Lemur LetsEncrypt Polling Support

2018-10-11 22:01:05 -07:00
parent e91d8ec81b
commit cc18a68c00
7 changed files with 101 additions and 35 deletions
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@ -20,7 +20,6 @@ from lemur.factory import create_app
 from lemur.notifications.messaging import send_pending_failure_notification
 from lemur.pending_certificates import service as pending_certificate_service
 from lemur.plugins.base import plugins
-from lemur.users import service as user_service

 flask_app = create_app()

@ -57,7 +56,6 @@ def fetch_acme_cert(id):
        "function": "{}.{}".format(__name__, sys._getframe().f_code.co_name)
    }
    pending_certs = pending_certificate_service.get_pending_certs([id])
-    user = user_service.get_by_username('lemur')
    new = 0
    failed = 0
    wrong_issuer = 0
@ -78,12 +76,22 @@ def fetch_acme_cert(id):
        real_cert = cert.get("cert")
        # It's necessary to reload the pending cert due to detached instance: http://sqlalche.me/e/bhk3
        pending_cert = pending_certificate_service.get(cert.get("pending_cert").id)
-
+        if not pending_cert:
+            log_data["message"] = "Pending certificate doesn't exist anymore. Was it resolved by another process?"
+            current_app.logger.error(log_data)
+            continue
        if real_cert:
-            # If a real certificate was returned from issuer, then create it in Lemur and delete
-            # the pending certificate
-            pending_certificate_service.create_certificate(pending_cert, real_cert, user)
-            pending_certificate_service.delete_by_id(pending_cert.id)
+            # If a real certificate was returned from issuer, then create it in Lemur and mark
+            # the pending certificate as resolved
+            final_cert = pending_certificate_service.create_certificate(pending_cert, real_cert, pending_cert.user)
+            pending_certificate_service.update(
+                cert.get("pending_cert").id,
+                resolved=True
+            )
+            pending_certificate_service.update(
+                cert.get("pending_cert").id,
+                resolved_cert_id=final_cert.id
+            )
            # add metrics to metrics extension
            new += 1
        else:
@ -97,7 +105,11 @@ def fetch_acme_cert(id):
            if pending_cert.number_attempts > 4:
                error_log["message"] = "Deleting pending certificate"
                send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify)
-                pending_certificate_service.delete(pending_certificate_service.cancel(pending_cert))
+                # Mark the pending cert as True
+                pending_certificate_service.update(
+                    cert.get("pending_cert").id,
+                    resolved=True
+                )
            else:
                pending_certificate_service.increment_attempt(pending_cert)
                pending_certificate_service.update(
@ -124,7 +136,7 @@ def fetch_acme_cert(id):
@celery.task()
 def fetch_all_pending_acme_certs():
    """Instantiate celery workers to resolve all pending Acme certificates"""
-    pending_certs = pending_certificate_service.get_pending_certs('all')
+    pending_certs = pending_certificate_service.get_unresolved_pending_certs()

    # We only care about certs using the acme-issuer plugin
    for cert in pending_certs: