Various minor cleanups and fixes (#938)

* Documentation fixes

* Various docstring and help string fixes

* Minor code cleanups

* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
This commit is contained in:
Marti Raudsepp 2017-09-26 01:33:42 +03:00 committed by kevgliss
parent ec5dec4a16
commit 97d83890e0
21 changed files with 48 additions and 48 deletions

2
.gitignore vendored
View File

@ -13,6 +13,7 @@
MANIFEST MANIFEST
test.conf test.conf
pip-log.txt pip-log.txt
package-lock.json
/htmlcov /htmlcov
/cover /cover
/build /build
@ -27,5 +28,4 @@ pip-log.txt
docs/_build docs/_build
.editorconfig .editorconfig
.idea .idea
test.conf
lemur/tests/tmp lemur/tests/tmp

View File

@ -93,7 +93,7 @@ Issuer Plugin Owners
-------------------- --------------------
This release may break your plugins, the keys in `issuer_options` have been changed from `camelCase` to `under_score`. This release may break your plugins, the keys in `issuer_options` have been changed from `camelCase` to `under_score`.
This change was made to break a undue reliance on downstream options maintains a more pythonic naming convention. Renaming This change was made to break an undue reliance on downstream options maintains a more pythonic naming convention. Renaming
these keys should be fairly trivial, additionally pull requests have been submitted to affected plugins to help ease the transition. these keys should be fairly trivial, additionally pull requests have been submitted to affected plugins to help ease the transition.
.. note:: This change only affects issuer plugins and does not affect any other types of plugins. .. note:: This change only affects issuer plugins and does not affect any other types of plugins.
@ -103,10 +103,10 @@ these keys should be fairly trivial, additionally pull requests have been submit
stricter input validation and better error messages when validation fails. stricter input validation and better error messages when validation fails.
* Closed `#146 <https://github.com/Netflix/lemur/issues/146>`_ - Moved authority type to first pane of authority creation wizard. * Closed `#146 <https://github.com/Netflix/lemur/issues/146>`_ - Moved authority type to first pane of authority creation wizard.
* Closed `#147 <https://github.com/Netflix/lemur/issues/147>`_ - Added and refactored the relationship between authorities and their * Closed `#147 <https://github.com/Netflix/lemur/issues/147>`_ - Added and refactored the relationship between authorities and their
root certificates. Displays the certificates (and chains) next the the authority in question. root certificates. Displays the certificates (and chains) next to the authority in question.
* Closed `#199 <https://github.com/Netflix/lemur/issues/199>`_ - Ensures that the dates submitted to Lemur during authority and * Closed `#199 <https://github.com/Netflix/lemur/issues/199>`_ - Ensures that the dates submitted to Lemur during authority and
certificate creation are actually dates. certificate creation are actually dates.
* Closed `#230 <https://github.com/Netflix/lemur/issues/230>`_ - Migrated authority dropdown to a ui-select based dropdown, this * Closed `#230 <https://github.com/Netflix/lemur/issues/230>`_ - Migrated authority dropdown to an ui-select based dropdown, this
should be easier to determine what authorities are available and when an authority has actually been selected. should be easier to determine what authorities are available and when an authority has actually been selected.
* Closed `#254 <https://github.com/Netflix/lemur/issues/254>`_ - Forces certificate names to be generally unique. If a certificate name * Closed `#254 <https://github.com/Netflix/lemur/issues/254>`_ - Forces certificate names to be generally unique. If a certificate name
(generated or otherwise) is found to be a duplicate we increment by appending a counter. (generated or otherwise) is found to be a duplicate we increment by appending a counter.
@ -168,6 +168,6 @@ these keys should be fairly trivial, additionally pull requests have been submit
0.1.5 - 2015-10-26 0.1.5 - 2015-10-26
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Switched from use a AES static key to Fernet encryption. * **SECURITY ISSUE**: Switched from use an AES static key to Fernet encryption.
Affects all versions prior to 0.1.5. If upgrading this will require a data migration. Affects all versions prior to 0.1.5. If upgrading this will require a data migration.
see: `Upgrading Lemur <https://lemur.readthedocs.com/adminstration#UpgradingLemur>`_ see: `Upgrading Lemur <https://lemur.readthedocs.io/administration#UpgradingLemur>`_

