Better zone handling

2018-08-16 10:12:19 -07:00
parent e050177c08
commit da99bcda68
7 changed files with 36 additions and 19 deletions
--- a/lemur/dns_providers/cli.py
+++ b/lemur/dns_providers/cli.py
@ -18,8 +18,12 @@ def get_all_zones():
    acme_plugin = plugins.get("acme-issuer")

    for dns_provider in dns_providers:
-        zones = acme_plugin.get_all_zones(dns_provider)
-        set_domains(dns_provider, zones)
+        try:
+            zones = acme_plugin.get_all_zones(dns_provider)
+            set_domains(dns_provider, zones)
+        except Exception as e:
+            print("[+] Error with DNS Provider {}: {}".format(dns_provider.name, e))
+            set_domains(dns_provider, [])

    status = SUCCESS_METRIC_STATUS

--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -212,6 +212,8 @@ class AcmeHandler(object):
        """
        self.dns_providers_for_domain[domain] = []
        for dns_provider in self.all_dns_providers:
+            if not dns_provider.domains:
+                continue
            for name in dns_provider.domains:
                if domain.endswith(name):
                    self.dns_providers_for_domain[domain].append(dns_provider)
--- a/lemur/sources/service.py
+++ b/lemur/sources/service.py
@ -115,13 +115,16 @@ def sync_certificates(source, user):
    certificates = s.get_certificates(source.options)

    for certificate in certificates:
+        exists = False
        if certificate.get('name'):
-            exists = [certificate_service.get_by_name(certificate['name'])]
+            result = certificate_service.get_by_name(certificate['name'])
+            if result:
+                exists = [result]

-        elif certificate.get('serial'):
+        if not exists and certificate.get('serial'):
            exists = certificate_service.get_by_serial(certificate['serial'])

-        else:
+        if not exists:
            cert = parse_certificate(certificate['body'])
            exists = certificate_service.get_by_serial(serial(cert))

@ -129,7 +132,6 @@ def sync_certificates(source, user):
            certificate['owner'] = user.email

        certificate['creator'] = user
-
        exists = [x for x in exists if x]

        if not exists:
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@ -129,7 +129,7 @@
          </select>
        </div>
      </div>
-    <div class="form-group">
+    <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
      <label class="control-label col-sm-2"
             uib-tooltip="If no date is selected Lemur attempts to issue a 2 year certificate">
        Validity Range <span class="glyphicon glyphicon-question-sign"></span>
@ -191,6 +191,15 @@
          class="glyphicon glyphicon-remove"></i></button>
      </div>
    </div>
+    <div class="form-group" ng-show="certificate.authority.plugin.slug == 'acme-issuer'">
+      <label class="control-label col-sm-2">
+        Validity Range <span class="glyphicon glyphicon-question-sign"></span>
+      </label>
+        <div class="col-sm-10">
+            Certificates for LetsEncrypt expire 90 days after creation. Enable auto-rotate to have Lemur automatically
+            rotate the certificate and update your endpoints.
+        </div>
+    </div>
    <div class="form-group">
      <label class="control-label col-sm-2">Auto Rotate</label>
      <div class="col-sm-10">