Merge branch 'master' into upgrade-dependabot

This commit is contained in:
Jasmine Schladen 2021-03-16 15:41:18 -07:00 committed by GitHub
commit b5c38c2854
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 211 additions and 16 deletions

View File

@ -18,6 +18,16 @@ jobs:
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: '3.x'
- name: Autobump version
run: |
# from refs/tags/v0.8.1 get 0.8.1
VERSION=$(echo $GITHUB_REF | sed 's#.*/v##')
PLACEHOLDER='__version__ = "develop"'
VERSION_FILE='lemur/__about__.py'
# in case placeholder is missing, exists with code 1 and github actions aborts the build
grep "$PLACEHOLDER" "$VERSION_FILE"
sed -i "s/$PLACEHOLDER/__version__ = \"${VERSION}\"/g" "$VERSION_FILE"
shell: bash
- name: Install dependencies - name: Install dependencies
run: | run: |
python -m pip install --upgrade pip python -m pip install --upgrade pip

View File

@ -1,6 +1,37 @@
Changelog Changelog
========= =========
0.8.1 - `2021-03-12`
~~~~~~~~~~~~~~~~~~~~
This release includes improvements on many fronts, such as:
- Notifications:
- Enhanced SNS flow
- Expiration Summary
- CA expiration email
- EC algorithm as the default
- Improved revocation flow
- Localized AWS STS option
- Improved Lemur doc building
- ACME:
- reduced failed attempts to 3x trials
- support for selecting the chain (Let's Encrypt X1 transition)
- revocation
- http01 documentation
- Entrust:
- Support for cross-signed intermediate CA
- Revised disclosure process
- Dependency updates and conflict resolutions
Special thanks to all who contributed to this release, notably:
- `peschmae <https://github.com/peschmae>`_
- `atugushev <https://github.com/atugushev>`_
- `sirferl <https://github.com/sirferl>`_
0.8.0 - `2020-11-13` 0.8.0 - `2020-11-13`
~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~

View File

@ -875,7 +875,7 @@ account. See :ref:`Using a pre-existing ACME account <AcmeAccountReuse>` for mor
:noindex: :noindex:
This is an optional parameter to indicate the preferred chain to retrieve from ACME when finalizing the order. This is an optional parameter to indicate the preferred chain to retrieve from ACME when finalizing the order.
This is applicable to Let's Encrypts recent `migration https://letsencrypt.org/certificates/`_ to their This is applicable to Let's Encrypts recent `migration <https://letsencrypt.org/certificates/>`_ to their
own root, where they provide two distinct certificate chains (fullchain_pem vs. alternative_fullchains_pem); own root, where they provide two distinct certificate chains (fullchain_pem vs. alternative_fullchains_pem);
the main chain will be the long chain that is rooted in the expiring DTS root, whereas the alternative chain the main chain will be the long chain that is rooted in the expiring DTS root, whereas the alternative chain
is rooted in X1 root CA. is rooted in X1 root CA.

View File

@ -15,7 +15,7 @@ __title__ = "lemur"
__summary__ = "Certificate management and orchestration service" __summary__ = "Certificate management and orchestration service"
__uri__ = "https://github.com/Netflix/lemur" __uri__ = "https://github.com/Netflix/lemur"
__version__ = "0.8.0" __version__ = "develop"
__author__ = "The Lemur developers" __author__ = "The Lemur developers"
__email__ = "security@netflix.com" __email__ = "security@netflix.com"

View File

@ -50,7 +50,7 @@ packaging==20.9
# via bleach # via bleach
pkginfo==1.5.0.1 pkginfo==1.5.0.1
# via twine # via twine
pre-commit==2.11.0 pre-commit==2.11.1
# via -r requirements-dev.in # via -r requirements-dev.in
pycodestyle==2.6.0 pycodestyle==2.6.0
# via flake8 # via flake8

View File

@ -7,6 +7,7 @@ acme
arrow arrow
boto3 boto3
botocore botocore
certbot
certsrv certsrv
CloudFlare CloudFlare
cryptography cryptography

View File

@ -5,7 +5,10 @@
# pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in # pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
# #
acme==1.13.0 acme==1.13.0
