From f47f108f43e0e9d452db0ff9185a4c9fc6306ee1 Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 10 Sep 2020 16:03:29 +0200 Subject: [PATCH 01/23] ientrust plgin - first version --- lemur/plugins/lemur_entrust/plugin.py | 172 ++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 lemur/plugins/lemur_entrust/plugin.py diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py new file mode 100644 index 00000000..d1f4a301 --- /dev/null +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -0,0 +1,172 @@ +from lemur.plugins.bases import IssuerPlugin, SourcePlugin +import arrow +import requests +import json +from lemur.plugins import lemur_entrust as ENTRUST +from OpenSSL import crypto +from flask import current_app +from lemur.extensions import metrics, sentry + + + +def log_status_code(r, *args, **kwargs): + """ + Is a request hook that logs all status codes to the ENTRUST api. + + :param r: + :param args: + :param kwargs: + :return: + """ + metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1) + +def process_options(options): + """ + Processes and maps the incoming issuer options to fields/options that + Entrust understands + + :param options: + :return: dict of valid entrust options + """ + # if there is a config variable ENTRUST_PRODUCT_ + # take the value as Cert product-type + # else default to "STANDARD_SSL" + authority = options.get("authority").name.upper() + product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL") + expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD') + + tracking_data = { + "requesterName": current_app.config.get("ENTRUST_NAME"), + "requesterEmail": current_app.config.get("ENTRUST_EMAIL"), + "requesterPhone": current_app.config.get("ENTRUST_PHONE") + } + + data = { + "signingAlg": "SHA-2", + "eku": "SERVER_AND_CLIENT_AUTH", + "certType": product_type, + "certExpiryDate" : expiry_date, + "tracking": tracking_data + } + return data + +class EntrustIssuerPlugin(IssuerPlugin): + title = "ENTRUST" + slug = "entrust-issuer" + description = "Enables the creation of certificates by ENTRUST" + version = ENTRUST.VERSION + + author = "sirferl" + author_url = "https://github.com/sirferl/lemur" + + def __init__(self, *args, **kwargs): + """Initialize the issuer with the appropriate details.""" + self.session = requests.Session() + cert_file_path = current_app.config.get("ENTRUST_API_CERT") + key_file_path = current_app.config.get("ENTRUST_API_KEY") + user = current_app.config.get("ENTRUST_API_USER") + passw = current_app.config.get("ENTRUST_API_PASS") + self.session.cert = (cert_file_path, key_file_path) + self.session.auth = (user,passw) + self.session.hooks = dict(response=log_status_code) + # self.session.config['keep_alive'] = False + super(EntrustIssuerPlugin, self).__init__(*args, **kwargs) + + def create_certificate(self, csr, issuer_options): + """ + Creates an Entrust certificate. + + :param csr: + :param issuer_options: + :return: :raise Exception: + """ + current_app.logger.info( + "Requesting options: {0}".format(issuer_options) + ) + + url = current_app.config.get("ENTRUST_URL") + "/certificates" + + data = process_options(issuer_options) + data["csr"] = csr + current_req = arrow.utcnow().format('YYYY-MM-DD HH:mm:ss') + current_app.logger.info( + "Entrust-Request Data (id: {1}) : {0}".format(data, current_req) + ) + + + try: + response = self.session.post(url, json=data, timeout=(15, 40)) + except requests.exceptions.Timeout: + raise Exception("Timeout Error while posting to ENTRUST (ID: {0})".format(current_req)) + except requests.exceptions.RequestException as e: + raise Exception("Error while posting to ENTRUST (ID: {1}): {0}".format(e,current_req)) + + current_app.logger.info( + "After Post and Errorhandling (ID: {1}) : {0}".format(response.status_code, current_req) + ) + + response_dict = json.loads(response.content) + if response.status_code != 201: + raise Exception("Error with ENTRUST (ID: {1}): {0}".format(response_dict['errors'], current_req)) + current_app.logger.info("Response: {0}, {1} ".format(response.status_code, response_dict)) + external_id = response_dict['trackingId'] + cert = response_dict['endEntityCert'] + chain = response_dict['chainCerts'][1] + current_app.logger.info( + "Received Chain: {0}".format(chain) + ) + + return cert, chain, external_id + + @staticmethod + def create_authority(options): + """Create an authority. + Creates an authority, this authority is then used by Lemur to + allow a user to specify which Certificate Authority they want + to sign their certificate. + + :param options: + :return: + """ + entrust_root = current_app.config.get("ENTRUST_ROOT") + entrust_issuing = current_app.config.get("ENTRUST_ISSUING") + role = {"username": "", "password": "", "name": "entrust"} + current_app.logger.info("Creating Auth: {0} {1}".format(options, entrust_issuing)) + return entrust_root, "" , [role] + + + def revoke_certificate(self, certificate, comments): + raise NotImplementedError("Not implemented\n", self, certificate, comments) + + def get_ordered_certificate(self, order_id): + raise NotImplementedError("Not implemented\n", self, order_id) + + def canceled_ordered_certificate(self, pending_cert, **kwargs): + raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs) + + +class