diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 77f2f5b3..81b5dca2 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -297,7 +297,7 @@ def create_csr(csr_config): x509.SubjectAlternativeName(general_names), critical=True ) - # TODO support more CSR options, none of the authorities support these atm + # TODO support more CSR options, none of the authority plugins currently support these options # builder.add_extension( # x509.KeyUsage( # digital_signature=digital_signature, diff --git a/lemur/manage.py b/lemur/manage.py index 93d07955..31af39c7 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -18,6 +18,7 @@ from lemur.users import service as user_service from lemur.roles import service as role_service from lemur.certificates import service as cert_service from lemur.sources import service as source_service +from lemur.notifications import service as notification_service from lemur.certificates.verify import verify_string from lemur.sources.service import sync @@ -256,6 +257,83 @@ class InitializeApp(Command): else: sys.stdout.write("[-] Default user has already been created, skipping...!\n") + thirty_day = notification_service.get_by_label("SECURITY_TEAM_30_DAY") + ten_day = notification_service.get_by_label("SECURITY_TEAM_10_DAY") + two_day = notification_service.get_by_label("SECURITY_TEAM_2_DAY") + sys.stdout.write("[+] Creating default email notifications!\n") + + to = ",".join(current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL")) + + options = [ + { + 'name': 'recipients', + 'value': to + }, + { + 'name': 'unit', + 'value': 'days' + } + ] + + if not thirty_day: + inter = [{ + 'name': 'interval', + 'value': 30, + }] + inter.extend(options) + notification_service.create( + label="SECURITY_TEAM_30_DAY", + plugin_name="email-notification", + options=list(inter), + description="Default 30 day expiration notification", + certificates=[] + ) + sys.stdout.write("[+] Created 30 day email notification for {recipients}!\n".format(recipients=to)) + else: + sys.stdout.write("[-] Skipping 30 day email notification already created for {recipients}!\n".format( + recipients=to) + ) + + if not ten_day: + inter = [{ + 'name': 'interval', + 'value': 10, + }] + inter.extend(options) + notification_service.create( + label="SECURITY_TEAM_30_DAY", + plugin_name="email-notification", + options=list(inter), + description="Default 10 day expiration notification", + certificates=[] + ) + sys.stdout.write("[+] Created 10 day email notification for {recipients}!\n".format(recipients=to)) + else: + sys.stdout.write("[-] Skipping 10 day email notification already created for {recipients}!\n".format( + recipients=to) + ) + + if not two_day: + inter = [{ + 'name': 'interval', + 'value': 2, + }] + inter.extend(options) + notification_service.create( + label="SECURITY_TEAM_30_DAY", + plugin_name="email-notification", + options=list(inter), + description="Default 2 day expiration notification", + certificates=[] + ) + sys.stdout.write("[+] Created 2 day email notification for {recipients}!\n".format( + recipients=to) + ) + else: + sys.stdout.write("[-] Skipping 2 day email notification already created for {recipients}!\n".format( + recipients=to) + ) + sys.stdout.write("[/] Done!\n")