Merge branch 'master' into cert-rotation-region-by-region

This commit is contained in:
Hossein Shafagh 2020-05-08 15:32:49 -07:00 committed by GitHub
commit cdd9137f4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 5 deletions

View File

@ -648,18 +648,33 @@ def check_revoked():
@manager.command @manager.command
def automatically_enable_autorotate(): def automatically_enable_autorotate():
""" """
This function automatically enables autorotation for unexpired certificates that are This function automatically enables auto-rotation for unexpired certificates that are
attached to an endpoint but do not have autorotate enabled. attached to an endpoint but do not have autorotate enabled.
WARNING: This will overwrite the Auto-rotate toggle!
""" """
log_data = { log_data = {
"function": f"{__name__}.{sys._getframe().f_code.co_name}", "function": f"{__name__}.{sys._getframe().f_code.co_name}",
} }
permitted_authorities = current_app.config.get("ENABLE_AUTO_ROTATE_AUTHORITY", [])
eligible_certs = get_all_certs_attached_to_endpoint_without_autorotate() eligible_certs = get_all_certs_attached_to_endpoint_without_autorotate()
for cert in eligible_certs: for cert in eligible_certs:
if cert.authority_id not in permitted_authorities:
continue
log_data["certificate"] = cert.name log_data["certificate"] = cert.name
log_data["certificate_id"] = cert.id log_data["certificate_id"] = cert.id
log_data["message"] = "Enabling auto-rotate for certificate" log_data["message"] = "Enabling auto-rotate for certificate"
current_app.logger.info(log_data) current_app.logger.info(log_data)
# TODO: add the cert destination to the logging
metrics.send("automatically_enable_autorotate",
"counter", 1,
metric_tags={"certificate": cert.name,
"certificate_id": cert.id,
"authority_id": cert.authority_id,
"authority_name": Authority.get(cert.authority_id).name})
cert.rotation = True cert.rotation = True
database.update(cert) database.update(cert)

View File

@ -23,7 +23,7 @@ keyring==21.2.0 # via twine
mccabe==0.6.1 # via flake8 mccabe==0.6.1 # via flake8
nodeenv==1.3.5 # via -r requirements-dev.in, pre-commit nodeenv==1.3.5 # via -r requirements-dev.in, pre-commit
pkginfo==1.5.0.1 # via twine pkginfo==1.5.0.1 # via twine
pre-commit==2.2.0 # via -r requirements-dev.in pre-commit==2.3.0 # via -r requirements-dev.in
pycodestyle==2.3.1 # via flake8 pycodestyle==2.3.1 # via flake8
pycparser==2.20 # via cffi pycparser==2.20 # via cffi
pyflakes==1.6.0 # via flake8 pyflakes==1.6.0 # via flake8

View File

@ -10,7 +10,7 @@ alembic-autogenerate-enums==0.0.2 # via -r requirements.txt
alembic==1.4.2 # via -r requirements.txt, flask-migrate alembic==1.4.2 # via -r requirements.txt, flask-migrate
amqp==2.5.2 # via -r requirements.txt, kombu amqp==2.5.2 # via -r requirements.txt, kombu
aniso8601==8.0.0 # via -r requirements.txt, flask-restful aniso8601==8.0.0 # via -r requirements.txt, flask-restful
arrow==0.15.5 # via -r requirements.txt arrow==0.15.6 # via -r requirements.txt
asyncpool==1.0 # via -r requirements.txt asyncpool==1.0 # via -r requirements.txt
babel==2.8.0 # via sphinx babel==2.8.0 # via sphinx
bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko
@ -91,7 +91,7 @@ s3transfer==0.3.3 # via -r requirements.txt, boto3
six==1.14.0 # via -r requirements.txt, acme, bcrypt, cryptography, flask-cors, flask-restful, hvac, josepy, jsonlines, packaging, pynacl, pyopenssl, python-dateutil, retrying, sphinxcontrib-httpdomain, sqlalchemy-utils six==1.14.0 # via -r requirements.txt, acme, bcrypt, cryptography, flask-cors, flask-restful, hvac, josepy, jsonlines, packaging, pynacl, pyopenssl, python-dateutil, retrying, sphinxcontrib-httpdomain, sqlalchemy-utils
snowballstemmer==2.0.0 # via sphinx snowballstemmer==2.0.0 # via sphinx
sphinx-rtd-theme==0.4.3 # via -r requirements-docs.in sphinx-rtd-theme==0.4.3 # via -r requirements-docs.in
sphinx==3.0.1 # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain sphinx==3.0.3 # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-applehelp==1.0.2 # via sphinx
sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx
sphinxcontrib-htmlhelp==1.0.3 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx

View File

@ -9,7 +9,7 @@ alembic-autogenerate-enums==0.0.2 # via -r requirements.in
alembic==1.4.2 # via flask-migrate alembic==1.4.2 # via flask-migrate
amqp==2.5.2 # via kombu amqp==2.5.2 # via kombu
aniso8601==8.0.0 # via flask-restful aniso8601==8.0.0 # via flask-restful
arrow==0.15.5 # via -r requirements.in arrow==0.15.6 # via -r requirements.in
asyncpool==1.0 # via -r requirements.in asyncpool==1.0 # via -r requirements.in
bcrypt==3.1.7 # via flask-bcrypt, paramiko bcrypt==3.1.7 # via flask-bcrypt, paramiko
billiard==3.6.3.0 # via celery billiard==3.6.3.0 # via celery