# via -r requirements-docs.in # via
# -r requirements-docs.in
# -r requirements-tests.txt
# certbot
alabaster==0.7.12 alabaster==0.7.12
# via sphinx # via sphinx
alembic==1.5.5 alembic==1.5.5
@ -48,7 +51,7 @@ blinker==1.4
# flask-mail # flask-mail
# flask-principal # flask-principal
# raven # raven
boto3==1.17.22 boto3==1.17.27
# via # via
# -r requirements-docs.in # -r requirements-docs.in
# -r requirements-tests.txt # -r requirements-tests.txt
@ -58,7 +61,7 @@ boto==2.49.0
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
# moto # moto
botocore==1.20.22 botocore==1.20.27
# via # via
# -r requirements-docs.in # -r requirements-docs.in
# -r requirements-tests.txt # -r requirements-tests.txt
@ -66,6 +69,10 @@ botocore==1.20.22
# boto3 # boto3
# moto # moto
# s3transfer # s3transfer
certbot==1.13.0
# via
# -r requirements-docs.in
# -r requirements-tests.txt
certifi==2020.12.5 certifi==2020.12.5
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
@ -93,6 +100,14 @@ click==7.1.2
# flask # flask
cloudflare==2.8.15 cloudflare==2.8.15
# via -r requirements-docs.in # via -r requirements-docs.in
configargparse==1.4
# via
# -r requirements-tests.txt
# certbot
configobj==5.0.6
# via
# -r requirements-tests.txt
# certbot
coverage==5.5 coverage==5.5
# via -r requirements-tests.txt # via -r requirements-tests.txt
cryptography==3.4.6 cryptography==3.4.6
@ -100,6 +115,7 @@ cryptography==3.4.6
# -r requirements-docs.in # -r requirements-docs.in
# -r requirements-tests.txt # -r requirements-tests.txt
# acme # acme
# certbot
# josepy # josepy
# moto # moto
# paramiko # paramiko
@ -110,6 +126,10 @@ decorator==4.4.2
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
# networkx # networkx
distro==1.5.0
# via
# -r requirements-tests.txt
# certbot
dnspython3==1.15.0 dnspython3==1.15.0
# via -r requirements-docs.in # via -r requirements-docs.in
dnspython==1.15.0 dnspython==1.15.0
@ -225,7 +245,9 @@ jmespath==0.9.5
josepy==1.7.0 josepy==1.7.0
# via # via
# -r requirements-docs.in # -r requirements-docs.in
# -r requirements-tests.txt
# acme # acme
# certbot
jsondiff==1.1.2 jsondiff==1.1.2
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
@ -292,6 +314,10 @@ packaging==20.3
# sphinx # sphinx
paramiko==2.7.2 paramiko==2.7.2
# via -r requirements-docs.in # via -r requirements-docs.in
parsedatetime==2.6
# via
# -r requirements-tests.txt
# certbot
pathspec==0.8.0 pathspec==0.8.0
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
@ -338,6 +364,7 @@ pynacl==1.4.0
pyopenssl==20.0.1 pyopenssl==20.0.1
# via # via
# -r requirements-docs.in # -r requirements-docs.in
# -r requirements-tests.txt
# acme # acme
# josepy # josepy
pyparsing==2.4.7 pyparsing==2.4.7
@ -345,7 +372,10 @@ pyparsing==2.4.7
# -r requirements-tests.txt # -r requirements-tests.txt
# packaging # packaging
pyrfc3339==1.1 pyrfc3339==1.1
# via acme # via
# -r requirements-tests.txt
# acme
# certbot
pyrsistent==0.16.0 pyrsistent==0.16.0
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
@ -381,6 +411,7 @@ pytz==2019.3
# -r requirements-tests.txt # -r requirements-tests.txt
# acme # acme
# babel # babel
# certbot
# flask-restful # flask-restful
# moto # moto
# pyrfc3339 # pyrfc3339
@ -405,7 +436,9 @@ regex==2020.4.4
requests-mock==1.8.0 requests-mock==1.8.0
# via -r requirements-tests.txt # via -r requirements-tests.txt
requests-toolbelt==0.9.1 requests-toolbelt==0.9.1
# via acme # via
# -r requirements-tests.txt
# acme
requests==2.25.1 requests==2.25.1
# via # via
# -r requirements-tests.txt # -r requirements-tests.txt
@ -440,6 +473,7 @@ six==1.15.0
# bandit # bandit
# bcrypt # bcrypt
# cfn-lint # cfn-lint
# configobj
# docker # docker
# ecdsa # ecdsa
# fakeredis # fakeredis
@ -563,6 +597,36 @@ zipp==3.1.0
# -r requirements-tests.txt # -r requirements-tests.txt
# importlib-metadata # importlib-metadata
# moto # moto
zope.component==4.6.2
# via
# -r requirements-tests.txt
# certbot
zope.deferredimport==4.3.1
