Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

This commit is contained in:
Ilya Makarov 2020-03-11 00:29:07 +03:00
parent 790367ea5a cd7adacca3
commit ad86cf1fd9
3 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/administration.rst
View File

@ -735,6 +735,12 @@ The following configuration properties are required to use the Digicert issuer p
This is the default validity (in years), if no end date is specified. (Default: 1) This is the default validity (in years), if no end date is specified. (Default: 1)
.. data:: DIGICERT_MAX_VALIDITY
:noindex:
This is the maximum validity (in years). (Default: value of DIGICERT_DEFAULT_VALIDITY)
.. data:: DIGICERT_PRIVATE .. data:: DIGICERT_PRIVATE
:noindex: :noindex:
@ -1008,6 +1014,18 @@ The following configuration properties are required to use the PowerDNS ACME Plu
This is the number of times DNS Verification should be attempted (i.e. 20) This is the number of times DNS Verification should be attempted (i.e. 20)
.. data:: ACME_POWERDNS_VERIFY
:noindex:
This configures how TLS certificates on the PowerDNS API target are validated. The PowerDNS Plugin depends on the PyPi requests library, which supports the following options for the verify parameter:
True: Verifies the TLS certificate was issued by a known publicly-trusted CA. (Default)
False: Disables certificate validation (Not Recommended)
File/Dir path to CA Bundle: Verifies the TLS certificate was issued by a Certificate Authority in the provided CA bundle.
.. _CommandLineInterface: .. _CommandLineInterface:
Command Line Interface Command Line Interface

7
lemur/plugins/lemur_acme/powerdns.py
View File

@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
def _get(path, params=None): def _get(path, params=None):
""" Execute a GET request on the given URL (base_uri + path) and return response as JSON object """ """ Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.get( resp = requests.get(
f"{base_uri}{path}", f"{base_uri}{path}",
headers=_generate_header(), headers=_generate_header(),
params=params, params=params,
verify=True, verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()
return resp.json() return resp.json()
@ -259,9 +260,11 @@ def _get(path, params=None):
def _patch(path, payload): def _patch(path, payload):
""" Execute a Patch request on the given URL (base_uri + path) with given payload """ """ Execute a Patch request on the given URL (base_uri + path) with given payload """
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN") base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
resp = requests.patch( resp = requests.patch(
f"{base_uri}{path}", f"{base_uri}{path}",
data=json.dumps(payload), data=json.dumps(payload),
headers=_generate_header() headers=_generate_header(),
verify=verify_value
) )
resp.raise_for_status() resp.raise_for_status()

1
lemur/static/app/angular/certificates/certificate/tracking.tpl.html
View File

@ -140,7 +140,6 @@
<select ng-model="certificate.validityYears" class="form-control"> <select ng-model="certificate.validityYears" class="form-control">
<option value="">-</option> <option value="">-</option>
<option value="1">1 year</option> <option value="1">1 year</option>
<option value="2">2 years</option>
</select> </select>
</div> </div>
<span style="padding-top: 15px" class="text-center col-sm-1"> <span style="padding-top: 15px" class="text-center col-sm-1">