commit
9d07b6644f
|
@ -367,7 +367,7 @@ def update_destinations(target, value, initiator):
|
||||||
destination_plugin = plugins.get(value.plugin_name)
|
destination_plugin = plugins.get(value.plugin_name)
|
||||||
status = FAILURE_METRIC_STATUS
|
status = FAILURE_METRIC_STATUS
|
||||||
try:
|
try:
|
||||||
if target.private_key:
|
if target.private_key or not destination_plugin.requires_key:
|
||||||
destination_plugin.upload(target.name, target.body, target.private_key, target.chain, value.options)
|
destination_plugin.upload(target.name, target.body, target.private_key, target.chain, value.options)
|
||||||
status = SUCCESS_METRIC_STATUS
|
status = SUCCESS_METRIC_STATUS
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
|
@ -540,6 +540,9 @@ def reissue_certificate(certificate, replace=None, user=None):
|
||||||
"""
|
"""
|
||||||
primitives = get_certificate_primitives(certificate)
|
primitives = get_certificate_primitives(certificate)
|
||||||
|
|
||||||
|
if primitives.get("csr"):
|
||||||
|
# We do not want to re-use the CSR when creating a certificate because this defeats the purpose of rotation.
|
||||||
|
del primitives["csr"]
|
||||||
if not user:
|
if not user:
|
||||||
primitives['creator'] = certificate.user
|
primitives['creator'] = certificate.user
|
||||||
|
|
||||||
|
|
|
@ -53,8 +53,10 @@ def fetch_acme_cert(id):
|
||||||
id: an id of a PendingCertificate
|
id: an id of a PendingCertificate
|
||||||
"""
|
"""
|
||||||
log_data = {
|
log_data = {
|
||||||
"function": "{}.{}".format(__name__, sys._getframe().f_code.co_name)
|
"function": "{}.{}".format(__name__, sys._getframe().f_code.co_name),
|
||||||
|
"message": "Resolving pending certificate {}".format(id)
|
||||||
}
|
}
|
||||||
|
current_app.logger.debug(log_data)
|
||||||
pending_certs = pending_certificate_service.get_pending_certs([id])
|
pending_certs = pending_certificate_service.get_pending_certs([id])
|
||||||
new = 0
|
new = 0
|
||||||
failed = 0
|
failed = 0
|
||||||
|
@ -138,12 +140,22 @@ def fetch_all_pending_acme_certs():
|
||||||
"""Instantiate celery workers to resolve all pending Acme certificates"""
|
"""Instantiate celery workers to resolve all pending Acme certificates"""
|
||||||
pending_certs = pending_certificate_service.get_unresolved_pending_certs()
|
pending_certs = pending_certificate_service.get_unresolved_pending_certs()
|
||||||
|
|
||||||
|
log_data = {
|
||||||
|
"function": "{}.{}".format(__name__, sys._getframe().f_code.co_name),
|
||||||
|
"message": "Starting job."
