Commit Graph

1084 Commits

Author SHA1 Message Date
Hossein Shafagh
6705a0e030
Merge branch 'master' into ADCS-plugin 2019-02-01 16:38:39 -08:00
sirferl
36ab1c0bec
Merge branch 'master' into ADCS-plugin 2019-02-01 19:10:46 +01:00
Marti Raudsepp
e24a94d798 Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
Curtis
e475d90e2e
Merge branch 'master' into master 2019-01-30 07:20:44 -08:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master 2019-01-29 16:37:29 -08:00
Hossein Shafagh
7f4f4ffded
Merge branch 'master' into master 2019-01-29 16:30:15 -08:00
Hossein Shafagh
48ad20faca moving the 2 year validity issue to the Verisign plugin, and address it there 2019-01-29 16:17:08 -08:00
Curtis
1e708bf1c7
Merge branch 'master' into password_noninteractive 2019-01-29 15:21:34 -08:00
Curtis Castrapel
d2317acfc5 allowing create_user with noninteractive PW;updating reqs 2019-01-29 15:17:40 -08:00
Curtis
29638c7f3b
Merge branch 'master' into master 2019-01-29 14:59:55 -08:00
Curtis
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name 2019-01-29 14:56:31 -08:00
alwaysjolley
c68a9cf80a fixing linting issues 2019-01-29 11:10:56 -05:00
alwaysjolley
254a3079f2 fix whitespace 2019-01-29 11:01:55 -05:00
alwaysjolley
b4d1b80e04 Adding support for cfssl auth mode signing 2019-01-29 10:13:44 -05:00
sirferl
c77ccdf46e
Merge branch 'master' into ADCS-plugin 2019-01-28 17:57:46 +01:00
Hossein Shafagh
c47fa0f9a2 adjusting the tests to reflect on the new full year convert limit! 2019-01-24 17:52:22 -08:00
Hossein Shafagh
a9724e7383 Resolving the 2 years error from UI during cert creation:
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
Marti Raudsepp
4b893ab5b4 Expose full certificate RFC 4514 Distinguished Name string
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48 Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted. 2019-01-21 10:25:28 +01:00
Ronald Moesbergen
cb35f19d6c Add 'delete_cert' to enum log_type in logs table 2019-01-21 10:22:03 +01:00
Curtis Castrapel
0336d68ee2 Merge remote-tracking branch 'upstream/master' 2019-01-17 14:56:12 -08:00
Curtis Castrapel
7f88c24e83 Fix LetsEncrypt Dyn flow for duplicate CN/SAN 2019-01-17 14:56:04 -08:00
Hossein Shafagh
d3284a4006 adjusting the query to filter authorities based on matching CN 2019-01-14 17:52:06 -08:00
Curtis Castrapel
3567a768d5 Compare certificate hashes to determine if Lemur already has a synced certificate 2019-01-14 13:35:55 -08:00
Curtis Castrapel
31a86687e7 Reduce the expense of joins 2019-01-14 09:20:02 -08:00
Curtis Castrapel
c4e6e7c59b Optimize DB cert filtering 2019-01-14 08:02:27 -08:00
Curtis
638a8450a3
Merge branch 'master' into more_retries 2019-01-11 11:25:00 -08:00
Curtis Castrapel
0e02e6da79 Be more forgiving to throttling 2019-01-11 11:13:43 -08:00
sirferl
a1ca61d813 changed a too long comment 2019-01-09 09:50:26 +01:00
sirferl
a43476bc87 minor errors after lint fix 2019-01-07 11:04:27 +01:00
sirferl
054685fc38
Merge branch 'master' into ADCS-plugin 2019-01-07 10:23:18 +01:00
sirferl
c62bcd1456 repaired several lint errors 2019-01-07 10:02:37 +01:00
Marti Raudsepp
542e953919 Check that stored private keys match certificates
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
  even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
Curtis
6a31856d0d
Update plugin.py 2018-12-21 12:33:47 -08:00
Curtis
b5d6abb01f
Merge branch 'master' into kubernetes-improvment 2018-12-21 12:06:09 -08:00
Curtis
b7332957e7
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:59:20 -08:00
Curtis
70381c4c89
Merge branch 'master' into kubernetes-fix 2018-12-21 07:44:11 -08:00
Curtis
a14fe08a63
Merge branch 'master' into kubernetes-improvment 2018-12-21 07:42:13 -08:00
Curtis
fb7605e34b
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:41:08 -08:00
Marti Raudsepp
72f6fdb17d Properly handle Unicode in issuer name sanitization
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.

