Merge pull request #1946 from castrapel/safer_reissue

safer reissue, fix celery sync job
2018-10-29 14:41:43 -07:00 · 2018-10-29 14:41:43 -07:00 · baa73c7f3e
parent f824f76d9c 0277e4dc05
commit baa73c7f3e
3 changed files with 35 additions and 3 deletions
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@ -238,7 +238,17 @@ def reissue(old_certificate_name, commit):

        if not old_cert:
            for certificate in get_all_pending_reissue():
-                request_reissue(certificate, commit)
+                try:
+                    request_reissue(certificate, commit)
+                except Exception as e:
+                    sentry.captureException()
+                    current_app.logger.exception(
+                        "Error reissuing certificate: {}".format(certificate.name), exc_info=True)
+                    print(
+                        "[!] Failed to reissue certificates. Reason: {}".format(
+                            e
+                        )
+                    )
        else:
            request_reissue(old_cert, commit)

--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@ -210,4 +210,4 @@ def sync_source(source):
    :return:
    """
    current_app.logger.debug("Syncing source {}".format(source))
-    sync([source], True)
+    sync([source])
--- a/lemur/pending_certificates/models.py
+++ b/lemur/pending_certificates/models.py
@ -10,7 +10,7 @@ from sqlalchemy.orm import relationship
 from sqlalchemy_utils import JSONType
 from sqlalchemy_utils.types.arrow import ArrowType

-from lemur.certificates.models import get_or_increase_name
+from lemur.certificates.models import get_sequence
 from lemur.common import defaults, utils
 from lemur.database import db
 from lemur.models import pending_cert_source_associations, \
@ -19,6 +19,28 @@ from lemur.models import pending_cert_source_associations, \
 from lemur.utils import Vault


+def get_or_increase_name(name, serial):
+    certificates = PendingCertificate.query.filter(PendingCertificate.name.ilike('{0}%'.format(name))).all()
+
+    if not certificates:
+        return name
+
+    serial_name = '{0}-{1}'.format(name, hex(int(serial))[2:].upper())
+    certificates = PendingCertificate.query.filter(PendingCertificate.name.ilike('{0}%'.format(serial_name))).all()
+
+    if not certificates:
+        return serial_name
+
+    ends = [0]
+    root, end = get_sequence(serial_name)
+    for cert in certificates:
+        root, end = get_sequence(cert.name)
+        if end:
+            ends.append(end)
+
+    return '{0}-{1}'.format(root, max(ends) + 1)
+
+
 class PendingCertificate(db.Model):
    __tablename__ = 'pending_certs'
    id = Column(Integer, primary_key=True)