Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better zone handling

This commit is contained in:
Curtis Castrapel 2018-08-16 10:12:19 -07:00
parent e050177c08
commit da99bcda68
7 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemur/dns_providers/cli.py
View File

@ -18,8 +18,12 @@ def get_all_zones():
acme_plugin = plugins.get("acme-issuer") acme_plugin = plugins.get("acme-issuer")
for dns_provider in dns_providers: for dns_provider in dns_providers:
try:
zones = acme_plugin.get_all_zones(dns_provider) zones = acme_plugin.get_all_zones(dns_provider)
set_domains(dns_provider, zones) set_domains(dns_provider, zones)
except Exception as e:
print("[+] Error with DNS Provider {}: {}".format(dns_provider.name, e))
set_domains(dns_provider, [])
status = SUCCESS_METRIC_STATUS status = SUCCESS_METRIC_STATUS

2
lemur/plugins/lemur_acme/plugin.py
View File

@ -212,6 +212,8 @@ class AcmeHandler(object):
""" """
self.dns_providers_for_domain[domain] = [] self.dns_providers_for_domain[domain] = []
for dns_provider in self.all_dns_providers: for dns_provider in self.all_dns_providers:
if not dns_provider.domains:
continue
for name in dns_provider.domains: for name in dns_provider.domains:
if domain.endswith(name): if domain.endswith(name):
self.dns_providers_for_domain[domain].append(dns_provider) self.dns_providers_for_domain[domain].append(dns_provider)

10
lemur/sources/service.py
View File

@ -115,13 +115,16 @@ def sync_certificates(source, user):
certificates = s.get_certificates(source.options) certificates = s.get_certificates(source.options)
for certificate in certificates: for certificate in certificates:
exists = False
if certificate.get('name'): if certificate.get('name'):
exists = [certificate_service.get_by_name(certificate['name'])] result = certificate_service.get_by_name(certificate['name'])
if result:
exists = [result]
elif certificate.get('serial'): if not exists and certificate.get('serial'):
exists = certificate_service.get_by_serial(certificate['serial']) exists = certificate_service.get_by_serial(certificate['serial'])
else: if not exists:
cert = parse_certificate(certificate['body']) cert = parse_certificate(certificate['body'])
exists = certificate_service.get_by_serial(serial(cert)) exists = certificate_service.get_by_serial(serial(cert))
@ -129,7 +132,6 @@ def sync_certificates(source, user):
certificate['owner'] = user.email certificate['owner'] = user.email
certificate['creator'] = user certificate['creator'] = user
exists = [x for x in exists if x] exists = [x for x in exists if x]
if not exists: if not exists:

11
lemur/static/app/angular/certificates/certificate/tracking.tpl.html
View File

@ -129,7 +129,7 @@
</select> </select>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
<label class="control-label col-sm-2" <label class="control-label col-sm-2"
uib-tooltip="If no date is selected Lemur attempts to issue a 2 year certificate"> uib-tooltip="If no date is selected Lemur attempts to issue a 2 year certificate">
Validity Range <span class="glyphicon glyphicon-question-sign"></span> Validity Range <span class="glyphicon glyphicon-question-sign"></span>
@ -191,6 +191,15 @@
class="glyphicon glyphicon-remove"></i></button> class="glyphicon glyphicon-remove"></i></button>
</div> </div>
</div> </div>
<div class="form-group" ng-show="certificate.authority.plugin.slug == 'acme-issuer'">
<label class="control-label col-sm-2">
Validity Range <span class="glyphicon glyphicon-question-sign"></span>
</label>
<div class="col-sm-10">
Certificates for LetsEncrypt expire 90 days after creation. Enable auto-rotate to have Lemur automatically
rotate the certificate and update your endpoints.
</div>
</div>
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-2">Auto Rotate</label> <label class="control-label col-sm-2">Auto Rotate</label>
<div class="col-sm-10"> <div class="col-sm-10">