# via
# -r requirements-tests.txt
# zope.component
zope.deprecation==4.4.0
# via
# -r requirements-tests.txt
# zope.component
zope.event==4.5.0
# via
# -r requirements-tests.txt
# zope.component
zope.hookable==5.0.1
# via
# -r requirements-tests.txt
# zope.component
zope.interface==5.2.0
# via
# -r requirements-tests.txt
# certbot
# zope.component
# zope.proxy
zope.proxy==4.3.5
# via
# -r requirements-tests.txt
# zope.deferredimport
# The following packages are considered to be unsafe in a requirements file: # The following packages are considered to be unsafe in a requirements file:
# setuptools # setuptools

View File

@ -4,6 +4,8 @@
# #
# pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in # pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in
# #
acme==1.13.0
# via certbot
appdirs==1.4.3 appdirs==1.4.3
# via black # via black
attrs==19.3.0 attrs==19.3.0
@ -18,19 +20,20 @@ bandit==1.7.0
# via -r requirements-tests.in # via -r requirements-tests.in
black==20.8b1 black==20.8b1
# via -r requirements-tests.in # via -r requirements-tests.in
boto3==1.17.22 boto3==1.17.27
# via # via
# aws-sam-translator # aws-sam-translator
# moto # moto
boto==2.49.0 boto==2.49.0
# via moto # via moto
botocore==1.20.22 botocore==1.20.27
# via # via
# aws-xray-sdk # aws-xray-sdk
# boto3 # boto3
# moto # moto
# s3transfer # s3transfer
certbot==1.13.0 certbot==1.13.0
# via -r requirements-tests.in
certifi==2020.12.5 certifi==2020.12.5
# via requests # via requests
cffi==1.14.0 cffi==1.14.0
@ -43,15 +46,25 @@ click==7.1.2
# via # via
# black # black
# flask # flask
configargparse==1.4
# via certbot
configobj==5.0.6
# via certbot
coverage==5.5 coverage==5.5
# via -r requirements-tests.in # via -r requirements-tests.in
cryptography==3.4.6 cryptography==3.4.6
# via # via
# acme
# certbot
# josepy
# moto # moto
# pyopenssl
# python-jose # python-jose
# sshpubkeys # sshpubkeys
decorator==4.4.2 decorator==4.4.2
# via networkx # via networkx
distro==1.5.0
# via certbot
docker==4.2.0 docker==4.2.0
# via moto # via moto
ecdsa==0.14.1 ecdsa==0.14.1
@ -95,6 +108,10 @@ jmespath==0.9.5
# via # via
# boto3 # boto3
# botocore # botocore
josepy==1.7.0
# via
# acme
# certbot
jsondiff==1.1.2 jsondiff==1.1.2
# via moto # via moto
jsonpatch==1.25 jsonpatch==1.25
@ -125,6 +142,8 @@ nose==1.3.7
# via -r requirements-tests.in # via -r requirements-tests.in
packaging==20.3 packaging==20.3
# via pytest # via pytest
parsedatetime==2.6
# via certbot
pathspec==0.8.0 pathspec==0.8.0
# via black # via black
pbr==5.4.5 pbr==5.4.5
@ -141,8 +160,16 @@ pycparser==2.20
# via cffi # via cffi
pyflakes==2.2.0 pyflakes==2.2.0
# via -r requirements-tests.in # via -r requirements-tests.in
pyopenssl==20.0.1
# via
# acme
# josepy
pyparsing==2.4.7 pyparsing==2.4.7
# via packaging # via packaging
pyrfc3339==1.1
# via
# acme
# certbot
pyrsistent==0.16.0 pyrsistent==0.16.0
# via jsonschema # via jsonschema
pytest-flask==1.2.0 pytest-flask==1.2.0
@ -163,7 +190,11 @@ python-dateutil==2.8.1
python-jose[cryptography]==3.1.0 python-jose[cryptography]==3.1.0
# via moto # via moto
pytz==2019.3 pytz==2019.3
# via moto # via
# acme
# certbot
# moto
# pyrfc3339
pyyaml==5.4.1 pyyaml==5.4.1
# via # via
# -r requirements-tests.in # -r requirements-tests.in
@ -176,11 +207,15 @@ regex==2020.4.4
# via black # via black
requests-mock==1.8.0 requests-mock==1.8.0
# via -r requirements-tests.in # via -r requirements-tests.in
requests-toolbelt==0.9.1
# via acme
requests==2.25.1 requests==2.25.1
# via # via
# acme
# docker # docker
# moto # moto
# requests-mock # requests-mock
# requests-toolbelt
# responses # responses
responses==0.10.12 responses==0.10.12
# via moto # via moto
@ -193,12 +228,15 @@ six==1.15.0
# aws-sam-translator # aws-sam-translator
# bandit # bandit
# cfn-lint # cfn-lint
# configobj
# docker # docker
# ecdsa # ecdsa
# fakeredis # fakeredis
# josepy
# jsonschema # jsonschema
# moto # moto
# packaging # packaging
# pyopenssl
# pyrsistent # pyrsistent
# python-dateutil # python-dateutil
# python-jose # python-jose
@ -243,6 +281,23 @@ zipp==3.1.0