EntrustSourcePlugin(SourcePlugin): + title = "ENTRUST" + slug = "entrust-source" + description = "Enables the collecion of certificates" + version = ENTRUST.VERSION + + author = "sirferl" + author_url = "https://github.com/sirferl/lemur" + options = [ + { + "name": "dummy", + "type": "str", + "required": False, + "validation": "/^[0-9]{12,12}$/", + "helpMessage": "Just to prevent error", + } + ] + + def get_certificates(self, options, **kwargs): + #Not needed for ENTRUST + raise NotImplementedError("Not implemented\n", self, options, **kwargs) + def get_endpoints(self, options, **kwargs): + # There are no endpoints in ENTRUST + raise NotImplementedError("Not implemented\n", self, options, **kwargs) + From a99a84b0b2c222920ccc6e8779cbe2fdfc15d7c0 Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 10 Sep 2020 16:04:31 +0200 Subject: [PATCH 02/23] entrust plugin inital edit --- lemur/plugins/lemur_entrust/__init__.py | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 lemur/plugins/lemur_entrust/__init__.py diff --git a/lemur/plugins/lemur_entrust/__init__.py b/lemur/plugins/lemur_entrust/__init__.py new file mode 100644 index 00000000..9186ef13 --- /dev/null +++ b/lemur/plugins/lemur_entrust/__init__.py @@ -0,0 +1,6 @@ +"""Set the version information.""" +try: + VERSION = __import__("pkg_resources").get_distribution(__name__).version +except Exception as e: + VERSION = "unknown" + From aa0a31f90e5ae5ad8bc5d75bae8875fb366fe7f5 Mon Sep 17 00:00:00 2001 From: sirferl <41906265+sirferl@users.noreply.github.com> Date: Fri, 11 Sep 2020 11:16:23 +0200 Subject: [PATCH 03/23] Added entrust plugin --- setup.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index a612cd18..4da14c3d 100644 --- a/setup.py +++ b/setup.py @@ -153,7 +153,9 @@ setup( 'vault_source = lemur.plugins.lemur_vault_dest.plugin:VaultSourcePlugin', 'vault_desination = lemur.plugins.lemur_vault_dest.plugin:VaultDestinationPlugin', 'adcs_issuer = lemur.plugins.lemur_adcs.plugin:ADCSIssuerPlugin', - 'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin' + 'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin', + 'entrust_issuer = lemur.plugins.lemur_entrust.plugin:EntrustIssuerPlugin', + 'entrust_source = lemur.plugins.lemur_entrust.plugin:EntrustSourcePlugin' ], }, classifiers=[ From 3487ecbaa7d667e2792928be64cb0ddea177f50b Mon Sep 17 00:00:00 2001 From: sirferl <41906265+sirferl@users.noreply.github.com> Date: Fri, 11 Sep 2020 12:04:02 +0200 Subject: [PATCH 04/23] Added entrust plugin doc and amended ADCS --- docs/administration.rst | 69 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/docs/administration.rst b/docs/administration.rst index 846a4c34..fe6a5581 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -652,13 +652,20 @@ Active Directory Certificate Services Plugin :noindex: Template to be used for certificate issuing. Usually display name w/o spaces + +.. data:: ADCS_TEMPLATE_ + :noindex: + If there is a config variable ADCS_TEMPLATE_ take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions. Template to be used for certificate issuing. Usually display name w/o spaces .. data:: ADCS_START :noindex: + Used in ADCS-Sourceplugin. Minimum id of the first certificate to be returned. ID is increased by one until ADCS_STOP. Missing cert-IDs are ignored .. data:: ADCS_STOP :noindex: + Used for ADCS-Sourceplugin. Maximum id of the certificates returned. + .. data:: ADCS_ISSUING :noindex: @@ -671,6 +678,68 @@ Active Directory Certificate Services Plugin Contains the root cert of the CA +Entrust Plugin +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enables the creation of Entrust certificates. You need to set the API access up with Entrust support. Check the information in the Entrust Portal as well. +Certificates are created as "SERVER_AND_CLIENT_AUTH". +Caution: Sometimes the entrust API does not respond in a timely manner. This error is handled and reported by the plugin. Should this happen you just have to hit the create button again after to create a valid certificate. +The following parameters have to be set in the configuration files. + +.. data:: ENTRUST_URL + :noindex: + + This is the url for the Entrust API. Refer to the API documentation. + +.. data:: ENTRUST_API_CERT + :noindex: + + Path to the certificate file in PEM format. This certificate is created in the onboarding process. Refer to the API documentation. + +.. data:: ENTRUST_API_KEY + :noindex: + + Path to the key file in RSA format. This certificate is created in the onboarding process. Refer to the API documentation. Caution: the request library cannot handle encrypted keys. The keyfile therefore has to contain the unencrypted key. Please put this in a secure location on the server. + +.. data:: ENTRUST_API_USER + :noindex: + + String with the API user. This user is created in the onboarding process. Refer to the API documentation. + +.. data:: ENTRUST_API_PASS + :noindex: + + String with the password for the API user. This password is created in the onboarding process. Refer to the API documentation. + +.. data:: ENTRUST_NAME + :noindex: + + String with the name that should appear as certificate owner in the Entrust portal. Refer