View File

@ -5,8 +5,8 @@ Lemur
:alt: Join the chat at https://gitter.im/Netflix/lemur :alt: Join the chat at https://gitter.im/Netflix/lemur
:target: https://gitter.im/Netflix/lemur?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge :target: https://gitter.im/Netflix/lemur?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
.. image:: https://readthedocs.org/projects/lemur/badge/?version=latest .. image:: https://readthedocs.io/projects/lemur/badge/?version=latest
:target: https://lemur.readthedocs.org :target: https://lemur.readthedocs.io
:alt: Latest Docs :alt: Latest Docs
.. image:: https://img.shields.io/badge/NetflixOSS-active-brightgreen.svg .. image:: https://img.shields.io/badge/NetflixOSS-active-brightgreen.svg
@ -25,7 +25,7 @@ Project resources
================= =================
- `Lemur Blog Post <http://techblog.netflix.com/2015/09/introducing-lemur.html>`_ - `Lemur Blog Post <http://techblog.netflix.com/2015/09/introducing-lemur.html>`_
- `Documentation <http://lemur.readthedocs.org/>`_ - `Documentation <http://lemur.readthedocs.io/>`_
- `Source code <https://github.com/netflix/lemur>`_ - `Source code <https://github.com/netflix/lemur>`_
- `Issue tracker <https://github.com/netflix/lemur/issues>`_ - `Issue tracker <https://github.com/netflix/lemur/issues>`_
- `Docker <https://github.com/Netflix/lemur-docker>`_ - `Docker <https://github.com/Netflix/lemur-docker>`_

View File

@ -28,14 +28,14 @@ Basic Configuration
LOG_FILE = "/logs/lemur/lemur-test.log" LOG_FILE = "/logs/lemur/lemur-test.log"
.. data:: debug .. data:: DEBUG
:noindex: :noindex:
Sets the flask debug flag to true (if supported by the webserver) Sets the flask debug flag to true (if supported by the webserver)
:: ::
debug = False DEBUG = False
.. warning:: .. warning::
This should never be used in a production environment as it exposes Lemur to This should never be used in a production environment as it exposes Lemur to
@ -959,7 +959,7 @@ After you have the latest version of the Lemur code base you must run any needed
This will ensure that any needed tables or columns are created or destroyed. This will ensure that any needed tables or columns are created or destroyed.
.. note:: .. note::
Internally, this uses `Alembic <https://alembic.readthedocs.org/en/latest/>`_ to manage database migrations. Internally, this uses `Alembic <http://alembic.zzzcomputing.com/en/latest/>`_ to manage database migrations.
.. note:: .. note::
By default Alembic looks for the `migrations` folder in the current working directory.The migrations folder is By default Alembic looks for the `migrations` folder in the current working directory.The migrations folder is

View File

@ -132,8 +132,8 @@ class Ping(Resource):
this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an
OAuth2 provider you want to use Lemur there would be two steps: OAuth2 provider you want to use Lemur there would be two steps:
1. Define your own class that inherits from :class:`flask.ext.restful.Resource` and create the HTTP methods the \ 1. Define your own class that inherits from :class:`flask_restful.Resource` and create the HTTP methods the \
provider uses for it's callbacks. provider uses for its callbacks.
2. Add or change the Lemur AngularJS Configuration to point to your new provider 2. Add or change the Lemur AngularJS Configuration to point to your new provider
""" """
def __init__(self): def __init__(self):

View File

@ -291,7 +291,6 @@ def render(args):
Certificate.authority_id.in_(sub_query) Certificate.authority_id.in_(sub_query)
) )
) )
return database.sort_and_page(query, Certificate, args)
elif 'destination' in terms: elif 'destination' in terms:
query = query.filter(Certificate.destinations.any(Destination.id == terms[1])) query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))

View File

@ -19,7 +19,7 @@ def ocsp_verify(cert_path, issuer_chain_path):
""" """
Attempts to verify a certificate via OCSP. OCSP is a more modern version Attempts to verify a certificate via OCSP. OCSP is a more modern version
of CRL in that it will query the OCSP URI in order to determine if the of CRL in that it will query the OCSP URI in order to determine if the
certificate as been revoked certificate has been revoked
:param cert_path: :param cert_path:
:param issuer_chain_path: :param issuer_chain_path:

View File

@ -84,7 +84,7 @@ class CertificatesList(AuthenticatedResource):
"deleted": null, "deleted": null,
"notifications": [{ "notifications": [{
"id": 1 "id": 1
}] }],
"signingAlgorithm": "sha256", "signingAlgorithm": "sha256",
"user": { "user": {
"username": "jane", "username": "jane",
@ -169,7 +169,7 @@ class CertificatesList(AuthenticatedResource):
}, },
"replacements": [{ "replacements": [{
"id": 1 "id": 1
}, }],
"notify": true, "notify": true,
"validityEnd": "2026-01-01T08:00:00.000Z", "validityEnd": "2026-01-01T08:00:00.000Z",
"authority": { "authority": {
@ -215,7 +215,7 @@ class CertificatesList(AuthenticatedResource):
"deleted": null, "deleted": null,
"notifications": [{ "notifications": [{
"id": 1 "id": 1
}] }],
"signingAlgorithm": "sha256", "signingAlgorithm": "sha256",
"user": { "user": {
"username": "jane", "username": "jane",
@ -232,7 +232,7 @@ class CertificatesList(AuthenticatedResource):
"replaces": [{ "replaces": [{
"id": 1 "id": 1
}], }],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{ "roles": [{
@ -331,7 +331,7 @@ class CertificatesUpload(AuthenticatedResource):
"deleted": null, "deleted": null,
"notifications": [{ "notifications": [{
"id": 1 "id": 1
}] }],
"signingAlgorithm": "sha256", "signingAlgorithm": "sha256",
"user": { "user": {
"username": "jane", "username": "jane",
@ -346,7 +346,7 @@ class CertificatesUpload(AuthenticatedResource):
"name": "*.test.example.net" "name": "*.test.example.net"
}], }],
"replaces": [], "replaces": [],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{ "roles": [{
@ -417,7 +417,7 @@ class CertificatePrivateKey(AuthenticatedResource):
Content-Type: text/javascript Content-Type: text/javascript
{ {
"key": "-----BEGIN ...", "key": "-----BEGIN ..."
} }
:reqheader Authorization: OAuth token to authenticate :reqheader Authorization: OAuth token to authenticate
@ -495,7 +495,7 @@ class Certificates(AuthenticatedResource):
"deleted": null, "deleted": null,
"notifications": [{ "notifications": [{
"id": 1 "id": 1
}] }],
"signingAlgorithm": "sha256", "signingAlgorithm": "sha256",
"user": { "user": {
"username": "jane", "username": "jane",
@ -509,7 +509,7 @@ class Certificates(AuthenticatedResource):
"id": 1090, "id": 1090,
"name": "*.test.example.net" "name": "*.test.example.net"
}], }],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"replaces": [], "replaces": [],
"replaced": [], "replaced": [],
@ -605,7 +605,7 @@ class Certificates(AuthenticatedResource):
"description": "This is a google group based role created by Lemur", "description": "This is a google group based role created by Lemur",
"name": "joe@example.com" "name": "joe@example.com"
}], }],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"san": null "san": null
} }
@ -697,7 +697,7 @@ class NotificationCertificatesList(AuthenticatedResource):
"deleted": null, "deleted": null,
"notifications": [{ "notifications": [{
"id": 1 "id": 1
}] }],
"signingAlgorithm": "sha256", "signingAlgorithm": "sha256",
"user": { "user": {
"username": "jane", "username": "jane",
@ -713,7 +713,7 @@ class NotificationCertificatesList(AuthenticatedResource):
}], }],
"replaces": [], "replaces": [],
"replaced": [], "replaced": [],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{ "roles": [{
@ -820,7 +820,7 @@ class CertificatesReplacementsList(AuthenticatedResource):
}], }],
"replaces": [], "replaces": [],
"replaced": [], "replaced": [],
"rotation": True, "rotation": true,
"rotationPolicy": {"name": "default"}, "rotationPolicy": {"name": "default"},
"name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
"roles": [{ "roles": [{

View File

@ -9,7 +9,7 @@ THREADS_PER_PAGE = 8
# These will need to be set to `True` if you are developing locally # These will need to be set to `True` if you are developing locally
CORS = False CORS = False
debug = False DEBUG = False
# Logging # Logging

View File

@ -188,8 +188,10 @@ def install_plugins(app):
# ensure that we have some way to notify # ensure that we have some way to notify
with app.app_context(): with app.app_context():
try:
slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification") slug = app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification")
try:
plugins.get(slug) plugins.get(slug)
except KeyError: except KeyError:
raise Exception("Unable to location notification plugin: {slug}. Ensure that LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin.".format(slug=slug)) raise Exception("Unable to location notification plugin: {slug}. Ensure that "
"LEMUR_DEFAULT_NOTIFICATION_PLUGIN is set to a valid and installed notification plugin."
.format(slug=slug))

View File

@ -375,7 +375,7 @@ class LemurServer(Command):
app = WSGIApplication() app = WSGIApplication()
# run startup tasks on a app like object # run startup tasks on an app like object
validate_conf(current_app, REQUIRED_VARIABLES) validate_conf(current_app, REQUIRED_VARIABLES)
app.app_uri = 'lemur:create_app(config="{0}")'.format(current_app.config.get('CONFIG_PATH')) app.app_uri = 'lemur:create_app(config="{0}")'.format(current_app.config.get('CONFIG_PATH'))

View File

@ -143,7 +143,7 @@ def send_expiration_notifications(exclude):
def send_rotation_notification(certificate, notification_plugin=None): def send_rotation_notification(certificate, notification_plugin=None):
""" """
Sends a report to certificate owners when their certificate as been Sends a report to certificate owners when their certificate has been
rotated. rotated.
:param certificate: :param certificate:

