From b99aad743beb7e0288fd142aeeaed93c2899128c Mon Sep 17 00:00:00 2001 From: Dmitry Zykov Date: Wed, 4 Apr 2018 14:49:25 +0300 Subject: [PATCH] remove linuxdst plugin --- docs/developer/internals/lemur.rst | 1 - lemur/plugins/lemur_linuxdst/__init__.py | 5 -- lemur/plugins/lemur_linuxdst/plugin.py | 83 --------------------- lemur/plugins/lemur_linuxdst/readme.txt | 8 -- lemur/plugins/lemur_linuxdst/remote_host.py | 73 ------------------ 5 files changed, 170 deletions(-) delete mode 100644 lemur/plugins/lemur_linuxdst/__init__.py delete mode 100644 lemur/plugins/lemur_linuxdst/plugin.py delete mode 100644 lemur/plugins/lemur_linuxdst/readme.txt delete mode 100644 lemur/plugins/lemur_linuxdst/remote_host.py diff --git a/docs/developer/internals/lemur.rst b/docs/developer/internals/lemur.rst index 7faacfac..b6517e4b 100644 --- a/docs/developer/internals/lemur.rst +++ b/docs/developer/internals/lemur.rst @@ -110,6 +110,5 @@ Subpackages lemur.plugins.lemur_digicert lemur.plugins.lemur_java lemur.plugins.lemur_kubernetes - lemur.plugins.lemur_linuxdst lemur.plugins.lemur_openssl lemur.plugins.lemur_slack diff --git a/lemur/plugins/lemur_linuxdst/__init__.py b/lemur/plugins/lemur_linuxdst/__init__.py deleted file mode 100644 index 8ce5a7f3..00000000 --- a/lemur/plugins/lemur_linuxdst/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -try: - VERSION = __import__('pkg_resources') \ - .get_distribution(__name__).version -except Exception as e: - VERSION = 'unknown' diff --git a/lemur/plugins/lemur_linuxdst/plugin.py b/lemur/plugins/lemur_linuxdst/plugin.py deleted file mode 100644 index 71b32551..00000000 --- a/lemur/plugins/lemur_linuxdst/plugin.py +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/python -from lemur.plugins.bases import DestinationPlugin -from lemur.plugins.lemur_linuxdst import remote_host - - -class LinuxDstPlugin(DestinationPlugin): - title = 'Linux Destination Plugin' - slug = 'linux-destination' - description = 'Allow the distribution of certificates to a Linux host' - version = 1 - - author = 'Rick Breidenstein ' - author_url = 'https://github.com/RickB17/' - - options = [ - { - 'name': 'dstHost', - 'type': 'str', - 'required': True, - 'helpMessage': 'This is the host you will be sending the certificate to', - }, - { - 'name': 'dstPort', - 'type': 'int', - 'required': True, - 'helpMessage': 'This is the port SSHD is running on', - 'default': '22' - }, - { - 'name': 'dstUser', - 'type': 'str', - 'required': True, - 'helpMessage': 'The user name to use on the remote host. Hopefully not root.', - 'default': 'root', - }, - { - 'name': 'dstPriv', - 'type': 'str', - 'required': True, - 'helpMessage': 'The private key to use for auth', - 'default': '/root/.ssh/id_rsa', - }, - { - 'name': 'dstPrivKey', - 'type': 'str', - 'required': False, - 'helpMessage': 'The password for the destination private key', - 'default': 'somethingsecret', - }, - { - 'name': 'dstDir', - 'type': 'str', - 'required': True, - 'helpMessage': 'This is the directory on the host you want to send the certificate to', - 'default': '/etc/nginx/certs/' - }, - { - "available": [ - "NGINX", - "3File" - ], - "name": "exportType", - "required": True, - "value": "NGINX", - "helpMessage": "Reference the docs for an explanation of each export type", - "type": "select" - } - ] - requires_key = False - - def upload(self, name, body, private_key, cert_chain, options, **kwargs): - export_type = self.get_option('exportType', options) - dst_host = self.get_option('dstHost', options) - dst_host_port = self.get_option('dstPort', options) - dst_user = self.get_option('dstUser', options) - dst_priv = self.get_option('dstPriv', options) - dst_priv_key = self.get_option('dstPrivKey', options) - - if dst_priv_key: - dst_priv_key = None - - dst_dir = self.get_option('dstDir', options) - remote_host.create_cert(name, dst_dir, export_type, dst_user, dst_priv, dst_priv_key, dst_host, int(dst_host_port)) diff --git a/lemur/plugins/lemur_linuxdst/readme.txt b/lemur/plugins/lemur_linuxdst/readme.txt deleted file mode 100644 index 944cda9a..00000000 --- a/lemur/plugins/lemur_linuxdst/readme.txt +++ /dev/null @@ -1,8 +0,0 @@ -NOTE: AS OF 4/25/2017 DATA IN THIS PLUGIN IS NOT ENCRYPTED AT REST -example: If you input a password for a private key, it is stored in clear text - -add this to the lemur.plugins entry_points in /www/lemur/setup.py - -'linux_destination = lemur.plugins.lemur_linuxdst.plugin:LinuxDstPlugin', - -note: DO NOT FORGET TO EXECUTE 'make release' and restart your service after modifying the setup.py diff --git a/lemur/plugins/lemur_linuxdst/remote_host.py b/lemur/plugins/lemur_linuxdst/remote_host.py deleted file mode 100644 index b0f2cdb0..00000000 --- a/lemur/plugins/lemur_linuxdst/remote_host.py +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/python -from lemur.certificates import service -import paramiko -import stat - - -def copy_cert(cert_cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_port, dst_dir, dst_file, dst_data): - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - # include the private key password if required - if dst_priv_key is None: - priv_key = paramiko.RSAKey.from_private_key_file(dst_priv) - else: - priv_key = paramiko.RSAKey.from_private_key_file(dst_priv, dst_priv_key) - - # open the sftp connection - ssh.connect(dst_host, username=dst_user, port=dst_port, pkey=priv_key) - sftp = ssh.open_sftp() - - # make the directory on the destination server - # files will be in a folder based on the cert_cn - # example: - # destination folder: /etc/nginx/certs/ - # files will go in: /etc/nginx/certs/your.cn.com/cert.pem - try: - sftp.mkdir(dst_dir) - except IOError: - pass - try: - dst_dir_cn = dst_dir + '/' + cert_cn - sftp.mkdir(dst_dir_cn) - except IOError: - pass - - cert_out = sftp.open(dst_dir_cn + '/' + dst_file, 'w') - cert_out.write(dst_data) - cert_out.close() - sftp.chmod(dst_dir_cn + '/' + dst_file, (stat.S_IRUSR)) - ssh.close() - - -def create_cert(name, dst_dir, export_type, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port): - lem_cert = service.get_by_name(name) - dst_file = 'cert.pem' - chain_req = False - - if export_type == 'NGINX': - # This process will result in a cert.pem file with the body and chain in a single file - if lem_cert.chain is None: - dst_data = lem_cert.body - else: - dst_data = lem_cert.body + '\n' + lem_cert.chain - chain_req = False - - elif export_type == '3File': - # This process will results in three files. cert.pem, priv.key, chain.pem - dst_data = lem_cert.body - chain_req = True - - else: - dst_data = lem_cert.body - - copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) - - if chain_req is True: - dst_file = 'chain.pem' - dst_data = lem_cert.chain_req - copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) - - dst_file = 'priv.key' - dst_data = lem_cert.private_key - copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data)