From 50761d9d3b1603dc2780ea5c11acd7ed26056bef Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Mon, 29 Oct 2018 13:22:50 -0700 Subject: [PATCH 1/2] safer reissue, fix celery sync job --- lemur/certificates/cli.py | 12 +++++++++++- lemur/common/celery.py | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py index 013a4cb1..7a46138c 100644 --- a/lemur/certificates/cli.py +++ b/lemur/certificates/cli.py @@ -238,7 +238,17 @@ def reissue(old_certificate_name, commit): if not old_cert: for certificate in get_all_pending_reissue(): - request_reissue(certificate, commit) + try: + request_reissue(certificate, commit) + except Exception as e: + sentry.captureException() + current_app.logger.exception( + "Error reissuing certificate: {}".format(certificate.name), exc_info=True) + print( + "[!] Failed to reissue certificates. Reason: {}".format( + e + ) + ) else: request_reissue(old_cert, commit) diff --git a/lemur/common/celery.py b/lemur/common/celery.py index c12c6f06..1711b452 100644 --- a/lemur/common/celery.py +++ b/lemur/common/celery.py @@ -210,4 +210,4 @@ def sync_source(source): :return: """ current_app.logger.debug("Syncing source {}".format(source)) - sync([source], True) + sync([source]) From 0277e4dc0554adb99855c183ad4c300715678b9d Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Mon, 29 Oct 2018 13:53:30 -0700 Subject: [PATCH 2/2] get_or_increase_name fix for pendingcertificates --- lemur/pending_certificates/models.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/lemur/pending_certificates/models.py b/lemur/pending_certificates/models.py index 1261177d..7dc8e602 100644 --- a/lemur/pending_certificates/models.py +++ b/lemur/pending_certificates/models.py @@ -10,7 +10,7 @@ from sqlalchemy.orm import relationship from sqlalchemy_utils import JSONType from sqlalchemy_utils.types.arrow import ArrowType -from lemur.certificates.models import get_or_increase_name +from lemur.certificates.models import get_sequence from lemur.common import defaults, utils from lemur.database import db from lemur.models import pending_cert_source_associations, \ @@ -19,6 +19,28 @@ from lemur.models import pending_cert_source_associations, \ from lemur.utils import Vault +def get_or_increase_name(name, serial): + certificates = PendingCertificate.query.filter(PendingCertificate.name.ilike('{0}%'.format(name))).all() + + if not certificates: + return name + + serial_name = '{0}-{1}'.format(name, hex(int(serial))[2:].upper()) + certificates = PendingCertificate.query.filter(PendingCertificate.name.ilike('{0}%'.format(serial_name))).all() + + if not certificates: + return serial_name + + ends = [0] + root, end = get_sequence(serial_name) + for cert in certificates: + root, end = get_sequence(cert.name) + if end: + ends.append(end) + + return '{0}-{1}'.format(root, max(ends) + 1) + + class PendingCertificate(db.Model): __tablename__ = 'pending_certs' id = Column(Integer, primary_key=True)