# via # via
# importlib-metadata # importlib-metadata
# moto # moto
zope.component==4.6.2
# via certbot
zope.deferredimport==4.3.1
# via zope.component
zope.deprecation==4.4.0
# via zope.component
zope.event==4.5.0
# via zope.component
zope.hookable==5.0.1
# via zope.component
zope.interface==5.2.0
# via
# certbot
# zope.component
# zope.proxy
zope.proxy==4.3.5
# via zope.deferredimport
# The following packages are considered to be unsafe in a requirements file: # The following packages are considered to be unsafe in a requirements file:
# setuptools # setuptools

View File

@ -5,7 +5,9 @@
# pip-compile --no-index --output-file=requirements.txt requirements.in # pip-compile --no-index --output-file=requirements.txt requirements.in
# #
acme==1.13.0 acme==1.13.0
# via -r requirements.in # via
# -r requirements.in
# certbot
alembic-autogenerate-enums==0.0.2 alembic-autogenerate-enums==0.0.2
# via -r requirements.in # via -r requirements.in
alembic==1.4.2 alembic==1.4.2
@ -31,9 +33,9 @@ blinker==1.4
# flask-mail # flask-mail
# flask-principal # flask-principal
# raven # raven
boto3==1.17.22 boto3==1.17.27
# via -r requirements.in # via -r requirements.in
botocore==1.20.22 botocore==1.20.27
# via # via
# -r requirements.in # -r requirements.in
# boto3 # boto3
@ -41,6 +43,7 @@ botocore==1.20.22
celery[redis]==4.4.2 celery[redis]==4.4.2
# via -r requirements.in # via -r requirements.in
certbot==1.13.0 certbot==1.13.0
# via -r requirements.in
certifi==2020.12.5 certifi==2020.12.5
# via # via
# -r requirements.in # -r requirements.in
@ -58,13 +61,20 @@ click==7.1.2
# via flask # via flask
cloudflare==2.8.15 cloudflare==2.8.15
# via -r requirements.in # via -r requirements.in
configargparse==1.4
# via certbot
configobj==5.0.6
# via certbot
cryptography==3.4.6 cryptography==3.4.6
# via # via
# -r requirements.in # -r requirements.in
# acme # acme
# certbot
# josepy # josepy
# paramiko # paramiko
# pyopenssl # pyopenssl
distro==1.5.0
# via certbot
dnspython3==1.15.0 dnspython3==1.15.0
# via -r requirements.in # via -r requirements.in
dnspython==1.15.0 dnspython==1.15.0
@ -126,7 +136,9 @@ jmespath==0.9.5
# boto3 # boto3
# botocore # botocore
josepy==1.7.0 josepy==1.7.0
# via acme # via
# acme
# certbot
jsonlines==1.2.0 jsonlines==1.2.0
# via cloudflare # via cloudflare
kombu==4.6.8 kombu==4.6.8
@ -151,6 +163,8 @@ ndg-httpsclient==0.5.1
# via -r requirements.in # via -r requirements.in
paramiko==2.7.2 paramiko==2.7.2
# via -r requirements.in # via -r requirements.in
parsedatetime==2.6
# via certbot
pem==21.1.0 pem==21.1.0
# via -r requirements.in # via -r requirements.in
psycopg2==2.8.6 psycopg2==2.8.6
@ -182,7 +196,9 @@ pyopenssl==20.0.1
# josepy # josepy
# ndg-httpsclient # ndg-httpsclient
pyrfc3339==1.1 pyrfc3339==1.1
# via acme # via
# acme
# certbot
python-dateutil==2.8.1 python-dateutil==2.8.1
# via # via
# alembic # alembic
@ -198,6 +214,7 @@ pytz==2019.3
# via # via
# acme # acme
# celery # celery
# certbot
# flask-restful # flask-restful
# pyrfc3339 # pyrfc3339
pyyaml==5.4.1 pyyaml==5.4.1
@ -228,6 +245,7 @@ six==1.15.0
# via # via
# -r requirements.in # -r requirements.in
# bcrypt # bcrypt
# configobj
# flask-cors # flask-cors
# flask-restful # flask-restful
# hvac # hvac
@ -264,6 +282,22 @@ werkzeug==1.0.1
# via flask # via flask
xmltodict==0.12.0 xmltodict==0.12.0
# via -r requirements.in # via -r requirements.in
zope.component==4.6.2
# via certbot
zope.deferredimport==4.3.1
# via zope.component
zope.deprecation==4.4.0
# via zope.component
zope.event==4.5.0
# via zope.component
zope.hookable==5.0.1
# via zope.component
zope.interface==5.2.0
# via
# certbot
# zope.component
zope.proxy==4.3.5
# via zope.deferredimport
# The following packages are considered to be unsafe in a requirements file: # The following packages are considered to be unsafe in a requirements file:
# setuptools # setuptools