Prevents the silencing of notifications that are actively deployed. (#454)

* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint. * Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
parent dcb18a57c4
commit c367e4f73f
8 changed files with 42 additions and 14 deletions
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -41,7 +41,7 @@ class Certificate(db.Model):
    owner = Column(String(128), nullable=False)
    name = Column(String(128), unique=True)
    description = Column(String(1024))
-    active = Column(Boolean, default=True)
+    notify = Column(Boolean, default=True)

    body = Column(Text(), nullable=False)
    chain = Column(Text())
@ -114,6 +114,11 @@ class Certificate(db.Model):
        for domain in defaults.domains(cert):
            self.domains.append(Domain(name=domain))

+    @property
+    def active(self):
+        if self.endpoints:
+            return True
+
    @hybrid_property
    def expired(self):
        if self.not_after <= datetime.datetime.now():
@ -195,5 +200,7 @@ def protect_active(mapper, connection, target):
    :return:
    """
    if target.active:
-        if target.replaced:
-            raise Exception("Cannot mark certificate as active, certificate has been marked as replaced.")
+        if not target.notify:
+            raise Exception(
+                "Cannot silence notification for a certificate Lemur has been found to be currently deployed onto endpoints"
+            )