Ensuring that default notifications are made based on app configuration during app initialization

lemur/database.py

@@ -9,6 +9,8 @@
 
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
+from flask import current_app
+
 from sqlalchemy import exc
 from sqlalchemy.sql import and_, or_
 
@@ -124,7 +126,8 @@ def get(model, value, field="id"):
     query = session_query(model)
     try:
         return query.filter(getattr(model, field) == value).one()
-    except Exception:
+    except Exception as e:
+        current_app.logger.exception(e)
         return
 
 

lemur/manage.py

@@ -77,6 +77,7 @@ LEMUR_RESTRICTED_DOMAINS = []
 
 LEMUR_EMAIL = ''
 LEMUR_SECURITY_TEAM_EMAIL = []
+LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS = [30, 15, 2]
 
 # Logging
 
@@ -257,82 +258,19 @@ class InitializeApp(Command):
         else:
             sys.stdout.write("[-] Default user has already been created, skipping...!\n")
 
-        thirty_day = notification_service.get_by_label("SECURITY_TEAM_30_DAY")
+        sys.stdout.write("[+] Creating expiration email notifications!\n")
-        ten_day = notification_service.get_by_label("SECURITY_TEAM_10_DAY")
+        sys.stdout.write("[!] Using {recipients} as specified by LEMUR_SECURITY_TEAM_EMAIL for notifications\n")
-        two_day = notification_service.get_by_label("SECURITY_TEAM_2_DAY")
-        sys.stdout.write("[+] Creating default email notifications!\n")
 
-        to = ",".join(current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL"))
+        intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS")
+        sys.stdout.write(
+            "[!] Creating {num} notifications for {intervals} days as specified by LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS\n".format(
+                num=len(intervals),
+                intervals=",".join([str(x) for x in intervals])
+            )
+        )
 
-        options = [
+        recipients = current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')
-            {
+        notification_service.create_default_expiration_notifications("DEFAULT_SECURITY", recipients=recipients)
-                'name': 'recipients',
-                'value': to
-            },
-            {
-                'name': 'unit',
-                'value': 'days'
-            }
-        ]
-
-        if not thirty_day:
-            inter = [{
-                'name': 'interval',
-                'value': 30,
-            }]
-            inter.extend(options)
-            notification_service.create(
-                label="SECURITY_TEAM_30_DAY",
-                plugin_name="email-notification",
-                options=list(inter),
-                description="Default 30 day expiration notification",
-                certificates=[]
-            )
-            sys.stdout.write("[+] Created 30 day email notification for {recipients}!\n".format(recipients=to))
-        else:
-            sys.stdout.write("[-] Skipping 30 day email notification already created for {recipients}!\n".format(
-                recipients=to)
-            )
-
-        if not ten_day:
-            inter = [{
-                'name': 'interval',
-                'value': 10,
-            }]
-            inter.extend(options)
-            notification_service.create(
-                label="SECURITY_TEAM_30_DAY",
-                plugin_name="email-notification",
-                options=list(inter),
-                description="Default 10 day expiration notification",
-                certificates=[]
-            )
-            sys.stdout.write("[+] Created 10 day email notification for {recipients}!\n".format(recipients=to))
-        else:
-            sys.stdout.write("[-] Skipping 10 day email notification already created for {recipients}!\n".format(
-                recipients=to)
-            )
-
-        if not two_day:
-            inter = [{
-                'name': 'interval',
-                'value': 2,
-            }]
-            inter.extend(options)
-            notification_service.create(
-                label="SECURITY_TEAM_30_DAY",
-                plugin_name="email-notification",
-                options=list(inter),
-                description="Default 2 day expiration notification",
-                certificates=[]
-            )
-            sys.stdout.write("[+] Created 2 day email notification for {recipients}!\n".format(
-                recipients=to)
-            )
-        else:
-            sys.stdout.write("[-] Skipping 2 day email notification already created for {recipients}!\n".format(
-                recipients=to)
-            )
 
         sys.stdout.write("[/] Done!\n")
 

lemur/notifications/models.py

@@ -17,12 +17,18 @@ from lemur.models import certificate_notification_associations
 class Notification(db.Model):
     __tablename__ = 'notifications'
     id = Column(Integer, primary_key=True)
-    label = Column(String(128))
+    label = Column(String(128), unique=True)
     description = Column(Text())
     options = Column(JSONType)
     active = Column(Boolean, default=True)
     plugin_name = Column(String(32))
-    certificates = relationship("Certificate", secondary=certificate_notification_associations, passive_deletes=True, backref="notification", cascade='all,delete')
+    certificates = relationship(
+        "Certificate",
+        secondary=certificate_notification_associations,
+        passive_deletes=True,
+        backref="notification",
+        cascade='all,delete'
+    )
 
     @property
     def plugin(self):

lemur/notifications/service.py

@@ -147,6 +147,48 @@ def _is_eligible_for_notifications(cert):
             return cert
 
 
+def create_default_expiration_notifications(name, recipients):
+    """
+    Will create standard 30, 10 and 2 day notifications for a given owner. If standard notifications
+    already exist these will be returned instead of new notifications.
+
+    :param name:
+    :return:
+    """
+    options = [
+        {
+            'name': 'recipients',
+            'value': ','.join(recipients)
+        },
+        {
+            'name': 'unit',
+            'value': 'days'
+        }
+    ]
+
+    intervals = current_app.config.get("LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS")
+
+    notifications = []
+    for i in intervals:
+        n = get_by_label("{name}_{interval}_DAY".format(name=name, interval=i))
+        if not n:
+            inter = [{
+                'name': 'interval',
+                'value': i,
+            }]
+            inter.extend(options)
+            n = create(
+                label="{name}_{interval}_DAY".format(name=name, interval=i),
+                plugin_name="email-notification",
+                options=list(inter),
+                description="Default {interval} day expiration notification".format(interval=i),
+                certificates=[]
+            )
+        notifications.append(n)
+
+    return notifications
+
+
 def create(label, plugin_name, options, description, certificates):
     """
     Creates a new destination, that can then be used as a destination for certificates.