creating a cli to handle entrust deactivation

2020-10-21 19:52:51 -07:00 · 2020-10-21 19:52:51 -07:00 · a4dba0cb35
parent 906b3b2337
commit a4dba0cb35
1 changed files with 41 additions and 0 deletions
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@ -735,3 +735,44 @@ def automatically_enable_autorotate():
                                  })
        cert.rotation = True
        database.update(cert)
+
+
+@manager.command
+def deactivate_entrust_certificates():
+    """
+    Attempt to deactivate test certificates issued by Entrust
+    """
+
+    log_data = {
+        "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+        "message": "Deactivating Entrust certificates"
+    }
+
+    certificates = get_all_valid_certs(['entrust-issuer'])
+    entrust_plugin = plugins.get('entrust-issuer')
+    for cert in certificates:
+        try:
+            response = entrust_plugin.deactivate_certificate(cert)
+            if response == 200:
+                cert.status = "revoked"
+            else:
+                cert.status = "unknown"
+
+            log_data["valid"] = cert.status
+            log_data["certificate_name"] = cert.name
+            log_data["certificate_id"] = cert.id
+            metrics.send(
+                "certificate_deactivate",
+                "counter",
+                1,
+                metric_tags={"status": log_data["valid"],
+                             "certificate_name": log_data["certificate_name"],
+                             "certificate_id": log_data["certificate_id"]},
+            )
+            current_app.logger.info(log_data)
+
+            database.update(cert)
+
+        except Exception as e:
+            sentry.captureException()
+            current_app.logger.exception(e)