From da99bcda68f525226797ebbbdff83ed9420679fe Mon Sep 17 00:00:00 2001 From: Curtis Castrapel Date: Thu, 16 Aug 2018 10:12:19 -0700 Subject: [PATCH] Better zone handling --- lemur/dns_providers/cli.py | 8 ++++++-- lemur/plugins/lemur_acme/plugin.py | 2 ++ lemur/sources/service.py | 10 ++++++---- .../certificates/certificate/tracking.tpl.html | 11 ++++++++++- requirements-docs.txt | 8 ++++---- requirements-tests.txt | 8 ++++---- requirements.txt | 8 ++++---- 7 files changed, 36 insertions(+), 19 deletions(-) diff --git a/lemur/dns_providers/cli.py b/lemur/dns_providers/cli.py index b111ca0e..159bdaa0 100644 --- a/lemur/dns_providers/cli.py +++ b/lemur/dns_providers/cli.py @@ -18,8 +18,12 @@ def get_all_zones(): acme_plugin = plugins.get("acme-issuer") for dns_provider in dns_providers: - zones = acme_plugin.get_all_zones(dns_provider) - set_domains(dns_provider, zones) + try: + zones = acme_plugin.get_all_zones(dns_provider) + set_domains(dns_provider, zones) + except Exception as e: + print("[+] Error with DNS Provider {}: {}".format(dns_provider.name, e)) + set_domains(dns_provider, []) status = SUCCESS_METRIC_STATUS diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py index 1604fcdc..7c04ca44 100644 --- a/lemur/plugins/lemur_acme/plugin.py +++ b/lemur/plugins/lemur_acme/plugin.py @@ -212,6 +212,8 @@ class AcmeHandler(object): """ self.dns_providers_for_domain[domain] = [] for dns_provider in self.all_dns_providers: + if not dns_provider.domains: + continue for name in dns_provider.domains: if domain.endswith(name): self.dns_providers_for_domain[domain].append(dns_provider) diff --git a/lemur/sources/service.py b/lemur/sources/service.py index fbefbba1..227f1bce 100644 --- a/lemur/sources/service.py +++ b/lemur/sources/service.py @@ -115,13 +115,16 @@ def sync_certificates(source, user): certificates = s.get_certificates(source.options) for certificate in certificates: + exists = False if certificate.get('name'): - exists = [certificate_service.get_by_name(certificate['name'])] + result = certificate_service.get_by_name(certificate['name']) + if result: + exists = [result] - elif certificate.get('serial'): + if not exists and certificate.get('serial'): exists = certificate_service.get_by_serial(certificate['serial']) - else: + if not exists: cert = parse_certificate(certificate['body']) exists = certificate_service.get_by_serial(serial(cert)) @@ -129,7 +132,6 @@ def sync_certificates(source, user): certificate['owner'] = user.email certificate['creator'] = user - exists = [x for x in exists if x] if not exists: diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html index 9410f42d..b64f6e3d 100644 --- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html @@ -129,7 +129,7 @@ -
+
+
+ +
+ Certificates for LetsEncrypt expire 90 days after creation. Enable auto-rotate to have Lemur automatically + rotate the certificate and update your endpoints. +
+
diff --git a/requirements-docs.txt b/requirements-docs.txt index 6361030c..559d2424 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -15,14 +15,14 @@ asyncpool==1.0 babel==2.6.0 # via sphinx bcrypt==3.1.4 blinker==1.4 -boto3==1.7.75 -botocore==1.10.75 +boto3==1.7.78 +botocore==1.10.78 certifi==2018.8.13 cffi==1.11.5 chardet==3.0.4 click==6.7 cloudflare==2.1.0 -cryptography==2.3 +cryptography==2.3.1 dnspython3==1.15.0 dnspython==1.15.0 docutils==0.14 @@ -49,7 +49,7 @@ jsonlines==1.2.0 lockfile==0.12.2 mako==1.0.7 markupsafe==1.0 -marshmallow-sqlalchemy==0.14.0 +marshmallow-sqlalchemy==0.14.1 marshmallow==2.15.4 mock==2.0.0 ndg-httpsclient==0.5.1 diff --git a/requirements-tests.txt b/requirements-tests.txt index 38db62ae..0021c653 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -8,16 +8,16 @@ asn1crypto==0.24.0 # via cryptography atomicwrites==1.1.5 # via pytest attrs==18.1.0 # via pytest aws-xray-sdk==0.95 # via moto -boto3==1.7.75 # via moto +boto3==1.7.78 # via moto boto==2.49.0 # via moto -botocore==1.10.75 # via boto3, moto, s3transfer +botocore==1.10.78 # via boto3, moto, s3transfer certifi==2018.8.13 # via requests cffi==1.11.5 # via cryptography chardet==3.0.4 # via requests click==6.7 # via flask cookies==2.2.1 # via moto, responses coverage==4.5.1 -cryptography==2.3 # via moto +cryptography==2.3.1 # via moto docker-pycreds==0.3.0 # via docker docker==3.5.0 # via moto docutils==0.14 # via botocore @@ -59,7 +59,7 @@ s3transfer==0.1.13 # via boto3 six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client text-unidecode==1.2 # via faker urllib3==1.23 # via requests -websocket-client==0.48.0 # via docker +websocket-client==0.49.0 # via docker werkzeug==0.14.1 # via flask, moto, pytest-flask wrapt==1.10.11 # via aws-xray-sdk xmltodict==0.11.0 # via moto diff --git a/requirements.txt b/requirements.txt index 47576f03..883a4dd2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,14 +13,14 @@ asn1crypto==0.24.0 # via cryptography asyncpool==1.0 bcrypt==3.1.4 # via flask-bcrypt, paramiko blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.7.75 -botocore==1.10.75 # via boto3, s3transfer +boto3==1.7.78 +botocore==1.10.78 # via boto3, s3transfer certifi==2018.8.13 cffi==1.11.5 # via bcrypt, cryptography, pynacl chardet==3.0.4 # via requests click==6.7 # via flask cloudflare==2.1.0 -cryptography==2.3 +cryptography==2.3.1 dnspython3==1.15.0 dnspython==1.15.0 # via dnspython3 docutils==0.14 # via botocore @@ -46,7 +46,7 @@ jsonlines==1.2.0 # via cloudflare lockfile==0.12.2 mako==1.0.7 # via alembic markupsafe==1.0 # via jinja2, mako -marshmallow-sqlalchemy==0.14.0 +marshmallow-sqlalchemy==0.14.1 marshmallow==2.15.4 mock==2.0.0 # via acme ndg-httpsclient==0.5.1