8
requirements-docs.txt
View File

@ -15,14 +15,14 @@ asyncpool==1.0
babel==2.6.0 # via sphinx babel==2.6.0 # via sphinx
bcrypt==3.1.4 bcrypt==3.1.4
blinker==1.4 blinker==1.4
boto3==1.7.75 boto3==1.7.78
botocore==1.10.75 botocore==1.10.78
certifi==2018.8.13 certifi==2018.8.13
cffi==1.11.5 cffi==1.11.5
chardet==3.0.4 chardet==3.0.4
click==6.7 click==6.7
cloudflare==2.1.0 cloudflare==2.1.0
cryptography==2.3 cryptography==2.3.1
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 dnspython==1.15.0
docutils==0.14 docutils==0.14
@ -49,7 +49,7 @@ jsonlines==1.2.0
lockfile==0.12.2 lockfile==0.12.2
mako==1.0.7 mako==1.0.7
markupsafe==1.0 markupsafe==1.0
marshmallow-sqlalchemy==0.14.0 marshmallow-sqlalchemy==0.14.1
marshmallow==2.15.4 marshmallow==2.15.4
mock==2.0.0 mock==2.0.0
ndg-httpsclient==0.5.1 ndg-httpsclient==0.5.1

8
requirements-tests.txt
View File

@ -8,16 +8,16 @@ asn1crypto==0.24.0 # via cryptography
atomicwrites==1.1.5 # via pytest atomicwrites==1.1.5 # via pytest
attrs==18.1.0 # via pytest attrs==18.1.0 # via pytest
aws-xray-sdk==0.95 # via moto aws-xray-sdk==0.95 # via moto
boto3==1.7.75 # via moto boto3==1.7.78 # via moto
boto==2.49.0 # via moto boto==2.49.0 # via moto
botocore==1.10.75 # via boto3, moto, s3transfer botocore==1.10.78 # via boto3, moto, s3transfer
certifi==2018.8.13 # via requests certifi==2018.8.13 # via requests
cffi==1.11.5 # via cryptography cffi==1.11.5 # via cryptography
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==6.7 # via flask click==6.7 # via flask
cookies==2.2.1 # via moto, responses cookies==2.2.1 # via moto, responses
coverage==4.5.1 coverage==4.5.1
cryptography==2.3 # via moto cryptography==2.3.1 # via moto
docker-pycreds==0.3.0 # via docker docker-pycreds==0.3.0 # via docker
docker==3.5.0 # via moto docker==3.5.0 # via moto
docutils==0.14 # via botocore docutils==0.14 # via botocore
@ -59,7 +59,7 @@ s3transfer==0.1.13 # via boto3
six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client six==1.11.0 # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
text-unidecode==1.2 # via faker text-unidecode==1.2 # via faker
urllib3==1.23 # via requests urllib3==1.23 # via requests
websocket-client==0.48.0 # via docker websocket-client==0.49.0 # via docker
werkzeug==0.14.1 # via flask, moto, pytest-flask werkzeug==0.14.1 # via flask, moto, pytest-flask
wrapt==1.10.11 # via aws-xray-sdk wrapt==1.10.11 # via aws-xray-sdk
xmltodict==0.11.0 # via moto xmltodict==0.11.0 # via moto

8
requirements.txt
View File

@ -13,14 +13,14 @@ asn1crypto==0.24.0 # via cryptography
asyncpool==1.0 asyncpool==1.0
bcrypt==3.1.4 # via flask-bcrypt, paramiko bcrypt==3.1.4 # via flask-bcrypt, paramiko
blinker==1.4 # via flask-mail, flask-principal, raven blinker==1.4 # via flask-mail, flask-principal, raven
boto3==1.7.75 boto3==1.7.78
botocore==1.10.75 # via boto3, s3transfer botocore==1.10.78 # via boto3, s3transfer
certifi==2018.8.13 certifi==2018.8.13
cffi==1.11.5 # via bcrypt, cryptography, pynacl cffi==1.11.5 # via bcrypt, cryptography, pynacl
chardet==3.0.4 # via requests chardet==3.0.4 # via requests
click==6.7 # via flask click==6.7 # via flask
cloudflare==2.1.0 cloudflare==2.1.0
cryptography==2.3 cryptography==2.3.1
dnspython3==1.15.0 dnspython3==1.15.0
dnspython==1.15.0 # via dnspython3 dnspython==1.15.0 # via dnspython3
docutils==0.14 # via botocore docutils==0.14 # via botocore
@ -46,7 +46,7 @@ jsonlines==1.2.0 # via cloudflare
lockfile==0.12.2 lockfile==0.12.2
mako==1.0.7 # via alembic mako==1.0.7 # via alembic
markupsafe==1.0 # via jinja2, mako markupsafe==1.0 # via jinja2, mako
marshmallow-sqlalchemy==0.14.0 marshmallow-sqlalchemy==0.14.1
marshmallow==2.15.4 marshmallow==2.15.4
mock==2.0.0 # via acme mock==2.0.0 # via acme
ndg-httpsclient==0.5.1 ndg-httpsclient==0.5.1