|
||||||
|
}
|
||||||
|
|
||||||
|
current_app.logger.debug(log_data)
|
||||||
|
|
||||||
# We only care about certs using the acme-issuer plugin
|
# We only care about certs using the acme-issuer plugin
|
||||||
for cert in pending_certs:
|
for cert in pending_certs:
|
||||||
cert_authority = get_authority(cert.authority_id)
|
cert_authority = get_authority(cert.authority_id)
|
||||||
if cert_authority.plugin_name == 'acme-issuer':
|
if cert_authority.plugin_name == 'acme-issuer':
|
||||||
if cert.last_updated == cert.date_created or datetime.now(
|
if datetime.now(timezone.utc) - cert.last_updated > timedelta(minutes=5):
|
||||||
timezone.utc) - cert.last_updated > timedelta(minutes=5):
|
log_data["message"] = "Triggering job for cert {}".format(cert.name)
|
||||||
|
log_data["cert_name"] = cert.name
|
||||||
|
log_data["cert_id"] = cert.id
|
||||||
|
current_app.logger.debug(log_data)
|
||||||
fetch_acme_cert.delay(cert.id)
|
fetch_acme_cert.delay(cert.id)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -35,8 +35,8 @@
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
|
||||||
from lemur.plugins import lemur_aws as aws
|
from lemur.plugins import lemur_aws as aws
|
||||||
from lemur.plugins.lemur_aws import iam, s3, elb, ec2
|
|
||||||
from lemur.plugins.bases import DestinationPlugin, ExportDestinationPlugin, SourcePlugin
|
from lemur.plugins.bases import DestinationPlugin, ExportDestinationPlugin, SourcePlugin
|
||||||
|
from lemur.plugins.lemur_aws import iam, s3, elb, ec2
|
||||||
|
|
||||||
|
|
||||||
def get_region_from_dns(dns):
|
def get_region_from_dns(dns):
|
||||||
|
|
|
@ -18,7 +18,7 @@ importlib-metadata==0.6 # via pre-commit
|
||||||
importlib-resources==1.0.2 # via pre-commit
|
importlib-resources==1.0.2 # via pre-commit
|
||||||
invoke==1.2.0
|
invoke==1.2.0
|
||||||
mccabe==0.6.1 # via flake8
|
mccabe==0.6.1 # via flake8
|
||||||
nodeenv==1.3.2
|
nodeenv==1.3.3
|
||||||
pkginfo==1.4.2 # via twine
|
pkginfo==1.4.2 # via twine
|
||||||
pre-commit==1.12.0
|
pre-commit==1.12.0
|
||||||
pycodestyle==2.3.1 # via flake8
|
pycodestyle==2.3.1 # via flake8
|
||||||
|
@ -27,7 +27,7 @@ pygments==2.2.0 # via readme-renderer
|
||||||
pyyaml==3.13 # via aspy.yaml, pre-commit
|
pyyaml==3.13 # via aspy.yaml, pre-commit
|
||||||
readme-renderer==24.0 # via twine
|
readme-renderer==24.0 # via twine
|
||||||
requests-toolbelt==0.8.0 # via twine
|
requests-toolbelt==0.8.0 # via twine
|
||||||
requests==2.20.0 # via requests-toolbelt, twine
|
requests==2.20.1 # via requests-toolbelt, twine
|
||||||
six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer
|
six==1.11.0 # via bleach, cfgv, pre-commit, readme-renderer
|
||||||
toml==0.10.0 # via pre-commit
|
toml==0.10.0 # via pre-commit
|
||||||
tqdm==4.28.1 # via twine
|
tqdm==4.28.1 # via twine
|
||||||
|
|
|
@ -38,7 +38,7 @@ flask-principal==0.4.0
|
||||||
flask-restful==0.3.6
|
flask-restful==0.3.6
|
||||||
flask-script==2.0.6
|
flask-script==2.0.6
|
||||||
flask-sqlalchemy==2.3.2
|
flask-sqlalchemy==2.3.2
|
||||||
flask==0.12.4
|
flask==1.0.2
|
||||||
future==0.17.1
|
future==0.17.1
|
||||||
gunicorn==19.9.0
|
gunicorn==19.9.0
|
||||||
idna==2.7
|
idna==2.7
|
||||||
|
@ -84,7 +84,7 @@ s3transfer==0.1.13
|
||||||
six==1.11.0
|
six==1.11.0
|
||||||
snowballstemmer==1.2.1 # via sphinx
|
snowballstemmer==1.2.1 # via sphinx
|
||||||
sphinx-rtd-theme==0.4.2
|
sphinx-rtd-theme==0.4.2
|
||||||
sphinx==1.8.1
|
sphinx==1.8.2
|
||||||
sphinxcontrib-httpdomain==1.7.0
|
sphinxcontrib-httpdomain==1.7.0
|
||||||
sphinxcontrib-websupport==1.1.0 # via sphinx
|
sphinxcontrib-websupport==1.1.0 # via sphinx
|
||||||
sqlalchemy-utils==0.33.6
|
sqlalchemy-utils==0.33.6
|
||||||
|
|
|
@ -8,15 +8,15 @@ asn1crypto==0.24.0 # via cryptography
|
||||||
atomicwrites==1.2.1 # via pytest
|
atomicwrites==1.2.1 # via pytest
|
||||||
attrs==18.2.0 # via pytest
|
attrs==18.2.0 # via pytest
|
||||||
aws-xray-sdk==0.95 # via moto
|
aws-xray-sdk==0.95 # via moto
|
||||||
boto3==1.9.37 # via moto
|
boto3==1.9.42 # via moto
|
||||||
boto==2.49.0 # via moto
|
boto==2.49.0 # via moto
|
||||||
botocore==1.12.37 # via boto3, moto, s3transfer
|
botocore==1.12.42 # via boto3, moto, s3transfer
|
||||||
certifi==2018.10.15 # via requests
|
certifi==2018.10.15 # via requests
|
||||||
cffi==1.11.5 # via cryptography
|
cffi==1.11.5 # via cryptography
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
click==7.0 # via flask
|
click==7.0 # via flask
|
||||||
coverage==4.5.1
|
coverage==4.5.2
|
||||||
cryptography==2.3.1 # via moto
|
cryptography==2.4.1 # via moto
|
||||||
docker-pycreds==0.3.0 # via docker
|
docker-pycreds==0.3.0 # via docker
|
||||||
docker==3.5.1 # via moto
|
docker==3.5.1 # via moto
|
||||||
docutils==0.14 # via botocore
|
docutils==0.14 # via botocore
|
||||||
|
@ -46,14 +46,14 @@ pycryptodome==3.7.0 # via python-jose
|
||||||
pyflakes==2.0.0
|
pyflakes==2.0.0
|
||||||
pytest-flask==0.14.0
|
pytest-flask==0.14.0
|
||||||
pytest-mock==1.10.0
|
pytest-mock==1.10.0
|
||||||
pytest==3.10.0
|
pytest==3.10.1
|
||||||
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
|
python-dateutil==2.7.5 # via botocore, faker, freezegun, moto
|
||||||
python-jose==2.0.2 # via moto
|
python-jose==2.0.2 # via moto
|
||||||
pytz==2018.7 # via moto
|
pytz==2018.7 # via moto
|
||||||
pyyaml==3.13 # via pyaml
|
pyyaml==3.13 # via pyaml
|
||||||
requests-mock==1.5.2
|
requests-mock==1.5.2
|
||||||
requests==2.20.0 # via aws-xray-sdk, docker, moto, requests-mock, responses
|
requests==2.20.1 # via aws-xray-sdk, docker, moto, requests-mock, responses
|
||||||
responses==0.10.2 # via moto
|
responses==0.10.3 # via moto
|
||||||
s3transfer==0.1.13 # via boto3
|
s3transfer==0.1.13 # via boto3
|
||||||
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
|
||||||
text-unidecode==1.2 # via faker
|
text-unidecode==1.2 # via faker
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
#
|
#
|
||||||
# pip-compile --no-index --output-file requirements.txt requirements.in
|
# pip-compile --no-index --output-file requirements.txt requirements.in
|