View File

@ -101,7 +101,7 @@ class IPlugin(local):
Returns a list of tuples pointing to various resources for this plugin. Returns a list of tuples pointing to various resources for this plugin.
>>> def get_resource_links(self): >>> def get_resource_links(self):
>>> return [ >>> return [
>>> ('Documentation', 'http://lemury.readthedocs.org'), >>> ('Documentation', 'https://lemur.readthedocs.io'),
>>> ('Bug Tracker', 'https://github.com/Netflix/lemur/issues'), >>> ('Bug Tracker', 'https://github.com/Netflix/lemur/issues'),
>>> ('Source', 'https://github.com/Netflix/lemur'), >>> ('Source', 'https://github.com/Netflix/lemur'),
>>> ] >>> ]

View File

@ -98,7 +98,7 @@ def get_all_elbs_v2(**kwargs):
@retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000) @retry(retry_on_exception=retry_throttled, stop_max_attempt_number=7, wait_exponential_multiplier=1000)
def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs): def get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs):
""" """
Get a listener ARN from a endpoint. Get a listener ARN from an endpoint.
:param endpoint_name: :param endpoint_name:
:param endpoint_port: :param endpoint_port:
:return: :return:

View File

@ -62,7 +62,7 @@ class LinuxDstPlugin(DestinationPlugin):
"name": "exportType", "name": "exportType",
"required": True, "required": True,
"value": "NGINX", "value": "NGINX",
"helpMessage": "Reference the docs for an explaination of each export type", "helpMessage": "Reference the docs for an explanation of each export type",
"type": "select" "type": "select"
} }
] ]

View File

@ -19,7 +19,7 @@ def copy_cert(cert_cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_port, dst
sftp = ssh.open_sftp() sftp = ssh.open_sftp()
# make the directory on the destination server # make the directory on the destination server
# files will be in a a folder based on the cert_cn # files will be in a folder based on the cert_cn
# example: # example:
# destination folder: /etc/nginx/certs/ # destination folder: /etc/nginx/certs/
# files will go in: /etc/nginx/certs/your.cn.com/cert.pem # files will go in: /etc/nginx/certs/your.cn.com/cert.pem

View File

@ -98,7 +98,7 @@ class OpenSSLExportPlugin(ExportPlugin):
'name': 'passphrase', 'name': 'passphrase',
'type': 'str', 'type': 'str',
'required': False, 'required': False,
'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8.', 'helpMessage': 'If no passphrase is given one will be generated for you, we highly recommend this.',
'validation': '' 'validation': ''
}, },
{ {
@ -111,7 +111,7 @@ class OpenSSLExportPlugin(ExportPlugin):
def export(self, body, chain, key, options, **kwargs): def export(self, body, chain, key, options, **kwargs):
""" """
Generates a Java Keystore or Truststore Generates a PKCS#12 archive.
:param key: :param key:
:param chain: :param chain:

View File

@ -113,7 +113,7 @@
<span class="pull-right">{{ certificate.serialHex }}</span> <span class="pull-right">{{ certificate.serialHex }}</span>
</li> </li>
<li <li
uib-tooltip="Lemur will attempt to check a certificates validity, this is used to track whether a certificate as been revoked" uib-tooltip="Lemur will attempt to check a certificates validity, this is used to track whether a certificate has been revoked"
class="list-group-item"> class="list-group-item">
<strong>Validity</strong> <strong>Validity</strong>
<span class="pull-right"> <span class="pull-right">
@ -221,4 +221,3 @@
</div> </div>
</div> </div>
</div> </div>
</div>

View File

@ -45,7 +45,7 @@ angular.module('lemur')
body: 'Unable to update! ' + response.data.message, body: 'Unable to update! ' + response.data.message,
timeout: 100000 timeout: 100000
}); });
domain.sensitive = domain.sensitive ? false : true; domain.sensitive = !domain.sensitive;
}); });
}; };

View File

@ -95,7 +95,7 @@
<div class="container"> <div class="container">
<p class="text-muted"> <p class="text-muted">
<span>Lemur is broken regularly by <a href="https://github.com/Netflix/lemur.git">Netflix</a>.</span> <span>Lemur is broken regularly by <a href="https://github.com/Netflix/lemur.git">Netflix</a>.</span>
<span class="pull-right">Confused? Check out our <a href="https://lemur.readthedocs.org/en/latest">docs</a>!</span> <span class="pull-right">Confused? Check out our <a href="https://lemur.readthedocs.io/en/latest">docs</a>!</span>
</p> </p>
</div> </div>
</footer> </footer>