Ping(Resource): this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an OAuth2 provider you want to use Lemur there would be two steps: - 1. Define your own class that inherits from :class:`flask.ext.restful.Resource` and create the HTTP methods the \ - provider uses for it's callbacks. + 1. Define your own class that inherits from :class:`flask_restful.Resource` and create the HTTP methods the \ + provider uses for its callbacks. 2. Add or change the Lemur AngularJS Configuration to point to your new provider """ def __init__(self): diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py index d7364d41..99e38405 100644 --- a/lemur/certificates/schemas.py +++ b/lemur/certificates/schemas.py @@ -146,7 +146,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema): notify = fields.Boolean() rotation_policy = fields.Nested(RotationPolicyNestedOutputSchema) - # Note aliasing is the first step in deprecating these fields. + # Note aliasing is the first step in deprecating these fields. cn = fields.String() # deprecated common_name = fields.String(attribute='cn') @@ -177,7 +177,7 @@ class CertificateOutputSchema(LemurOutputSchema): rotation = fields.Boolean() - # Note aliasing is the first step in deprecating these fields. + # Note aliasing is the first step in deprecating these fields. notify = fields.Boolean() active = fields.Boolean(attribute='notify') diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 915589d1..7340bd71 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -291,7 +291,6 @@ def render(args): Certificate.authority_id.in_(sub_query) ) ) - return database.sort_and_page(query, Certificate, args) elif 'destination' in terms: query = query.filter(Certificate.destinations.any(Destination.id == terms[1])) diff --git a/lemur/certificates/verify.py b/lemur/certificates/verify.py index 15ada881..ebc29d21 100644 --- a/lemur/certificates/verify.py +++ b/lemur/certificates/verify.py @@ -19,7 +19,7 @@ def ocsp_verify(cert_path, issuer_chain_path): """ Attempts to verify a certificate via OCSP. OCSP is a more modern version of CRL in that it will query the OCSP URI in order to determine if the - certificate as been revoked + certificate has been revoked :param cert_path: :param issuer_chain_path: diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 147e0273..2e2f7ccb 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -84,7 +84,7 @@ class CertificatesList(AuthenticatedResource): "deleted": null, "notifications": [{ "id": 1 - }] + }], "signingAlgorithm": "sha256", "user": { "username": "jane", @@ -169,7 +169,7 @@ class CertificatesList(AuthenticatedResource): }, "replacements": [{ "id": 1 - }, + }], "notify": true, "validityEnd": "2026-01-01T08:00:00.000Z", "authority": { @@ -215,7 +215,7 @@ class CertificatesList(AuthenticatedResource): "deleted": null, "notifications": [{ "id": 1 - }] + }], "signingAlgorithm": "sha256", "user": { "username": "jane", @@ -232,7 +232,7 @@ class CertificatesList(AuthenticatedResource): "replaces": [{ "id": 1 }], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ @@ -331,7 +331,7 @@ class CertificatesUpload(AuthenticatedResource): "deleted": null, "notifications": [{ "id": 1 - }] + }], "signingAlgorithm": "sha256", "user": { "username": "jane", @@ -346,7 +346,7 @@ class CertificatesUpload(AuthenticatedResource): "name": "*.test.example.net" }], "replaces": [], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ @@ -417,7 +417,7 @@ class CertificatePrivateKey(AuthenticatedResource): Content-Type: text/javascript { - "key": "-----BEGIN ...", + "key": "-----BEGIN ..." } :reqheader Authorization: OAuth token to authenticate @@ -495,7 +495,7 @@ class Certificates(AuthenticatedResource): "deleted": null, "notifications": [{ "id": 1 - }] + }], "signingAlgorithm": "sha256", "user": { "username": "jane", @@ -509,7 +509,7 @@ class Certificates(AuthenticatedResource): "id": 1090, "name": "*.test.example.net" }], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "replaces": [], "replaced": [], @@ -605,7 +605,7 @@ class Certificates(AuthenticatedResource): "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "san": null } @@ -697,7 +697,7 @@ class NotificationCertificatesList(AuthenticatedResource): "deleted": null, "notifications": [{ "id": 1 - }] + }], "signingAlgorithm": "sha256", "user": { "username": "jane", @@ -713,7 +713,7 @@ class NotificationCertificatesList(AuthenticatedResource): }], "replaces": [], "replaced": [], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ @@ -820,7 +820,7 @@ class CertificatesReplacementsList(AuthenticatedResource): }], "replaces": [], "replaced": [], - "rotation": True, + "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ diff --git a/lemur/default.conf.py b/lemur/default.conf.py index 346ea3dc..217d8371 100644 --- a/lemur/default.conf.py +++ b/lemur/default.conf.py @@ -9,7 +9,7 @@ THREADS_PER_PAGE = 8 # These will need to be set to `True` if you are developing locally CORS = False -debug = False +DEBUG = False # Logging diff --git a/lemur/factory.py b/lemur/factory.py index bc96c27e..107fb70f 100644 --- a/lemur/factory.py +++ b/lemur/factory.py @@ -188,8 +188,10 @@ def install_plugins(app): # ensure that we have some way to notify with app.app_context(): + slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification") try: - slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification") plugins.get(slug) except KeyError: - raise Exception("Unable to location notification plugin: {slug}. Ensure that LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin.".format(slug=slug)) + raise Exception("Unable to location notification plugin: {slug}. Ensure that " + "LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin." + .format(slug=slug)) diff --git a/lemur/manage.py b/lemur/manage.py index 15e86102..57cd7b2c 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -375,7 +375,7 @@ class LemurServer(Command): app = WSGIApplication() - # run startup tasks on a app like object + # run startup tasks on an app like object validate_conf(current_app, REQUIRED_VARIABLES) app.app_uri = 'lemur:create_app(config="{0}")'.format(current_app.config.get('CONFIG_PATH')) diff --git a/lemur/notifications/messaging.py b/lemur/notifications/messaging.py index 590fcad2..d5010e01 100644 --- a/lemur/notifications/messaging.py +++ b/lemur/notifications/messaging.py @@ -143,7 +143,7 @@ def send_expiration_notifications(exclude): def send_rotation_notification(certificate, notification_plugin=None): """ - Sends a report to certificate owners when their certificate as been + Sends a report to certificate owners when their certificate has been rotated. :param certificate: diff --git a/lemur/plugins/base/v1.py b/lemur/plugins/base/v1.py index d21a71ee..36dbaf6e 100644 --- a/lemur/plugins/base/v1.py +++ b/lemur/plugins/base/v1.py @@ -101,7 +101,7 @@ class IPlugin(local): Returns a list of tuples pointing to various resources for this plugin. >>> def get_resource_links(self): >>> return [ - >>> ('Documentation', 'http://lemury.readthedocs.org'), + >>> ('Documentation', 'https://lemur.readthedocs.io'), >>> ('Bug Tracker', 'https://github.com/Netflix/lemur/issues'), >>> ('Source', 'https://github.com/Netflix/lemur'), >>> ] diff --git a/lemur/plugins/lemur_aws/elb.py b/lemur/plugins/lemur_aws/elb.py index 45b95ec0..4c4ce97f 100644 --- a/lemur/plugins/lemur_aws/elb.py +++ b/lemur/plugins/lemur_aws/elb.py @@ -98,7 +98,7 @@ def get_all_elbs_v2(**kwargs): @retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000) def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs): """ - Get a listener ARN from a endpoint. + Get a listener ARN from an endpoint. :param endpoint_name: :param endpoint_port: :return: diff --git a/lemur/plugins/lemur_linuxdst/plugin.py b/lemur/plugins/lemur_linuxdst/plugin.py index e3b3682e..0907ceb2 100644 --- a/lemur/plugins/lemur_linuxdst/plugin.py +++ b/lemur/plugins/lemur_linuxdst/plugin.py @@ -62,7 +62,7 @@ class LinuxDstPlugin(DestinationPlugin): "name": "exportType", "required": True, "value": "NGINX", - "helpMessage": "Reference the docs for an explaination of each export type", + "helpMessage": "Reference the docs for an explanation of each export type", "type": "select" } ] diff --git a/lemur/plugins/lemur_linuxdst/remote_host.py b/lemur/plugins/lemur_linuxdst/remote_host.py index f2fd4ed7..b0f2cdb0 100644 --- a/lemur/plugins/lemur_linuxdst/remote_host.py +++ b/lemur/plugins/lemur_linuxdst/remote_host.py @@ -19,7 +19,7 @@ def copy_cert(cert_cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_port, dst sftp = ssh.open_sftp() # make the directory on the destination server - # files will be in a a folder based on the cert_cn + # files will be in a folder based on the cert_cn # example: # destination folder: /etc/nginx/certs/ # files will go in: /etc/nginx/certs/your.cn.com/cert.pem diff --git a/lemur/plugins/lemur_openssl/plugin.py b/lemur/plugins/lemur_openssl/plugin.py index 366b3361..b013936d 100644 --- a/lemur/plugins/lemur_openssl/plugin.py +++ b/lemur/plugins/lemur_openssl/plugin.py @@ -98,7 +98,7 @@ class OpenSSLExportPlugin(ExportPlugin): 'name': 'passphrase', 'type': 'str', 'required': False, - 'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8.', + 'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this.', 'validation': '' }, { @@ -111,7 +111,7 @@ class OpenSSLExportPlugin(ExportPlugin): def export(self, body, chain, key, options, **kwargs): """ - Generates a Java Keystore or Truststore + Generates a PKCS#12 archive. :param key: :param chain: diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html index ed6c337e..c23dd781 100644 --- a/lemur/static/app/angular/certificates/view/view.tpl.html +++ b/lemur/static/app/angular/certificates/view/view.tpl.html @@ -113,7 +113,7 @@ {{ certificate.serialHex }}
  • Validity @@ -179,7 +179,7 @@
    • {{ replaces.name }} -

      {{ replaces.description}}

      +

      {{ replaces.description }}

    @@ -221,4 +221,3 @@ - diff --git a/lemur/static/app/angular/domains/view/view.js b/lemur/static/app/angular/domains/view/view.js index ffce0d2f..9c579df1 100644 --- a/lemur/static/app/angular/domains/view/view.js +++ b/lemur/static/app/angular/domains/view/view.js @@ -45,7 +45,7 @@ angular.module('lemur') body: 'Unable to update! ' + response.data.message, timeout: 100000 }); - domain.sensitive = domain.sensitive ? false : true; + domain.sensitive = !domain.sensitive; }); }; diff --git a/lemur/static/app/index.html b/lemur/static/app/index.html index 39c44bcd..804c04b7 100644 --- a/lemur/static/app/index.html +++ b/lemur/static/app/index.html @@ -95,7 +95,7 @@

    Lemur is broken regularly by Netflix. - Confused? Check out our docs! + Confused? Check out our docs!