to the API documentation. + +.. data:: ENTRUST_EMAIL + :noindex: + + String with the email address that should appear as certificate contact email in the Entrust portal. Refer to the API documentation. + +.. data:: ENTRUST_PHONE + :noindex: + + String with the phone number that should appear as certificate contact in the Entrust portal. Refer to the API documentation. + +.. data:: ENTRUST_ISSUING + :noindex: + + Contains the issuing cert of the CA + +.. data:: ENTRUST_ROOT + :noindex: + + Contains the root cert of the CA + +.. data:: ENTRUST_PRODUCT_ + :noindex: + + If there is a config variable ENTRUST_PRODUCT_ take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names. Verisign Issuer Plugin ~~~~~~~~~~~~~~~~~~~~~~ From de9ad82011e1c101dc9454b19da07cb5f4ddf39a Mon Sep 17 00:00:00 2001 From: sirferl <41906265+sirferl@users.noreply.github.com> Date: Fri, 11 Sep 2020 12:24:33 +0200 Subject: [PATCH 05/23] Fixed Lint complaints --- lemur/plugins/lemur_entrust/plugin.py | 36 +++++++++++++-------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index d1f4a301..b1ba723d 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -3,10 +3,8 @@ import arrow import requests import json from lemur.plugins import lemur_entrust as ENTRUST -from OpenSSL import crypto from flask import current_app -from lemur.extensions import metrics, sentry - +from lemur.extensions import metrics def log_status_code(r, *args, **kwargs): @@ -20,6 +18,7 @@ def log_status_code(r, *args, **kwargs): """ metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1) + def process_options(options): """ Processes and maps the incoming issuer options to fields/options that @@ -28,13 +27,13 @@ def process_options(options): :param options: :return: dict of valid entrust options """ - # if there is a config variable ENTRUST_PRODUCT_ + # if there is a config variable ENTRUST_PRODUCT_ # take the value as Cert product-type # else default to "STANDARD_SSL" authority = options.get("authority").name.upper() product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL") expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD') - + tracking_data = { "requesterName": current_app.config.get("ENTRUST_NAME"), "requesterEmail": current_app.config.get("ENTRUST_EMAIL"), @@ -44,12 +43,13 @@ def process_options(options): data = { "signingAlg": "SHA-2", "eku": "SERVER_AND_CLIENT_AUTH", - "certType": product_type, - "certExpiryDate" : expiry_date, + "certType": product_type, + "certExpiryDate": expiry_date, "tracking": tracking_data } return data + class EntrustIssuerPlugin(IssuerPlugin): title = "ENTRUST" slug = "entrust-issuer" @@ -67,7 +67,7 @@ class EntrustIssuerPlugin(IssuerPlugin): user = current_app.config.get("ENTRUST_API_USER") passw = current_app.config.get("ENTRUST_API_PASS") self.session.cert = (cert_file_path, key_file_path) - self.session.auth = (user,passw) + self.session.auth = (user, passw) self.session.hooks = dict(response=log_status_code) # self.session.config['keep_alive'] = False super(EntrustIssuerPlugin, self).__init__(*args, **kwargs) @@ -93,13 +93,12 @@ class EntrustIssuerPlugin(IssuerPlugin): "Entrust-Request Data (id: {1}) : {0}".format(data, current_req) ) - try: - response = self.session.post(url, json=data, timeout=(15, 40)) + response = self.session.post(url, json=data, timeout=(15, 40)) except requests.exceptions.Timeout: - raise Exception("Timeout Error while posting to ENTRUST (ID: {0})".format(current_req)) + raise Exception("Timeout Error while posting to ENTRUST (ID: {0})".format(current_req)) except requests.exceptions.RequestException as e: - raise Exception("Error while posting to ENTRUST (ID: {1}): {0}".format(e,current_req)) + raise Exception("Error while posting to ENTRUST (ID: {1}): {0}".format(e, current_req)) current_app.logger.info( "After Post and Errorhandling (ID: {1}) : {0}".format(response.status_code, current_req) @@ -107,7 +106,7 @@ class EntrustIssuerPlugin(IssuerPlugin): response_dict = json.loads(response.content) if response.status_code != 201: - raise Exception("Error with ENTRUST (ID: {1}): {0}".format(response_dict['errors'], current_req)) + raise Exception("Error with ENTRUST (ID: {1}): {0}".format(response_dict['errors'], current_req)) current_app.logger.info("Response: {0}, {1} ".format(response.status_code, response_dict)) external_id = response_dict['trackingId'] cert = response_dict['endEntityCert'] @@ -116,7 +115,7 @@ class EntrustIssuerPlugin(IssuerPlugin): "Received Chain: {0}".format(chain) ) - return cert, chain, external_id + return cert, chain, external_id @staticmethod def create_authority(options): @@ -132,8 +131,7 @@ class EntrustIssuerPlugin(IssuerPlugin): entrust_issuing = current_app.config.get("ENTRUST_ISSUING") role = {"username": "", "password": "", "name": "entrust"} current_app.logger.info("Creating Auth: {0} {1}".format(options, entrust_issuing)) - return entrust_root, "" , [role] - + return entrust_root, "", [role] def revoke_certificate(self, certificate, comments): raise NotImplementedError("Not implemented\n", self, certificate, comments) @@ -164,9 +162,9 @@ class EntrustSourcePlugin(SourcePlugin): ] def get_certificates(self, options, **kwargs): - #Not needed for ENTRUST - raise