Prevents the silencing of notifications that are actively deployed. (#454)

* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.

* Adding migration script to alter 'active' column.

lemur/certificates/models.py

@@ -41,7 +41,7 @@ class Certificate(db.Model):
     owner = Column(String(128), nullable=False)
     name = Column(String(128), unique=True)
     description = Column(String(1024))
-    active = Column(Boolean, default=True)
+    notify = Column(Boolean, default=True)
 
     body = Column(Text(), nullable=False)
     chain = Column(Text())
@@ -114,6 +114,11 @@ class Certificate(db.Model):
         for domain in defaults.domains(cert):
             self.domains.append(Domain(name=domain))
 
+    @property
+    def active(self):
+        if self.endpoints:
+            return True
+
     @hybrid_property
     def expired(self):
         if self.not_after <= datetime.datetime.now():
@@ -195,5 +200,7 @@ def protect_active(mapper, connection, target):
     :return:
     """
     if target.active:
-        if target.replaced:
+        if not target.notify:
-            raise Exception("Cannot mark certificate as active, certificate has been marked as replaced.")
+            raise Exception(
+                "Cannot silence notification for a certificate Lemur has been found to be currently deployed onto endpoints"
+            )

lemur/certificates/schemas.py

@@ -76,7 +76,7 @@ class CertificateInputSchema(CertificateCreationSchema):
 
 
 class CertificateEditInputSchema(CertificateSchema):
-    active = fields.Boolean()
+    notify = fields.Boolean()
     destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
     notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
     replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
@@ -104,6 +104,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
 class CertificateOutputSchema(LemurOutputSchema):
     id = fields.Integer()
     active = fields.Boolean()
+    notify = fields.Boolean()
     bits = fields.Integer()
     body = fields.String()
     chain = fields.String()
@@ -131,7 +132,7 @@ class CertificateOutputSchema(LemurOutputSchema):
 
 class CertificateUploadInputSchema(CertificateCreationSchema):
     name = fields.String()
-    active = fields.Boolean(missing=True)
+    notify = fields.Boolean(missing=True)
 
     private_key = fields.String(validate=validators.private_key)
     body = fields.String(required=True, validate=validators.public_certificate)

lemur/certificates/service.py

@@ -270,7 +270,7 @@ def render(args):
 
         elif 'destination' in terms:
             query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
-        elif 'active' in filt:  # this is really weird but strcmp seems to not work here??
+        elif 'active' in filt:
             query = query.filter(Certificate.active == terms[1])
         elif 'cn' in terms:
             query = query.filter(

lemur/migrations/versions/932525b82f1a_.py

@@ -0,0 +1,21 @@
+"""empty message
+
+Revision ID: 932525b82f1a
+Revises: 7f71c0cea31a
+Create Date: 2016-10-13 20:14:33.928029
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '932525b82f1a'
+down_revision = '7f71c0cea31a'
+
+from alembic import op
+
+
+def upgrade():
+    op.alter_column('certificates', 'active', new_column_name='notify')
+
+
+def downgrade():
+    op.alter_column('certificates', 'notify', new_column_name='active')

lemur/notifications/service.py

@@ -160,8 +160,7 @@ def _is_eligible_for_notifications(cert):
     :param cert:
     :return:
     """
-    # inactive certificates are not notified.
+    if not cert.notify:
-    if not cert.active:
         return
 
     now = arrow.utcnow()

lemur/static/app/angular/certificates/services.js

@@ -189,7 +189,7 @@ angular.module('lemur')
       return certificate.customGET('key');
     };
 
-    CertificateService.updateActive = function (certificate) {
+    CertificateService.updateNotify = function (certificate) {
       return certificate.put();
     };
 

lemur/static/app/angular/certificates/view/view.js

@@ -77,8 +77,8 @@ angular.module('lemur')
         });
     };
 
-    $scope.updateActive = function (certificate) {
+    $scope.updateNotify = function (certificate) {
-      CertificateService.updateActive(certificate).then(
+      CertificateService.updateNotify(certificate).then(
         function () {
           toaster.pop({
             type: 'success',

lemur/static/app/angular/certificates/view/view.tpl.html

@@ -30,10 +30,10 @@
                 <li><span class="text-muted">{{ certificate.owner }}</span></li>
               </ul>
             </td>
-            <td data-title="'Active'" filter="{ 'active': 'select' }" filter-data="getCertificateStatus()">
+            <td data-title="'Notify'" filter="{ 'notify': 'select' }" filter-data="getCertificateStatus()">
               <form>
-                <switch ng-change="updateActive(certificate)" id="status" name="status"
+                <switch ng-change="updateNotify(certificate)" id="status" name="status"
-                        ng-model="certificate.active" class="green small"></switch>
+                        ng-model="certificate.notify" class="green small"></switch>
               </form>
             </td>
             <td data-title="'Issuer'" sortable="'issuer'" filter="{ 'issuer': 'text' }">