From f68900d2b355660f495f9243cdab19cdc5338a30 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 7 May 2020 18:28:01 -0700
Subject: [PATCH 1/5] improving logging and the possibility of defining which
 Authorities qualify for auto-rotation

---
 lemur/certificates/cli.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index ca6b0248..3be794e7 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -483,18 +483,35 @@ def check_revoked():
 @manager.command
 def automatically_enable_autorotate():
     """
-    This function automatically enables autorotation for unexpired certificates that are
+    This function automatically enables auto-rotation for unexpired certificates that are
     attached to an endpoint but do not have autorotate enabled.
+
+    WARNING: This will overwrite the Auto-rotate toggle!
     """
     log_data = {
         "function": f"{__name__}.{sys._getframe().f_code.co_name}",
     }
 
+    permitted_authorities = current_app.config.get("ENABLE_AUTO_ROTATE_AUTHORITY", [])
+
     eligible_certs = get_all_certs_attached_to_endpoint_without_autorotate()
     for cert in eligible_certs:
+
+        if cert.authority_id not in permitted_authorities:
+            continue
+
         log_data["certificate"] = cert.name
         log_data["certificate_id"] = cert.id
         log_data["message"] = "Enabling auto-rotate for certificate"
         current_app.logger.info(log_data)
         cert.rotation = True
         database.update(cert)
+        # TODO:  add the cert destination to the logging
+        metrics.send("automatically_enable_autorotate",
+                     "counter", 1,
+                     metric_tags={"certificate": cert.name,
+                                  "certificate_id": cert.id,
+                                  "authority_id": cert.authority_id,
+                                  "authority_name": Authority.get(cert.authority_id).name})
+        cert.rotation = True
+        database.update(cert)

From 529ee04ae748f1b138ca90929bdf1b72a1e9b5f2 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 8 May 2020 09:15:18 -0700
Subject: [PATCH 2/5] removing duplicate line

---
 lemur/certificates/cli.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index 3be794e7..54455eec 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -504,8 +504,6 @@ def automatically_enable_autorotate():
         log_data["certificate_id"] = cert.id
         log_data["message"] = "Enabling auto-rotate for certificate"
         current_app.logger.info(log_data)
-        cert.rotation = True
-        database.update(cert)
         # TODO:  add the cert destination to the logging
         metrics.send("automatically_enable_autorotate",
                      "counter", 1,

From fa13bda99e2ff56355ee5aa6ab4d313282ec019c Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 8 May 2020 16:45:06 +0000
Subject: [PATCH 3/5] Bump sphinx from 3.0.1 to 3.0.3

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.0.1...v3.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index c1abe7e0..7dc714a9 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -91,7 +91,7 @@ s3transfer==0.3.3         # via -r requirements.txt, boto3
 six==1.14.0               # via -r requirements.txt, acme, bcrypt, cryptography, flask-cors, flask-restful, hvac, josepy, jsonlines, packaging, pynacl, pyopenssl, python-dateutil, retrying, sphinxcontrib-httpdomain, sqlalchemy-utils
 snowballstemmer==2.0.0    # via sphinx
 sphinx-rtd-theme==0.4.3   # via -r requirements-docs.in
-sphinx==3.0.1             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
+sphinx==3.0.3             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
 sphinxcontrib-applehelp==1.0.2  # via sphinx
 sphinxcontrib-devhelp==1.0.2  # via sphinx
 sphinxcontrib-htmlhelp==1.0.3  # via sphinx

From 8e2226180a38af17e2589cd60fe235374f6c3946 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 8 May 2020 18:35:37 +0000
Subject: [PATCH 4/5] Bump pre-commit from 2.2.0 to 2.3.0

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 36a0bd7f..68e28b73 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -23,7 +23,7 @@ keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
 nodeenv==1.3.5            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
-pre-commit==2.2.0         # via -r requirements-dev.in
+pre-commit==2.3.0         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8
 pycparser==2.20           # via cffi
 pyflakes==1.6.0           # via flake8

From 5ad9c11716565bf67c81fdb98d849b44b6dada44 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 8 May 2020 18:42:41 +0000
Subject: [PATCH 5/5] Bump arrow from 0.15.5 to 0.15.6

Bumps [arrow](https://github.com/crsmithdev/arrow) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/crsmithdev/arrow/releases)
- [Changelog](https://github.com/crsmithdev/arrow/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/crsmithdev/arrow/compare/0.15.5...0.15.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 7dc714a9..db255de3 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -10,7 +10,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
 amqp==2.5.2               # via -r requirements.txt, kombu
 aniso8601==8.0.0          # via -r requirements.txt, flask-restful
-arrow==0.15.5             # via -r requirements.txt
+arrow==0.15.6             # via -r requirements.txt
 asyncpool==1.0            # via -r requirements.txt
 babel==2.8.0              # via sphinx
 bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
diff --git a/requirements.txt b/requirements.txt
index 70a04ee1..f8d553d4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,7 +9,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu
 aniso8601==8.0.0          # via flask-restful
-arrow==0.15.5             # via -r requirements.in
+arrow==0.15.6             # via -r requirements.in
 asyncpool==1.0            # via -r requirements.in
 bcrypt==3.1.7             # via flask-bcrypt, paramiko
 billiard==3.6.3.0         # via celery