NotImplementedError("Not implemented\n", self, options, **kwargs) + # Not needed for ENTRUST + raise NotImplementedError("Not implemented\n", self, options, **kwargs + def get_endpoints(self, options, **kwargs): # There are no endpoints in ENTRUST raise NotImplementedError("Not implemented\n", self, options, **kwargs) - From fd52438d61a7489963da968b32607d1e575feaeb Mon Sep 17 00:00:00 2001 From: sirferl <41906265+sirferl@users.noreply.github.com> Date: Fri, 11 Sep 2020 12:30:53 +0200 Subject: [PATCH 06/23] yet lint errors --- lemur/plugins/lemur_entrust/plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index b1ba723d..d8466513 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -33,7 +33,7 @@ def process_options(options): authority = options.get("authority").name.upper() product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL") expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD') - + tracking_data = { "requesterName": current_app.config.get("ENTRUST_NAME"), "requesterEmail": current_app.config.get("ENTRUST_EMAIL"), @@ -163,7 +163,7 @@ class EntrustSourcePlugin(SourcePlugin): def get_certificates(self, options, **kwargs): # Not needed for ENTRUST - raise NotImplementedError("Not implemented\n", self, options, **kwargs + raise NotImplementedError("Not implemented\n", self, options, **kwargs) def get_endpoints(self, options, **kwargs): # There are no endpoints in ENTRUST From 1c9c377751e6ff591fb1197f8511126ecda158e6 Mon Sep 17 00:00:00 2001 From: sirferl <41906265+sirferl@users.noreply.github.com> Date: Fri, 11 Sep 2020 12:31:15 +0200 Subject: [PATCH 07/23] Lint errors --- lemur/plugins/lemur_entrust/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lemur/plugins/lemur_entrust/__init__.py b/lemur/plugins/lemur_entrust/__init__.py index 9186ef13..b902ed7a 100644 --- a/lemur/plugins/lemur_entrust/__init__.py +++ b/lemur/plugins/lemur_entrust/__init__.py @@ -3,4 +3,3 @@ try: VERSION = __import__("pkg_resources").get_distribution(__name__).version except Exception as e: VERSION = "unknown" - From b217a68512d819b7f6dc423d9ee6be199fb59ea8 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 08:53:17 +0200 Subject: [PATCH 08/23] added entrust to setup.py --- setup.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index a612cd18..467a3d8f 100644 --- a/setup.py +++ b/setup.py @@ -153,7 +153,10 @@ setup( 'vault_source = lemur.plugins.lemur_vault_dest.plugin:VaultSourcePlugin', 'vault_desination = lemur.plugins.lemur_vault_dest.plugin:VaultDestinationPlugin', 'adcs_issuer = lemur.plugins.lemur_adcs.plugin:ADCSIssuerPlugin', - 'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin' + 'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin', + 'entrust_issuer = lemur.plugins.lemur_entrust.plugin:EntrustIssuerPlugin', + 'entrust_source = lemur.plugins.lemur_entrust.plugin:EntrustSourcePlugin' + ], }, classifiers=[ From 01678a714f47153e094c0b28365226659b45667f Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 09:50:55 +0200 Subject: [PATCH 09/23] added required vars check --- lemur/plugins/lemur_entrust/plugin.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index d8466513..d5216caa 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -5,6 +5,7 @@ import json from lemur.plugins import lemur_entrust as ENTRUST from flask import current_app from lemur.extensions import metrics +from lemur.common.utils import validate_conf def log_status_code(r, *args, **kwargs): @@ -61,6 +62,20 @@ class EntrustIssuerPlugin(IssuerPlugin): def __init__(self, *args, **kwargs): """Initialize the issuer with the appropriate details.""" + required_vars = [ + "ENTRUST_API_CERT", + "ENTRUST_API_KEY", + "ENTRUST_API_USER", + "ENTRUST_API_PASS", + "ENTRUST_URL", + "ENTRUST_ROOT", + "ENTRUST_NAME", + "ENTRUST_EMAIL", + "ENTRUST_PHONE", + "ENTRUST_ISSUING", + ] + validate_conf(current_app, required_vars) + self.session = requests.Session() cert_file_path = current_app.config.get("ENTRUST_API_CERT") key_file_path = current_app.config.get("ENTRUST_API_KEY") From b337b271469f3a762368e999d12095523d756c19 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 12:23:58 +0200 Subject: [PATCH 10/23] added response handler --- lemur/plugins/lemur_entrust/plugin.py | 42 +++++++++++++++++---------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index d5216caa..e6a51d3f 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -50,6 +50,27 @@ def process_options(options): } return data +def handle_response(my_response): + """ + Helper function for parsing responses from the Entrust API. + :param content: + :return: :raise Exception: + """ + msg = { + 200: "The request had the validateOnly flag set to true and validation was successful.", + 201: "Certificate created", + 202: "Request accepted and queued for approval", + 400: "Invalid request parameters", + 404: "Unknown jobId", + 429: "Too many requests" + } + d = json.loads(my_response.content) + s = my_response.status_code + if s != 201: + raise Exception("ENTRUST error : {0}\n{1}".format(msg.get(s,"unknown"),d['errors'])) + current_app.logger.info("Response: {0}, {1} ".format(s, d)) + return d + class EntrustIssuerPlugin(IssuerPlugin): title = "ENTRUST" @@ -66,12 +87,12 @@ class