Prevents the silencing of notifications that are actively deployed. (#454)

* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint. * Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
parent dcb18a57c4
commit c367e4f73f
8 changed files with 42 additions and 14 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -41,7 +41,7 @@ class Certificate(db.Model):
    owner = Column(String(128), nullable=False)
    name = Column(String(128), unique=True)
    description = Column(String(1024))
-    active = Column(Boolean, default=True)
+    notify = Column(Boolean, default=True)

    body = Column(Text(), nullable=False)
    chain = Column(Text())
@ -114,6 +114,11 @@ class Certificate(db.Model):
        for domain in defaults.domains(cert):
            self.domains.append(Domain(name=domain))

+    @property
+    def active(self):
+        if self.endpoints:
+            return True
+
    @hybrid_property
    def expired(self):
        if self.not_after <= datetime.datetime.now():
@ -195,5 +200,7 @@ def protect_active(mapper, connection, target):
    :return:
    """
    if target.active:
-        if target.replaced:
-            raise Exception("Cannot mark certificate as active, certificate has been marked as replaced.")
+        if not target.notify:
+            raise Exception(
+                "Cannot silence notification for a certificate Lemur has been found to be currently deployed onto endpoints"
+            )
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@ -76,7 +76,7 @@ class CertificateInputSchema(CertificateCreationSchema):


 class CertificateEditInputSchema(CertificateSchema):
-    active = fields.Boolean()
+    notify = fields.Boolean()
    destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
    notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
    replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
@ -104,6 +104,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
 class CertificateOutputSchema(LemurOutputSchema):
    id = fields.Integer()
    active = fields.Boolean()
+    notify = fields.Boolean()
    bits = fields.Integer()
    body = fields.String()
    chain = fields.String()
@ -131,7 +132,7 @@ class CertificateOutputSchema(LemurOutputSchema):

 class CertificateUploadInputSchema(CertificateCreationSchema):
    name = fields.String()
-    active = fields.Boolean(missing=True)
+    notify = fields.Boolean(missing=True)

    private_key = fields.String(validate=validators.private_key)
    body = fields.String(required=True, validate=validators.public_certificate)
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -270,7 +270,7 @@ def render(args):

        elif 'destination' in terms:
            query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
-        elif 'active' in filt:  # this is really weird but strcmp seems to not work here??
+        elif 'active' in filt:
            query = query.filter(Certificate.active == terms[1])
        elif 'cn' in terms:
            query = query.filter(