Merge pull request #1561 from castrapel/le_fix

Allow proper detection of zones, fix certificate detection
2018-08-14 15:01:29 -07:00 · 2018-08-14 15:01:29 -07:00 · f3d9513df2
parent e050177c08 2c22c9c2f1
commit f3d9513df2
8 changed files with 54 additions and 18 deletions
--- a/lemur/migrations/versions/5ae0ecefb01f_.py
+++ b/lemur/migrations/versions/5ae0ecefb01f_.py
@ -0,0 +1,32 @@
+"""Convert pending cert status field to text
+
+Revision ID: 5ae0ecefb01f
+Revises: 1db4f82bc780
+Create Date: 2018-08-14 08:16:43.329316
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '5ae0ecefb01f'
+down_revision = '1db4f82bc780'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.alter_column(
+        table_name='pending_certs',
+        column_name='status',
+        nullable=True,
+        type_=sa.TEXT()
+    )
+
+
+def downgrade():
+    op.alter_column(
+        table_name='pending_certs',
+        column_name='status',
+        nullable=True,
+        type_=sa.VARCHAR(128)
+    )
--- a/lemur/pending_certificates/cli.py
+++ b/lemur/pending_certificates/cli.py
@ -107,12 +107,12 @@ def fetch_all_acme():
            if pending_cert.number_attempts > 4:
                error_log["message"] = "Deleting pending certificate"
                send_pending_failure_notification(pending_cert, notify_owner=pending_cert.notify)
-                pending_certificate_service.delete_by_id(pending_cert.id)
+                pending_certificate_service.delete(pending_certificate_service.cancel(pending_cert))
            else:
                pending_certificate_service.increment_attempt(pending_cert)
                pending_certificate_service.update(
                    cert.get("pending_cert").id,
-                    status=str(cert.get("last_error"))[0:128]
+                    status=str(cert.get("last_error"))
                )
            current_app.logger.error(error_log)
    log_data["message"] = "Complete"
--- a/lemur/pending_certificates/models.py
+++ b/lemur/pending_certificates/models.py
@ -39,7 +39,7 @@ class PendingCertificate(db.Model):
    date_created = Column(ArrowType, PassiveDefault(func.now()), nullable=False)
    dns_provider_id = Column(Integer, ForeignKey('dns_providers.id', ondelete="CASCADE"))

-    status = Column(String(128))
+    status = Column(Text(), nullable=True)

    rotation = Column(Boolean, default=False)
    user_id = Column(Integer, ForeignKey('users.id'))
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -213,7 +213,7 @@ class AcmeHandler(object):
        self.dns_providers_for_domain[domain] = []
        for dns_provider in self.all_dns_providers:
            for name in dns_provider.domains:
-                if domain.endswith(name):
+                if domain.endswith("." + name):
                    self.dns_providers_for_domain[domain].append(dns_provider)
        return self.dns_providers_for_domain

@ -475,7 +475,8 @@ class ACMEIssuerPlugin(IssuerPlugin):
            current_app.logger.debug("Using DNS provider: {0}".format(dns_provider.provider_type))
            dns_provider_plugin = __import__(dns_provider.provider_type, globals(), locals(), [], 1)
            account_number = credentials.get("account_id")
-            if dns_provider.provider_type == 'route53' and not account_number:
+            provider_type = dns_provider.provider_type
+            if provider_type == "route53" and not account_number:
                error = "Route53 DNS Provider {} does not have an account number configured.".format(dns_provider.name)
                current_app.logger.error(error)
                raise InvalidConfiguration(error)
@ -483,6 +484,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
            dns_provider = {}
            dns_provider_options = None
            account_number = None
+            provider_type = None

        domains = self.acme.get_domains(issuer_options)
        if not create_immediately:
@ -495,7 +497,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
                    authz_domains.append(d.value)

            dns_authorization = authorization_service.create(account_number, authz_domains,
-                                                             dns_provider.get("provider_type"))
+                                                             provider_type)
            # Return id of the DNS Authorization
            return None, None, dns_authorization.id

--- a/lemur/sources/service.py
+++ b/lemur/sources/service.py
@ -115,13 +115,16 @@ def sync_certificates(source, user):
    certificates = s.get_certificates(source.options)

    for certificate in certificates:
+        exists = False
        if certificate.get('name'):
-            exists = [certificate_service.get_by_name(certificate['name'])]
+            result = certificate_service.get_by_name(certificate['name'])
+            if result:
+                exists = [result]

-        elif certificate.get('serial'):
+        if not exists and certificate.get('serial'):
            exists = certificate_service.get_by_serial(certificate['serial'])

-        else:
+        if not exists:
            cert = parse_certificate(certificate['body'])
            exists = certificate_service.get_by_serial(serial(cert))

@ -129,7 +132,6 @@ def sync_certificates(source, user):
            certificate['owner'] = user.email

        certificate['creator'] = user
-
        exists = [x for x in exists if x]

        if not exists:
--- a/lemur/static/app/angular/pending_certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/pending_certificates/view/view.tpl.html
@ -82,7 +82,7 @@
                    </li>
                  <li class="list-group-item">
                      <strong>Latest Status</strong>
-                        <span class="pull-right">
+                        <span class="center-block">
                          {{ pendingCertificate.status }}
                        </span>
                    </li>
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@ -8,16 +8,16 @@ asn1crypto==0.24.0        # via cryptography
 atomicwrites==1.1.5       # via pytest
 attrs==18.1.0             # via pytest
 aws-xray-sdk==0.95        # via moto
-boto3==1.7.75             # via moto
+boto3==1.7.76             # via moto
 boto==2.49.0              # via moto
-botocore==1.10.75         # via boto3, moto, s3transfer
+botocore==1.10.76         # via boto3, moto, s3transfer
 certifi==2018.8.13        # via requests
 cffi==1.11.5              # via cryptography
 chardet==3.0.4            # via requests
 click==6.7                # via flask
 cookies==2.2.1            # via moto, responses
 coverage==4.5.1
-cryptography==2.3         # via moto
+cryptography==2.3.1       # via moto
 docker-pycreds==0.3.0     # via docker
 docker==3.5.0             # via moto
 docutils==0.14            # via botocore
@ -59,7 +59,7 @@ s3transfer==0.1.13        # via boto3
 six==1.11.0               # via cryptography, docker, docker-pycreds, faker, freezegun, mock, more-itertools, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
 text-unidecode==1.2       # via faker
 urllib3==1.23             # via requests
-websocket-client==0.48.0  # via docker
+websocket-client==0.49.0  # via docker
 werkzeug==0.14.1          # via flask, moto, pytest-flask
 wrapt==1.10.11            # via aws-xray-sdk
 xmltodict==0.11.0         # via moto
--- a/requirements.txt
+++ b/requirements.txt
@ -13,14 +13,14 @@ asn1crypto==0.24.0        # via cryptography
 asyncpool==1.0
 bcrypt==3.1.4             # via flask-bcrypt, paramiko
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.7.75
-botocore==1.10.75         # via boto3, s3transfer
+boto3==1.7.76
+botocore==1.10.76         # via boto3, s3transfer
 certifi==2018.8.13
 cffi==1.11.5              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==6.7                # via flask
 cloudflare==2.1.0
-cryptography==2.3
+cryptography==2.3.1
 dnspython3==1.15.0
 dnspython==1.15.0         # via dnspython3
 docutils==0.14            # via botocore