EntrustIssuerPlugin(IssuerPlugin): "ENTRUST_API_CERT", "ENTRUST_API_KEY", "ENTRUST_API_USER", - "ENTRUST_API_PASS", + "ENTRUST_API_PASS", "ENTRUST_URL", "ENTRUST_ROOT", "ENTRUST_NAME", "ENTRUST_EMAIL", - "ENTRUST_PHONE", + "ENTRUST_PHONE", "ENTRUST_ISSUING", ] validate_conf(current_app, required_vars) @@ -103,26 +124,15 @@ class EntrustIssuerPlugin(IssuerPlugin): data = process_options(issuer_options) data["csr"] = csr - current_req = arrow.utcnow().format('YYYY-MM-DD HH:mm:ss') - current_app.logger.info( - "Entrust-Request Data (id: {1}) : {0}".format(data, current_req) - ) try: response = self.session.post(url, json=data, timeout=(15, 40)) except requests.exceptions.Timeout: - raise Exception("Timeout Error while posting to ENTRUST (ID: {0})".format(current_req)) + raise Exception("Timeout for POST") except requests.exceptions.RequestException as e: - raise Exception("Error while posting to ENTRUST (ID: {1}): {0}".format(e, current_req)) + raise Exception("Error for POST {0}".format(e)) - current_app.logger.info( - "After Post and Errorhandling (ID: {1}) : {0}".format(response.status_code, current_req) - ) - - response_dict = json.loads(response.content) - if response.status_code != 201: - raise Exception("Error with ENTRUST (ID: {1}): {0}".format(response_dict['errors'], current_req)) - current_app.logger.info("Response: {0}, {1} ".format(response.status_code, response_dict)) + response_dict = handle_response(response) external_id = response_dict['trackingId'] cert = response_dict['endEntityCert'] chain = response_dict['chainCerts'][1] From b8e3162c5f690a932f18bee7927e0fbb9a0b09d1 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 14:20:11 +0200 Subject: [PATCH 11/23] added revoke functionality --- lemur/plugins/lemur_entrust/plugin.py | 28 +++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index e6a51d3f..e0fd1c2a 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -50,6 +50,7 @@ def process_options(options): } return data + def handle_response(my_response): """ Helper function for parsing responses from the Entrust API. @@ -64,10 +65,13 @@ def handle_response(my_response): 404: "Unknown jobId", 429: "Too many requests" } - d = json.loads(my_response.content) + try: + d = json.loads(my_response.content) + except: + d = {'errors': 'No error message'} s = my_response.status_code - if s != 201: - raise Exception("ENTRUST error : {0}\n{1}".format(msg.get(s,"unknown"),d['errors'])) + if s > 399: + raise Exception("ENTRUST error: {0}\n{1}".format(msg.get(s, s), d['errors'])) current_app.logger.info("Response: {0}, {1} ".format(s, d)) return d @@ -142,6 +146,21 @@ class EntrustIssuerPlugin(IssuerPlugin): return cert, chain, external_id + def revoke_certificate(self, certificate, comments): + """Revoke a Digicert certificate.""" + base_url = current_app.config.get("ENTRUST_URL") + + # make certificate revoke request + create_url = "{0}/certificates/{1}/revocations".format( + base_url, certificate.external_id + ) + metrics.send("entrust_revoke_certificate", "counter", 1) + response = self.session.put(create_url, + data=json.dumps({"crlReason": "superseded", "comments": comments})) + + data = handle_response(response) + + @staticmethod def create_authority(options): """Create an authority. @@ -158,9 +177,6 @@ class EntrustIssuerPlugin(IssuerPlugin): current_app.logger.info("Creating Auth: {0} {1}".format(options, entrust_issuing)) return entrust_root, "", [role] - def revoke_certificate(self, certificate, comments): - raise NotImplementedError("Not implemented\n", self, certificate, comments) - def get_ordered_certificate(self, order_id): raise NotImplementedError("Not implemented\n", self, order_id) From 84496b0f553e8ae9c1b82cbb86bdb6ec9a24bed4 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 15:18:46 +0200 Subject: [PATCH 12/23] fixed a few problems --- lemur/plugins/lemur_entrust/plugin.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index e0fd1c2a..64219774 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -68,7 +68,7 @@ def handle_response(my_response): try: d = json.loads(my_response.content) except: - d = {'errors': 'No error message'} + d = {'errors': 'No detailled message'} s = my_response.status_code if s > 399: raise Exception("ENTRUST error: {0}\n{1}".format(msg.get(s, s), d['errors'])) @@ -151,12 +151,17 @@ class EntrustIssuerPlugin(IssuerPlugin): base_url = current_app.config.get("ENTRUST_URL") # make certificate revoke request - create_url = "{0}/certificates/{1}/revocations".format( + revoke_url = "{0}/certificates/{1}/revocations".format( base_url, certificate.external_id ) metrics.send("entrust_revoke_certificate", "counter", 1) - response = self.session.put(create_url, - data=json.dumps({"crlReason": "superseded", "comments": comments})) + if comments == '' or comments == None: + comments = "revoked via API" + data = { + "crlReason": "superseded", + "revocationComment": comments + } + response = self.session.post(revoke_url, json = data) data = handle_response(response) From 5bb0143da4af632e1471969e93837b1204d58971 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 15:42:36 +0200 Subject: [PATCH 13/23] lint errors and removed _path from the API-Cert variables --- lemur/plugins/lemur_entrust/plugin.