diff --git a/docs/administration/index.rst b/docs/administration/index.rst index e57dd5c0..8ac89525 100644 --- a/docs/administration/index.rst +++ b/docs/administration/index.rst @@ -102,6 +102,53 @@ Basic Configuration LEMUR_ENCRYPTION_KEY = 'supersupersecret' +Certificate Default Options +--------------------------- + +Lemur allows you to find tune your certificates to your organization. The following defaults are presented in the UI +and are used when Lemur creates the CSR for your certificates. + + +.. data:: LEMUR_DEFAULT_COUNTRY + :noindex: + + :: + + LEMUR_DEFAULT_COUNTRY = "US" + + +.. data:: LEMUR_DEFAULT_STATE + :noindex: + + :: + + LEMUR_DEFAULT_STATE = "CA" + + +.. data:: LEMUR_DEFAULT_LOCATION + :noindex: + + :: + + LEMUR_DEFAULT_LOCATION = "Los Gatos" + + +.. data:: LEMUR_DEFAULT_ORGANIZATION + :noindex: + + :: + + LEMUR_DEFAULT_ORGANIZATION = "Netflix" + + +.. data:: LEMUR_DEFAULT_ORGANIZATION_UNIT + :noindex: + + :: + + LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations" + + Notification Options -------------------- diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 7cde93bc..b6cb597d 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -7,7 +7,7 @@ """ from builtins import str -from flask import Blueprint, make_response, jsonify +from flask import Blueprint, current_app, make_response, jsonify from flask.ext.restful import reqparse, Api, fields from cryptography import x509 @@ -662,9 +662,59 @@ class NotificationCertificatesList(AuthenticatedResource): args['notification_id'] = notification_id return service.render(args) + +class CertificatesDefaults(AuthenticatedResource): + """ Defineds the 'certificates' defaults endpoint """ + def __init__(self): + super(CertificatesDefaults) + + def get(self): + """ + .. http:get:: /certificates/defaults + + Returns defaults needed to generate CSRs + + **Example request**: + + .. sourcecode:: http + + GET /certificates/defaults HTTP/1.1 + Host: example.com + Accept: application/json, text/javascript + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 200 OK + Vary: Accept + Content-Type: text/javascript + + { + "country": "US", + "state": "CA", + "location": "Los Gatos", + "organization": "Netflix", + "organizationalUnit": "Operations" + } + + :reqheader Authorization: OAuth token to authenticate + :statuscode 200: no error + :statuscode 403: unauthenticated + """ + return dict( + country=current_app.config.get('LEMUR_DEFAULT_COUNTRY'), + state=current_app.config.get('LEMUR_DEFAULT_STATE'), + location=current_app.config.get('LEMUR_DEFAULT_LOCATION'), + organization=current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'), + organizationalUnit=current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT') + ) + + api.add_resource(CertificatesList, '/certificates', endpoint='certificates') api.add_resource(Certificates, '/certificates/', endpoint='certificate') api.add_resource(CertificatesStats, '/certificates/stats', endpoint='certificateStats') api.add_resource(CertificatesUpload, '/certificates/upload', endpoint='certificateUpload') api.add_resource(CertificatePrivateKey, '/certificates//key', endpoint='privateKeyCertificates') api.add_resource(NotificationCertificatesList, '/notifications//certificates', endpoint='notificationCertificates') +api.add_resource(CertificatesDefaults, '/certificates/defaults', endpoint='certificatesDefault') diff --git a/lemur/manage.py b/lemur/manage.py index 1b53c591..c2c82b5e 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -78,6 +78,15 @@ LEMUR_RESTRICTED_DOMAINS = [] LEMUR_EMAIL = '' LEMUR_SECURITY_TEAM_EMAIL = [] +# Certificate Defaults + +LEMUR_DEFAULT_COUNTRY = '' +LEMUR_DEFAULT_STATE = '' +LEMUR_DEFAULT_LOCATION = '' +LEMUR_DEFAULT_ORGANIZATION = '' +LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = '' + + # Logging LOG_LEVEL = "DEBUG" diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js index b5253ea5..a7a1c374 100644 --- a/lemur/static/app/angular/certificates/certificate/certificate.js +++ b/lemur/static/app/angular/certificates/certificate/certificate.js @@ -25,6 +25,9 @@ angular.module('lemur') .controller('CertificateCreateController', function ($scope, $modalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService) { $scope.certificate = LemurRestangular.restangularizeElement(null, {}, 'certificates'); + // set the defaults + CertificateService.getDefaults($scope.certificate); + $scope.create = function (certificate) { WizardHandler.wizard().context.loading = true; CertificateService.create(certificate).then(function () { diff --git a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html index 356653b1..577f9672 100644 --- a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html @@ -6,7 +6,7 @@ Country
- +

You must enter a country

@@ -16,7 +16,7 @@ State
- +

You must enter a state

@@ -26,7 +26,7 @@ Location
- +

You must enter a location

@@ -36,7 +36,7 @@ Organization
- +

You must enter a organization

@@ -46,7 +46,7 @@ Organizational Unit
- +

You must enter a organizational unit

diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js index a6d1ba7a..b421537c 100644 --- a/lemur/static/app/angular/certificates/services.js +++ b/lemur/static/app/angular/certificates/services.js @@ -206,6 +206,16 @@ angular.module('lemur') }); }; + CertificateService.getDefaults = function (certificate) { + return certificate.customGET('defaults').then(function (defaults) { + certificate.country = defaults.country; + certificate.state = defaults.state; + certificate.location = defaults.location; + certificate.organization = defaults.organization; + certificate.organizationalUnit = defaults.organizationalUnit; + }); + }; + CertificateService.updateActive = function (certificate) { return certificate.put().then( function () {