Prevents the silencing of notifications that are actively deployed. (#454)
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint. * Adding migration script to alter 'active' column.
This commit is contained in:
parent
dcb18a57c4
commit
c367e4f73f
@ -41,7 +41,7 @@ class Certificate(db.Model):
|
|||||||
owner = Column(String(128), nullable=False)
|
owner = Column(String(128), nullable=False)
|
||||||
name = Column(String(128), unique=True)
|
name = Column(String(128), unique=True)
|
||||||
description = Column(String(1024))
|
description = Column(String(1024))
|
||||||
active = Column(Boolean, default=True)
|
notify = Column(Boolean, default=True)
|
||||||
|
|
||||||
body = Column(Text(), nullable=False)
|
body = Column(Text(), nullable=False)
|
||||||
chain = Column(Text())
|
chain = Column(Text())
|
||||||
@ -114,6 +114,11 @@ class Certificate(db.Model):
|
|||||||
for domain in defaults.domains(cert):
|
for domain in defaults.domains(cert):
|
||||||
self.domains.append(Domain(name=domain))
|
self.domains.append(Domain(name=domain))
|
||||||
|
|
||||||
|
@property
|
||||||
|
def active(self):
|
||||||
|
if self.endpoints:
|
||||||
|
return True
|
||||||
|
|
||||||
@hybrid_property
|
@hybrid_property
|
||||||
def expired(self):
|
def expired(self):
|
||||||
if self.not_after <= datetime.datetime.now():
|
if self.not_after <= datetime.datetime.now():
|
||||||
@ -195,5 +200,7 @@ def protect_active(mapper, connection, target):
|
|||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
if target.active:
|
if target.active:
|
||||||
if target.replaced:
|
if not target.notify:
|
||||||
raise Exception("Cannot mark certificate as active, certificate has been marked as replaced.")
|
raise Exception(
|
||||||
|
"Cannot silence notification for a certificate Lemur has been found to be currently deployed onto endpoints"
|
||||||
|
)
|
||||||
|
@ -76,7 +76,7 @@ class CertificateInputSchema(CertificateCreationSchema):
|
|||||||
|
|
||||||
|
|
||||||
class CertificateEditInputSchema(CertificateSchema):
|
class CertificateEditInputSchema(CertificateSchema):
|
||||||
active = fields.Boolean()
|
notify = fields.Boolean()
|
||||||
destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
|
destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
|
||||||
notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
|
notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
|
||||||
replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
|
replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
|
||||||
@ -104,6 +104,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
|
|||||||
class CertificateOutputSchema(LemurOutputSchema):
|
class CertificateOutputSchema(LemurOutputSchema):
|
||||||
id = fields.Integer()
|
id = fields.Integer()
|
||||||
active = fields.Boolean()
|
active = fields.Boolean()
|
||||||
|
notify = fields.Boolean()
|
||||||
bits = fields.Integer()
|
bits = fields.Integer()
|
||||||
body = fields.String()
|
body = fields.String()
|
||||||
chain = fields.String()
|
chain = fields.String()
|
||||||
@ -131,7 +132,7 @@ class CertificateOutputSchema(LemurOutputSchema):
|
|||||||
|
|
||||||
class CertificateUploadInputSchema(CertificateCreationSchema):
|
class CertificateUploadInputSchema(CertificateCreationSchema):
|
||||||
name = fields.String()
|
name = fields.String()
|
||||||
active = fields.Boolean(missing=True)
|
notify = fields.Boolean(missing=True)
|
||||||
|
|
||||||
private_key = fields.String(validate=validators.private_key)
|
private_key = fields.String(validate=validators.private_key)
|
||||||
body = fields.String(required=True, validate=validators.public_certificate)
|
body = fields.String(required=True, validate=validators.public_certificate)
|
||||||
|
@ -270,7 +270,7 @@ def render(args):
|
|||||||
|
|
||||||
elif 'destination' in terms:
|
elif 'destination' in terms:
|
||||||
query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
|
query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
|
||||||
elif 'active' in filt: # this is really weird but strcmp seems to not work here??
|
elif 'active' in filt:
|
||||||
query = query.filter(Certificate.active == terms[1])
|
query = query.filter(Certificate.active == terms[1])
|
||||||
elif 'cn' in terms:
|
elif 'cn' in terms:
|
||||||
query = query.filter(
|
query = query.filter(
|
||||||
|
21
lemur/migrations/versions/932525b82f1a_.py
Normal file
21
lemur/migrations/versions/932525b82f1a_.py
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: 932525b82f1a
|
||||||
|
Revises: 7f71c0cea31a
|
||||||
|
Create Date: 2016-10-13 20:14:33.928029
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '932525b82f1a'
|
||||||
|
down_revision = '7f71c0cea31a'
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
op.alter_column('certificates', 'active', new_column_name='notify')
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
op.alter_column('certificates', 'notify', new_column_name='active')
|
@ -160,8 +160,7 @@ def _is_eligible_for_notifications(cert):
|
|||||||
:param cert:
|
:param cert:
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
# inactive certificates are not notified.
|
if not cert.notify:
|
||||||
if not cert.active:
|
|
||||||
return
|
return
|
||||||
|
|
||||||
now = arrow.utcnow()
|
now = arrow.utcnow()
|
||||||
|
@ -189,7 +189,7 @@ angular.module('lemur')
|
|||||||
return certificate.customGET('key');
|
return certificate.customGET('key');
|
||||||
};
|
};
|
||||||
|
|
||||||
CertificateService.updateActive = function (certificate) {
|
CertificateService.updateNotify = function (certificate) {
|
||||||
return certificate.put();
|
return certificate.put();
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -77,8 +77,8 @@ angular.module('lemur')
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
$scope.updateActive = function (certificate) {
|
$scope.updateNotify = function (certificate) {
|
||||||
CertificateService.updateActive(certificate).then(
|
CertificateService.updateNotify(certificate).then(
|
||||||
function () {
|
function () {
|
||||||
toaster.pop({
|
toaster.pop({
|
||||||
type: 'success',
|
type: 'success',
|
||||||
|
@ -30,10 +30,10 @@
|
|||||||
<li><span class="text-muted">{{ certificate.owner }}</span></li>
|
<li><span class="text-muted">{{ certificate.owner }}</span></li>
|
||||||
</ul>
|
</ul>
|
||||||
</td>
|
</td>
|
||||||
<td data-title="'Active'" filter="{ 'active': 'select' }" filter-data="getCertificateStatus()">
|
<td data-title="'Notify'" filter="{ 'notify': 'select' }" filter-data="getCertificateStatus()">
|
||||||
<form>
|
<form>
|
||||||
<switch ng-change="updateActive(certificate)" id="status" name="status"
|
<switch ng-change="updateNotify(certificate)" id="status" name="status"
|
||||||
ng-model="certificate.active" class="green small"></switch>
|
ng-model="certificate.notify" class="green small"></switch>
|
||||||
</form>
|
</form>
|
||||||
</td>
|
</td>
|
||||||
<td data-title="'Issuer'" sortable="'issuer'" filter="{ 'issuer': 'text' }">
|
<td data-title="'Issuer'" sortable="'issuer'" filter="{ 'issuer': 'text' }">
|
||||||
|
Loading…
Reference in New Issue
Block a user