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 64219774..c28e8350 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -67,7 +67,8 @@ def handle_response(my_response): } try: d = json.loads(my_response.content) - except: + except Exception as e: + # catch an empty jason object here d = {'errors': 'No detailled message'} s = my_response.status_code if s > 399: @@ -102,12 +103,12 @@ class EntrustIssuerPlugin(IssuerPlugin): validate_conf(current_app, required_vars) self.session = requests.Session() - cert_file_path = current_app.config.get("ENTRUST_API_CERT") - key_file_path = current_app.config.get("ENTRUST_API_KEY") + cert_file = current_app.config.get("ENTRUST_API_CERT") + key_file = current_app.config.get("ENTRUST_API_KEY") user = current_app.config.get("ENTRUST_API_USER") - passw = current_app.config.get("ENTRUST_API_PASS") + password = current_app.config.get("ENTRUST_API_PASS") self.session.cert = (cert_file_path, key_file_path) - self.session.auth = (user, passw) + self.session.auth = (user, password) self.session.hooks = dict(response=log_status_code) # self.session.config['keep_alive'] = False super(EntrustIssuerPlugin, self).__init__(*args, **kwargs) @@ -155,16 +156,15 @@ class EntrustIssuerPlugin(IssuerPlugin): base_url, certificate.external_id ) metrics.send("entrust_revoke_certificate", "counter", 1) - if comments == '' or comments == None: + if comments == '' or not comments: comments = "revoked via API" data = { "crlReason": "superseded", "revocationComment": comments } - response = self.session.post(revoke_url, json = data) + response = self.session.post(revoke_url, json=data) data = handle_response(response) - @staticmethod def create_authority(options): From 9778eb7b25d85ba453a3b0b2f89aa53fadfe276e Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 15:56:02 +0200 Subject: [PATCH 14/23] fixed lint errors --- lemur/plugins/lemur_entrust/plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index c28e8350..ae0dbc66 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -68,7 +68,7 @@ def handle_response(my_response): try: d = json.loads(my_response.content) except Exception as e: - # catch an empty jason object here + # catch an empty jason object here d = {'errors': 'No detailled message'} s = my_response.status_code if s > 399: @@ -107,7 +107,7 @@ class EntrustIssuerPlugin(IssuerPlugin): key_file = current_app.config.get("ENTRUST_API_KEY") user = current_app.config.get("ENTRUST_API_USER") password = current_app.config.get("ENTRUST_API_PASS") - self.session.cert = (cert_file_path, key_file_path) + self.session.cert = (cert_file, key_file) self.session.auth = (user, password) self.session.hooks = dict(response=log_status_code) # self.session.config['keep_alive'] = False From e011cc92514267e8e0cc7c5c5ecc239898119b83 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 16:24:53 +0200 Subject: [PATCH 15/23] added several enhancements following advice from peer --- lemur/plugins/lemur_entrust/plugin.py | 32 ++++++++++++++++++--------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index ae0dbc66..75658305 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -19,6 +19,21 @@ def log_status_code(r, *args, **kwargs): """ metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1) +def determine_end_date(end_date): + """ + Determine appropriate end date + :param end_date: + :return: validity_end + """ + #ENTRUST only allows 13 months of max certificate duration + max_validity_end = arrow.utcnow().shift(years=1, months=+1).format('YYYY-MM-DD') + + if not end_date: + end_date = max_validity_end + + if end_date > max_validity_end: + end_date = max_validity_end + return end_date def process_options(options): """ @@ -33,7 +48,11 @@ def process_options(options): # else default to "STANDARD_SSL" authority = options.get("authority").name.upper() product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL") - expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD') + + if options.get("validity_end"): + validity_end = determine_end_date(options.get("validity_end")) + else: + validity_end = determine_end_date(False) tracking_data = { "requesterName": current_app.config.get("ENTRUST_NAME"), @@ -45,7 +64,7 @@ def process_options(options): "signingAlg": "SHA-2", "eku": "SERVER_AND_CLIENT_AUTH", "certType": product_type, - "certExpiryDate": expiry_date, + "certExpiryDate": validity_end, "tracking": tracking_data } return data @@ -197,15 +216,6 @@ class EntrustSourcePlugin(SourcePlugin): author = "sirferl" author_url = "https://github.com/sirferl/lemur" - options = [ - { - "name": "dummy", - "type": "str", - "required": False, - "validation": "/^[0-9]{12,12}$/", - "helpMessage": "Just to prevent error", - } - ] def get_certificates(self, options, **kwargs): # Not needed for ENTRUST From 02c7a5ca7c03fc80b15786ae94e6a8259ff2dc63 Mon Sep 17 00:00:00 2001 From: sirferl Date: Mon, 14 Sep 2020 16:34:56 +0200 Subject: [PATCH 16/23] another round of lint errors --- lemur/plugins/lemur_entrust/plugin.