Better zone handling

lemur/dns_providers/cli.py

@@ -18,8 +18,12 @@ def get_all_zones():
     acme_plugin = plugins.get("acme-issuer")
 
     for dns_provider in dns_providers:
-        zones = acme_plugin.get_all_zones(dns_provider)
-        set_domains(dns_provider, zones)
+        try:
+            zones = acme_plugin.get_all_zones(dns_provider)
+            set_domains(dns_provider, zones)
+        except Exception as e:
+            print("[+] Error with DNS Provider {}: {}".format(dns_provider.name, e))
+            set_domains(dns_provider, [])
 
     status = SUCCESS_METRIC_STATUS
 

lemur/plugins/lemur_acme/plugin.py

@@ -212,6 +212,8 @@ class AcmeHandler(object):
         """
         self.dns_providers_for_domain[domain] = []
         for dns_provider in self.all_dns_providers:
+            if not dns_provider.domains:
+                continue
             for name in dns_provider.domains:
                 if domain.endswith(name):
                     self.dns_providers_for_domain[domain].append(dns_provider)

lemur/sources/service.py

@@ -115,13 +115,16 @@ def sync_certificates(source, user):
     certificates = s.get_certificates(source.options)
 
     for certificate in certificates:
+        exists = False
         if certificate.get('name'):
-            exists = [certificate_service.get_by_name(certificate['name'])]
+            result = certificate_service.get_by_name(certificate['name'])
+            if result:
+                exists = [result]
 
-        elif certificate.get('serial'):
+        if not exists and certificate.get('serial'):
             exists = certificate_service.get_by_serial(certificate['serial'])
 
-        else:
+        if not exists:
             cert = parse_certificate(certificate['body'])
             exists = certificate_service.get_by_serial(serial(cert))
 
@@ -129,7 +132,6 @@ def sync_certificates(source, user):
             certificate['owner'] = user.email
 
         certificate['creator'] = user
-
         exists = [x for x in exists if x]
 
         if not exists:

lemur/static/app/angular/certificates/certificate/tracking.tpl.html

@@ -129,7 +129,7 @@
           </select>
         </div>
       </div>
-    <div class="form-group">
+    <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2"
              uib-tooltip="If no date is selected Lemur attempts to issue a 2 year certificate">
         Validity Range <span class="glyphicon glyphicon-question-sign"></span>
@@ -191,6 +191,15 @@
           class="glyphicon glyphicon-remove"></i></button>
       </div>
     </div>
+    <div class="form-group" ng-show="certificate.authority.plugin.slug == 'acme-issuer'">
+      <label class="control-label col-sm-2">
+        Validity Range <span class="glyphicon glyphicon-question-sign"></span>
+      </label>
+        <div class="col-sm-10">
+            Certificates for LetsEncrypt expire 90 days after creation. Enable auto-rotate to have Lemur automatically
+            rotate the certificate and update your endpoints.
+        </div>
+    </div>
     <div class="form-group">
       <label class="control-label col-sm-2">Auto Rotate</label>
       <div class="col-sm-10">

requirements-docs.txt

@@ -15,14 +15,14 @@ asyncpool==1.0
 babel==2.6.0              # via sphinx
 bcrypt==3.1.4
 blinker==1.4
-boto3==1.7.75
-botocore==1.10.75
+boto3==1.7.78
+botocore==1.10.78
 certifi==2018.8.13
 cffi==1.11.5
 chardet==3.0.4
 click==6.7
 cloudflare==2.1.0
-cryptography==2.3
+cryptography==2.3.1
 dnspython3==1.15.0
 dnspython==1.15.0
 docutils==0.14
@@ -49,7 +49,7 @@ jsonlines==1.2.0
 lockfile==0.12.2
 mako==1.0.7
 markupsafe==1.0
-marshmallow-sqlalchemy==0.14.0
+marshmallow-sqlalchemy==0.14.1
 marshmallow==2.15.4
 mock==2.0.0
 ndg-httpsclient==0.5.1

requirements-tests.txt

@@ -8,16 +8,16 @@ asn1crypto==0.24.0        # via cryptography
 atomicwrites==1.1.5       # via pytest
 attrs==18.1.0             # via pytest
 aws-xray-sdk==0.95        # via moto
-boto3==1.7.75             # via moto
+boto3==1.7.78             # via moto
 boto==2.49.0              # via moto
-botocore==1.10.75         # via boto3, moto, s3transfer
+botocore==1.10.78         # via boto3, moto, s3transfer
 certifi==2018.8.13        # via requests
 cffi==1.11.5              # via cryptography
 chardet==3.0.4            # via requests
 click==6.7                # via flask
 cookies==2.2.1            # via moto, responses
 coverage==4.5.1
-cryptography==2.3         # via moto
+cryptography==2.3.1       # via moto
 docker-pycreds==0.3.0     # via docker
 docker==3.5.0             # via moto
 docutils==0.14            # via botocore
@@ -59,7 +59,7 @@ s3transfer==0.1.13        # via boto3
 six==1.11.0               # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
 text-unidecode==1.2       # via faker
 urllib3==1.23             # via requests
-websocket-client==0.48.0  # via docker
+websocket-client==0.49.0  # via docker
 werkzeug==0.14.1          # via flask, moto, pytest-flask
 wrapt==1.10.11            # via aws-xray-sdk
 xmltodict==0.11.0         # via moto

requirements.txt

@@ -13,14 +13,14 @@ asn1crypto==0.24.0        # via cryptography
 asyncpool==1.0
 bcrypt==3.1.4             # via flask-bcrypt, paramiko
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.7.75
-botocore==1.10.75         # via boto3, s3transfer
+boto3==1.7.78
+botocore==1.10.78         # via boto3, s3transfer
 certifi==2018.8.13
 cffi==1.11.5              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==6.7                # via flask
 cloudflare==2.1.0
-cryptography==2.3
+cryptography==2.3.1
 dnspython3==1.15.0
 dnspython==1.15.0         # via dnspython3
 docutils==0.14            # via botocore
@@ -46,7 +46,7 @@ jsonlines==1.2.0          # via cloudflare
 lockfile==0.12.2
 mako==1.0.7               # via alembic
 markupsafe==1.0           # via jinja2, mako
-marshmallow-sqlalchemy==0.14.0
+marshmallow-sqlalchemy==0.14.1
 marshmallow==2.15.4
 mock==2.0.0               # via acme
 ndg-httpsclient==0.5.1