Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding the ability to revoke enmasse (#999)

This commit is contained in:
kevgliss 2017-11-21 09:36:10 -08:00 committed by GitHub
parent 4b544ae207
commit cecfe47540
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lemur/certificates/cli.py
View File

@ -6,7 +6,7 @@
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com> .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
""" """
import sys import sys
import multiprocessing
from tabulate import tabulate from tabulate import tabulate
from sqlalchemy import or_ from sqlalchemy import or_
@ -15,6 +15,7 @@ from flask import current_app
from flask_script import Manager from flask_script import Manager
from flask_principal import Identity, identity_changed from flask_principal import Identity, identity_changed
from lemur import database from lemur import database
from lemur.extensions import sentry from lemur.extensions import sentry
from lemur.extensions import metrics from lemur.extensions import metrics
@ -264,21 +265,8 @@ def query(fqdns, issuer, owner, expired):
print(tabulate(table, headers=['Id', 'Name', 'Owner', 'Issuer'], tablefmt='csv')) print(tabulate(table, headers=['Id', 'Name', 'Owner', 'Issuer'], tablefmt='csv'))
@manager.option('-p', '--path', dest='path', help='Absolute file path to a Lemur query csv.') def worker(data, commit, reason):
@manager.option('-r', '--reason', dest='reason', help='Reason to revoke certificate.') parts = [x for x in data.split(' ') if x]
@manager.option('-c', '--commit', dest='commit', action='store_true', default=False, help='Persist changes.')
def revoke(path, reason, commit):
"""
Revokes given certificate.
"""
if commit:
print("[!] Running in COMMIT mode.")
print("[+] Starting certificate revocation.")
with open(path, 'r') as f:
for c in f.readlines()[2:]:
parts = c.split(' ')
try: try:
cert = get(int(parts[0].strip())) cert = get(int(parts[0].strip()))
plugin = plugins.get(cert.authority.plugin_name) plugin = plugins.get(cert.authority.plugin_name)
@ -297,6 +285,25 @@ def revoke(path, reason, commit):
) )
@manager.option('-p', '--path', dest='path', help='Absolute file path to a Lemur query csv.')
@manager.option('-r', '--reason', dest='reason', help='Reason to revoke certificate.')
@manager.option('-c', '--commit', dest='commit', action='store_true', default=False, help='Persist changes.')
def revoke(path, reason, commit):
"""
Revokes given certificate.
"""
if commit:
print("[!] Running in COMMIT mode.")
print("[+] Starting certificate revocation.")
with open(path, 'r') as f:
args = [[x, commit, reason] for x in f.readlines()[2:]]
with multiprocessing.Pool(processes=3) as pool:
pool.starmap(worker, args)
@manager.command @manager.command
def check_revoked(): def check_revoked():
""" """