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 75658305..315da8bd 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -19,22 +19,24 @@ def log_status_code(r, *args, **kwargs): """ metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1) + def determine_end_date(end_date): """ Determine appropriate end date :param end_date: :return: validity_end """ - #ENTRUST only allows 13 months of max certificate duration + # ENTRUST only allows 13 months of max certificate duration max_validity_end = arrow.utcnow().shift(years=1, months=+1).format('YYYY-MM-DD') if not end_date: - end_date = max_validity_end + end_date = max_validity_end if end_date > max_validity_end: end_date = max_validity_end return end_date + def process_options(options): """ Processes and maps the incoming issuer options to fields/options that From f5228407c2495e9ba6d72d0b35b5a8164867e065 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 16:51:01 +0000 Subject: [PATCH 17/23] Bump pytest from 6.0.1 to 6.0.2 Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.0.1...6.0.2) Signed-off-by: dependabot-preview[bot] --- requirements-tests.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-tests.txt b/requirements-tests.txt index e9106767..57791eba 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -62,7 +62,7 @@ pyparsing==2.4.7 # via packaging pyrsistent==0.16.0 # via jsonschema pytest-flask==1.0.0 # via -r requirements-tests.in pytest-mock==3.3.1 # via -r requirements-tests.in -pytest==6.0.1 # via -r requirements-tests.in, pytest-flask, pytest-mock +pytest==6.0.2 # via -r requirements-tests.in, pytest-flask, pytest-mock python-dateutil==2.8.1 # via botocore, faker, freezegun, moto python-jose==3.1.0 # via moto pytz==2019.3 # via moto From 51fbd6a8714786d43c3b5cb8b309e44d1b024ebe Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 17:04:29 +0000 Subject: [PATCH 18/23] Bump faker from 4.1.2 to 4.1.3 Bumps [faker](https://github.com/joke2k/faker) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/joke2k/faker/releases) - [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.rst) - [Commits](https://github.com/joke2k/faker/compare/v4.1.2...v4.1.3) Signed-off-by: dependabot-preview[bot] --- requirements-tests.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-tests.txt b/requirements-tests.txt index 57791eba..643dcebc 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -25,7 +25,7 @@ docker==4.2.0 # via moto docutils==0.15.2 # via botocore ecdsa==0.15 # via python-jose, sshpubkeys factory-boy==3.0.1 # via -r requirements-tests.in -faker==4.1.2 # via -r requirements-tests.in, factory-boy +faker==4.1.3 # via -r requirements-tests.in, factory-boy fakeredis==1.4.3 # via -r requirements-tests.in flask==1.1.2 # via pytest-flask freezegun==1.0.0 # via -r requirements-tests.in From dc675311f07743e479001029f76e4eb443fbb3c9 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 17:13:55 +0000 Subject: [PATCH 19/23] Bump coverage from 5.2.1 to 5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 5.2.1 to 5.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/coverage-5.2.1...coverage-5.3) Signed-off-by: dependabot-preview[bot] --- requirements-tests.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-tests.txt b/requirements-tests.txt index 643dcebc..c18cb2a3 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -18,7 +18,7 @@ cffi==1.14.0 # via cryptography cfn-lint==0.29.5 # via moto chardet==3.0.4 # via requests click==7.1.2 # via black, flask -coverage==5.2.1 # via -r requirements-tests.in +coverage==5.3 # via -r requirements-tests.in cryptography==3.1 # via moto, sshpubkeys decorator==4.4.2 # via networkx docker==4.2.0 # via moto From 1ceafc593a0c677a017c32b9e2cf1f7ebef1735e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 17:22:55 +0000 Subject: [PATCH 20/23] Bump moto from 1.3.14 to 1.3.16 Bumps [moto](https://github.com/spulec/moto) from 1.3.14 to 1.3.16. - [Release notes](https://github.com/spulec/moto/releases) - [Changelog](https://github.com/spulec/moto/blob/master/CHANGELOG.md) - [Commits](https://github.com/spulec/moto/compare/1.3.14...1.3.16) Signed-off-by: dependabot-preview[bot] --- requirements-tests.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements-tests.txt b/requirements-tests.txt index c18cb2a3..bb25b5e5 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -19,11 +19,11 @@ cfn-lint==0.29.5 # via moto chardet==3.0.4 # via requests click==7.1.2 # via black, flask coverage==5.3 # via -r requirements-tests.in -cryptography==3.1 # via moto, sshpubkeys +cryptography==3.1 # via moto, python-jose, sshpubkeys decorator==4.4.2 # via networkx docker==4.2.0 # via moto docutils==0.15.2 # via botocore -ecdsa==0.15 # via python-jose, sshpubkeys +ecdsa==0.14.1 # via moto, python-jose, sshpubkeys factory-boy==3.0.1 # via -r requirements-tests.in faker==4.1.3 # via -r requirements-tests.in, factory-boy fakeredis==1.4.3 # via -r requirements-tests.in @@ -43,10 +43,10 @@ jsonpatch==1.25 # via cfn-lint jsonpickle==1.4 # via aws-xray-sdk jsonpointer==2.0 # via jsonpatch jsonschema==3.2.0 # via aws-sam-translator, cfn-lint -markupsafe==1.1.1 # via jinja2 +markupsafe==1.1.1 # via jinja2, moto mock==4.0.2 # via moto -more-itertools==8.2.0 # via pytest -moto==1.3.14 # via -r requirements-tests.in +more-itertools==8.2.0 # via moto, pytest +moto==1.3.16 # via -r requirements-tests.in mypy-extensions==0.4.3 # via black networkx==2.4 # via cfn-lint nose==1.3.7 # via -r