||||||
#
|
#
|
||||||
acme==0.27.1
|
acme==0.28.0
|
||||||
alembic-autogenerate-enums==0.0.2
|
alembic-autogenerate-enums==0.0.2
|
||||||
alembic==1.0.2 # via flask-migrate
|
alembic==1.0.2 # via flask-migrate
|
||||||
amqp==2.3.2 # via kombu
|
amqp==2.3.2 # via kombu
|
||||||
|
@ -15,21 +15,21 @@ asyncpool==1.0
|
||||||
bcrypt==3.1.4 # via flask-bcrypt, paramiko
|
bcrypt==3.1.4 # via flask-bcrypt, paramiko
|
||||||
billiard==3.5.0.4 # via celery
|
billiard==3.5.0.4 # via celery
|
||||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||||
boto3==1.9.37
|
boto3==1.9.42
|
||||||
botocore==1.12.37
|
botocore==1.12.42
|
||||||
celery[redis]==4.2.1
|
celery[redis]==4.2.1
|
||||||
certifi==2018.10.15
|
certifi==2018.10.15
|
||||||
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
cffi==1.11.5 # via bcrypt, cryptography, pynacl
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
click==7.0 # via flask
|
click==7.0 # via flask
|
||||||
cloudflare==2.1.0
|
cloudflare==2.1.0
|
||||||
cryptography==2.3.1
|
cryptography==2.4.1
|
||||||
dnspython3==1.15.0
|
dnspython3==1.15.0
|
||||||
dnspython==1.15.0 # via dnspython3
|
dnspython==1.15.0 # via dnspython3
|
||||||
docutils==0.14 # via botocore
|
docutils==0.14 # via botocore
|
||||||
dyn==1.8.1
|
dyn==1.8.1
|
||||||
flask-bcrypt==0.7.1
|
flask-bcrypt==0.7.1
|
||||||
flask-cors==3.0.6
|
flask-cors==3.0.7
|
||||||
flask-mail==0.9.1
|
flask-mail==0.9.1
|
||||||
flask-migrate==2.3.0
|
flask-migrate==2.3.0
|
||||||
flask-principal==0.4.0
|
flask-principal==0.4.0
|
||||||
|
@ -57,7 +57,7 @@ ndg-httpsclient==0.5.1
|
||||||
paramiko==2.4.2
|
paramiko==2.4.2
|
||||||
pbr==5.1.1 # via mock
|
pbr==5.1.1 # via mock
|
||||||
pem==18.2.0
|
pem==18.2.0
|
||||||
psycopg2==2.7.5
|
psycopg2==2.7.6.1
|
||||||
pyasn1-modules==0.2.2 # via python-ldap
|
pyasn1-modules==0.2.2 # via python-ldap
|
||||||
pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
|
pyasn1==0.4.4 # via ndg-httpsclient, paramiko, pyasn1-modules, python-ldap
|
||||||
pycparser==2.19 # via cffi
|
pycparser==2.19 # via cffi
|
||||||
|
@ -73,12 +73,12 @@ pyyaml==3.13 # via cloudflare
|
||||||
raven[flask]==6.9.0
|
raven[flask]==6.9.0
|
||||||
redis==2.10.6 # via celery
|
redis==2.10.6 # via celery
|
||||||
requests-toolbelt==0.8.0 # via acme
|
requests-toolbelt==0.8.0 # via acme
|
||||||
requests[security]==2.20.0
|
requests[security]==2.20.1
|
||||||
retrying==1.3.3
|
retrying==1.3.3
|
||||||
s3transfer==0.1.13 # via boto3
|
s3transfer==0.1.13 # via boto3
|
||||||
six==1.11.0
|
six==1.11.0
|
||||||
sqlalchemy-utils==0.33.6
|
sqlalchemy-utils==0.33.6
|
||||||
sqlalchemy==1.2.13 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
|
sqlalchemy==1.2.14 # via alembic, flask-sqlalchemy, marshmallow-sqlalchemy, sqlalchemy-utils
|
||||||
tabulate==0.8.2
|
tabulate==0.8.2
|
||||||
urllib3==1.24.1 # via botocore, requests
|
urllib3==1.24.1 # via botocore, requests
|
||||||
vine==1.1.4 # via amqp
|
vine==1.1.4 # via amqp
|
||||||
|
|
Loading…
Reference in New Issue