Closes #415

lemur/certificates/schemas.py

@@ -77,11 +77,25 @@ class CertificateInputSchema(CertificateCreationSchema):
 
 class CertificateEditInputSchema(CertificateSchema):
     notify = fields.Boolean()
+    owner = fields.String()
     destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
     notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
     replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
     roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
 
+    @post_load
+    def enforce_notifications(self, data):
+        """
+        Ensures that when an owner changes, default notifications are added for the new owner.
+        Old owner notifications are retained unless explicitly removed.
+        :param data:
+        :return:
+        """
+        if data['owner']:
+            notification_name = "DEFAULT_{0}".format(data['owner'].split('@')[0].upper())
+            data['notifications'] += notification_service.create_default_expiration_notifications(notification_name, [data['owner']])
+        return data
+
 
 class CertificateNestedOutputSchema(LemurOutputSchema):
     __envelope__ = False

lemur/tests/test_certificates.py

@@ -9,6 +9,14 @@ from lemur.tests.vectors import VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKE
     INTERNAL_VALID_LONG_STR, INTERNAL_VALID_SAN_STR, PRIVATE_KEY_STR
 
 
+def test_certificate_edit_schema(session):
+    from lemur.certificates.schemas import CertificateEditInputSchema
+
+    input_data = {'owner': 'bob@example.com'}
+    data, errors = CertificateEditInputSchema().load(input_data)
+    assert len(data['notifications']) == 3
+
+
 def test_authority_identifier_schema():
     from lemur.schemas import AuthorityIdentifierSchema
     input_data = {'useAuthorityCert': True}