requirements-tests.in @@ -64,7 +64,7 @@ pytest-flask==1.0.0 # via -r requirements-tests.in pytest-mock==3.3.1 # via -r requirements-tests.in pytest==6.0.2 # via -r requirements-tests.in, pytest-flask, pytest-mock python-dateutil==2.8.1 # via botocore, faker, freezegun, moto -python-jose==3.1.0 # via moto +python-jose[cryptography]==3.1.0 # via moto pytz==2019.3 # via moto pyyaml==5.3.1 # via -r requirements-tests.in, bandit, cfn-lint, moto redis==3.5.3 # via fakeredis @@ -88,7 +88,7 @@ websocket-client==0.57.0 # via docker werkzeug==1.0.1 # via flask, moto, pytest-flask wrapt==1.12.1 # via aws-xray-sdk xmltodict==0.12.0 # via moto -zipp==3.1.0 # via importlib-metadata +zipp==3.1.0 # via importlib-metadata, moto # The following packages are considered to be unsafe in a requirements file: # setuptools From 8022efe32e5a4630e607b7d02ede6b2473378b6e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 17:35:46 +0000 Subject: [PATCH 21/23] Bump acme from 1.7.0 to 1.8.0 Bumps [acme](https://github.com/letsencrypt/letsencrypt) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/letsencrypt/letsencrypt/releases) - [Commits](https://github.com/letsencrypt/letsencrypt/compare/v1.7.0...v1.8.0) Signed-off-by: dependabot-preview[bot] --- requirements-docs.txt | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 37d50804..3ee96dd7 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -4,7 +4,7 @@ # # pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in # -acme==1.7.0 # via -r requirements.txt +acme==1.8.0 # via -r requirements.txt alabaster==0.7.12 # via sphinx alembic-autogenerate-enums==0.0.2 # via -r requirements.txt alembic==1.4.2 # via -r requirements.txt, flask-migrate diff --git a/requirements.txt b/requirements.txt index 64e41b3c..fcb06cd9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ # # pip-compile --no-index --output-file=requirements.txt requirements.in # -acme==1.7.0 # via -r requirements.in +acme==1.8.0 # via -r requirements.in alembic-autogenerate-enums==0.0.2 # via -r requirements.in alembic==1.4.2 # via flask-migrate amqp==2.5.2 # via kombu From f5e71bb431dce204c0e96054f00335956cd0fa5f Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 15 Sep 2020 17:45:52 +0000 Subject: [PATCH 22/23] Bump boto3 from 1.14.56 to 1.14.61 Bumps [boto3](https://github.com/boto/boto3) from 1.14.56 to 1.14.61. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.14.56...1.14.61) Signed-off-by: dependabot-preview[bot] --- requirements-docs.txt | 4 ++-- requirements-tests.txt | 4 ++-- requirements.txt | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 3ee96dd7..f3f417bf 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -17,8 +17,8 @@ bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko beautifulsoup4==4.9.1 # via -r requirements.txt, cloudflare billiard==3.6.3.0 # via -r requirements.txt, celery blinker==1.4 # via -r requirements.txt, flask-mail, flask-principal, raven -boto3==1.14.56 # via -r requirements.txt -botocore==1.17.56 # via -r requirements.txt, boto3, s3transfer +boto3==1.14.61 # via -r requirements.txt +botocore==1.17.61 # via -r requirements.txt, boto3, s3transfer celery[redis]==4.4.2 # via -r requirements.txt certifi==2020.6.20 # via -r requirements.txt, requests certsrv==2.1.1 # via -r requirements.txt diff --git a/requirements-tests.txt b/requirements-tests.txt index bb25b5e5..20453852 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -10,9 +10,9 @@ aws-sam-translator==1.22.0 # via cfn-lint aws-xray-sdk==2.5.0 # via moto bandit==1.6.2 # via -r requirements-tests.in black==20.8b1 # via -r requirements-tests.in -boto3==1.14.56 # via aws-sam-translator, moto +boto3==1.14.61 # via aws-sam-translator, moto boto==2.49.0 # via moto -botocore==1.17.56 # via aws-xray-sdk, boto3, moto, s3transfer +botocore==1.17.61 # via aws-xray-sdk, boto3, moto, s3transfer certifi==2020.6.20 # via requests cffi==1.14.0 # via cryptography cfn-lint==0.29.5 # via moto diff --git a/requirements.txt b/requirements.txt index fcb06cd9..27a37a8c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,8 +15,8 @@ bcrypt==3.1.7 # via flask-bcrypt, paramiko beautifulsoup4==4.9.1 # via cloudflare billiard==3.6.3.0 # via celery blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.14.56 # via -r requirements.in -botocore==1.17.56 # via -r requirements.in, boto3, s3transfer +boto3==1.14.61 # via -r requirements.in +botocore==1.17.61 # via -r requirements.in, boto3, s3transfer celery[redis]==4.4.2 # via -r requirements.in certifi==2020.6.20 # via -r requirements.in, requests certsrv==2.1.1 # via -r requirements.in From 980883cb8d968a9f9eafda54cc1b7387e7cc2f4a Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Tue, 15 Sep 2020 11:39:29 -0700 Subject: [PATCH 23/23] Dependbot failed to merge this PR, so raising it manually Bump http-proxy from 1.16.2 to 1.18.1 https://github.com/Netflix/lemur/pull/3123#partial-pull-merging --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1a54eccc..c4105e01 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "gulp-uglify": "^2.0.0", "gulp-useref": "^3.1.2", "gulp-util": "^3.0.1", - "http-proxy": "~1.16.2", + "http-proxy": ">=1.18.1", "jshint-stylish": "^2.2.1", "karma": "^4.4.1", "karma-jasmine": "^1.1.0",