diff --git a/lemur/database.py b/lemur/database.py index c2bb8f13..22a464ff 100644 --- a/lemur/database.py +++ b/lemur/database.py @@ -9,6 +9,8 @@ .. moduleauthor:: Kevin Glisson """ +from flask import current_app + from sqlalchemy import exc from sqlalchemy.sql import and_, or_ @@ -124,7 +126,8 @@ def get(model, value, field="id"): query = session_query(model) try: return query.filter(getattr(model, field) == value).one() - except Exception: + except Exception as e: + current_app.logger.exception(e) return diff --git a/lemur/manage.py b/lemur/manage.py index 31af39c7..1ad37291 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -77,6 +77,7 @@ LEMUR_RESTRICTED_DOMAINS = [] LEMUR_EMAIL = '' LEMUR_SECURITY_TEAM_EMAIL = [] +LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS = [30, 15, 2] # Logging @@ -257,82 +258,19 @@ class InitializeApp(Command): else: sys.stdout.write("[-] Default user has already been created, skipping...!\n") - thirty_day = notification_service.get_by_label("SECURITY_TEAM_30_DAY") - ten_day = notification_service.get_by_label("SECURITY_TEAM_10_DAY") - two_day = notification_service.get_by_label("SECURITY_TEAM_2_DAY") - sys.stdout.write("[+] Creating default email notifications!\n") + sys.stdout.write("[+] Creating expiration email notifications!\n") + sys.stdout.write("[!] Using {recipients} as specified by LEMUR_SECURITY_TEAM_EMAIL for notifications\n") - to = ",".join(current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL")) + intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS") + sys.stdout.write( + "[!] Creating {num} notifications for {intervals} days as specified by LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS\n".format( + num=len(intervals), + intervals=",".join([str(x) for x in intervals]) + ) + ) - options = [ - { - 'name': 'recipients', - 'value': to - }, - { - 'name': 'unit', - 'value': 'days' - } - ] - - if not thirty_day: - inter = [{ - 'name': 'interval', - 'value': 30, - }] - inter.extend(options) - notification_service.create( - label="SECURITY_TEAM_30_DAY", - plugin_name="email-notification", - options=list(inter), - description="Default 30 day expiration notification", - certificates=[] - ) - sys.stdout.write("[+] Created 30 day email notification for {recipients}!\n".format(recipients=to)) - else: - sys.stdout.write("[-] Skipping 30 day email notification already created for {recipients}!\n".format( - recipients=to) - ) - - if not ten_day: - inter = [{ - 'name': 'interval', - 'value': 10, - }] - inter.extend(options) - notification_service.create( - label="SECURITY_TEAM_30_DAY", - plugin_name="email-notification", - options=list(inter), - description="Default 10 day expiration notification", - certificates=[] - ) - sys.stdout.write("[+] Created 10 day email notification for {recipients}!\n".format(recipients=to)) - else: - sys.stdout.write("[-] Skipping 10 day email notification already created for {recipients}!\n".format( - recipients=to) - ) - - if not two_day: - inter = [{ - 'name': 'interval', - 'value': 2, - }] - inter.extend(options) - notification_service.create( - label="SECURITY_TEAM_30_DAY", - plugin_name="email-notification", - options=list(inter), - description="Default 2 day expiration notification", - certificates=[] - ) - sys.stdout.write("[+] Created 2 day email notification for {recipients}!\n".format( - recipients=to) - ) - else: - sys.stdout.write("[-] Skipping 2 day email notification already created for {recipients}!\n".format( - recipients=to) - ) + recipients = current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') + notification_service.create_default_expiration_notifications("DEFAULT_SECURITY", recipients=recipients) sys.stdout.write("[/] Done!\n") diff --git a/lemur/notifications/models.py b/lemur/notifications/models.py index 7318e5f3..97475686 100644 --- a/lemur/notifications/models.py +++ b/lemur/notifications/models.py @@ -17,12 +17,18 @@ from lemur.models import certificate_notification_associations class Notification(db.Model): __tablename__ = 'notifications' id = Column(Integer, primary_key=True) - label = Column(String(128)) + label = Column(String(128), unique=True) description = Column(Text()) options = Column(JSONType) active = Column(Boolean, default=True) plugin_name = Column(String(32)) - certificates = relationship("Certificate", secondary=certificate_notification_associations, passive_deletes=True, backref="notification", cascade='all,delete') + certificates = relationship( + "Certificate", + secondary=certificate_notification_associations, + passive_deletes=True, + backref="notification", + cascade='all,delete' + ) @property def plugin(self): diff --git a/lemur/notifications/service.py b/lemur/notifications/service.py index 63890d8a..0ffdc52d 100644 --- a/lemur/notifications/service.py +++ b/lemur/notifications/service.py @@ -147,6 +147,48 @@ def _is_eligible_for_notifications(cert): return cert +def create_default_expiration_notifications(name, recipients): + """ + Will create standard 30, 10 and 2 day notifications for a given owner. If standard notifications + already exist these will be returned instead of new notifications. + + :param name: + :return: + """ + options = [ + { + 'name': 'recipients', + 'value': ','.join(recipients) + }, + { + 'name': 'unit', + 'value': 'days' + } + ] + + intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS") + + notifications = [] + for i in intervals: + n = get_by_label("{name}_{interval}_DAY".format(name=name, interval=i)) + if not n: + inter = [{ + 'name': 'interval', + 'value': i, + }] + inter.extend(options) + n = create( + label="{name}_{interval}_DAY".format(name=name, interval=i), + plugin_name="email-notification", + options=list(inter), + description="Default {interval} day expiration notification".format(interval=i), + certificates=[] + ) + notifications.append(n) + + return notifications + + def create(label, plugin_name, options, description, certificates): """ Creates a new destination, that can then be used as a destination for certificates.