We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
Marti Raudsepp
0f2e30cdae Deduplicate rows before notification associations unique constraint migration 2018-12-21 12:11:33 +02:00
sirferl
f02178c154 added ADCS issuer and source plugin 2018-12-20 11:54:47 +01:00
Wesley Hartford
fbf48316b1 Minor changes for code review suggestions. 2018-12-18 22:43:32 -05:00
Wesley Hartford
073d05ae21 Merge branch 'kubernetes-fix' into kubernetes-improvment 2018-12-18 22:26:03 -05:00
Wesley Hartford
e7313da03e Minor changes for code review suggestions. 2018-12-18 22:24:48 -05:00
Curtis
425a07e988
Merge branch 'master' into destination-tpl-fix 2018-12-18 12:27:35 -08:00
Curtis
513e876e2e
Merge branch 'master' into master 2018-12-18 12:18:38 -08:00
Wesley Hartford
bc621c1468 Improve the Kubernetes Destination plugin
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.

The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.

The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.

Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl
a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Wesley Hartford
060c78fd91 Fix Kubernetes Destination Plugin
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.

The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford
437d918cf7 Fix textarea and validation on destination page
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen
dcf5ce0eec
Merge branch 'master' into master 2018-12-07 13:57:59 +01:00
Curtis Castrapel
c32e20b6fc Fix notifications - Ensure that notifcation e-mails are sent appropriately 2018-12-06 12:25:43 -08:00
Ronald Moesbergen
e0ac749734 When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable") 2018-12-06 16:47:53 +01:00
Curtis Castrapel
2a235fb0e2 Prefer DNS provider with longest matching zone 2018-11-30 12:44:52 -08:00
Curtis Castrapel
a90154e0ae LetsEncrypt Celery Flow 2018-11-29 09:29:05 -08:00
Curtis Castrapel
39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Ronald Moesbergen
da10913045 Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True 2018-11-20 10:37:36 +01:00
Ronald Moesbergen
61839f4aca Add support for nested group membership in ldap authenticator 2018-11-19 13:42:42 +01:00
Curtis Castrapel
3ce8abe46e Left outer join on domains tables to avoid missing results 2018-11-13 14:33:17 -08:00
Curtis Castrapel
92a771f5ed More accurate db count functionality 2018-11-13 09:14:21 -08:00
Curtis
29be647911
Merge branch 'master' into no_csr_reissue 2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler 2018-11-12 09:52:11 -08:00
Curtis Castrapel
6f0005c78e Avoid colliding LetsEncrypt jobs 2018-11-09 10:31:27 -08:00
Curtis Castrapel
1643650685 Changing essential part of query 2018-11-07 16:02:04 -08:00
Curtis Castrapel
08a2a2b0e5 Optimize certificate filtering by name 2018-11-07 15:34:25 -08:00
Curtis Castrapel
a3f96b96ee Add fixture to failing function 2018-11-05 15:16:09 -08:00
Curtis Castrapel
75183ef2f2 Unpin most dependencies, and fix moto 2018-11-05 14:37:52 -08:00
Curtis Castrapel
61738dde9e Run query on DB 2018-11-05 13:15:53 -08:00
Curtis Castrapel
52e773230d Add new gin index to optimize ILIKE queries 2018-11-05 10:29:11 -08:00
Curtis Castrapel
0277e4dc05 get_or_increase_name fix for pendingcertificates 2018-10-29 13:53:30 -07:00
Curtis Castrapel
50761d9d3b safer reissue, fix celery sync job 2018-10-29 13:22:50 -07:00
Curtis Castrapel
56ed416cb7 Celery task for sync job 2018-10-29 09:10:43 -07:00
Curtis
a8b357965e
Merge branch 'master' into get_by_attributes 2018-10-29 08:15:42 -07:00
Curtis
2138930102
Merge branch 'master' into get_by_attributes 2018-10-24 07:20:46 -07:00
James Chuong
75069cd52a Add CSR to certificiates
Add csr column to certificates field, as pending certificates have
exposed the CSR already.  This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481

Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
Curtis Castrapel
b709eed3c3 Only resolve pending cert if not attempted in last 5 min 2018-10-23 13:08:43 -07:00
Curtis Castrapel
054cc64ee8 Prevent dashes from appearing at end of cert name in AWS 2018-10-23 12:49:58 -07:00
Curtis Castrapel
73ed5164cd deps 2018-10-22 14:51:13 -07:00
Curtis
b058508478
Merge branch 'master' into get_by_attributes 2018-10-22 09:09:55 -07:00
Curtis Castrapel
e83699b6ae Add unique constraint to sources table - label column 2018-10-19 15:34:34 -07:00
Non Sequitur
81d114092e Merge branch 'github' into get_by_attributes 2018-10-17 12:00:36 -04:00
Non Sequitur
48017a9d4c Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods 2018-10-17 11:42:09 -04:00
Curtis Castrapel
a912c3488d python fix to retrigger tests 2018-10-12 07:25:58 -07:00
Curtis Castrapel
89a077e54c minor change to pass stuck github check 2018-10-12 07:14:31 -07:00
Curtis Castrapel
13ef965666 nit: comments 2018-10-12 05:56:14 -07:00
Curtis Castrapel
6073f9e7b6 datetime ref fix 2018-10-12 05:51:30 -07:00
Curtis Castrapel
4b3d458dba Celery task to delete old pending certs 2018-10-12 05:47:16 -07:00
Curtis Castrapel
cc18a68c00 Lemur LetsEncrypt Polling Support 2018-10-11 22:01:05 -07:00
Curtis Castrapel
e91d8ec81b add indexes to domains and certificates tables to optimize load time 2018-10-11 11:36:50 -07:00
Non Sequitur
79033f42b4
Merge branch 'master' into improved_verify 2018-10-02 09:19:24 -04:00
Non Sequitur
40f4444099 Flake8 fix in test_verify.py 2018-10-01 22:04:31 -04:00
Curtis Castrapel
56282845fa Enable optional verisign cloud transparency configuration 2018-10-01 09:20:50 -07:00
Non Sequitur
50919d85a8 Merge remote-tracking branch 'upstream/master' into improved_verify 2018-09-27 11:19:06 -04:00
Mike Culbertson
590fac4aa8 docstring update in verify.py 2018-09-27 10:11:13 -04:00
Mike Culbertson
f19b6382bc Updated verify tests 2018-09-27 10:10:04 -04:00
Mike Culbertson
11f2210894 Merge branch 'improved_verify' of github.com:explody/lemur into improved_verify 2018-09-27 09:28:45 -04:00
Mike Culbertson
652d7f65dd flake8 tweak 2018-09-27 09:28:21 -04:00
Curtis Castrapel
563f0fb9b2 Celery refactoring, celery beat job in configuration 2018-09-17 10:52:12 -07:00
Curtis Castrapel
23382b2777 Celery integration 2018-09-13 10:35:54 -07:00
Curtis
c09d8ae630
Merge branch 'master' into fix_import_v1 2018-09-10 10:35:31 -07:00
Curtis Castrapel
7d42e4ce67 Fix certificate import issues 2018-09-10 10:34:47 -07:00
Curtis Castrapel
f6a130b09d Add more logging to messaging 2018-09-10 09:13:31 -07:00
Curtis
c9836fbf25
Merge branch 'master' into improved_verify 2018-09-06 07:33:55 -07:00
Gus Esquivel
82e69db0c5 fix error message typo 2018-09-04 10:21:34 -05:00
Mike Culbertson
2815ddf6c8 Moved cert object to be passed to both ocsp/crl methods so we can report in better detail on the certs. Ensured proper returns of False (revoked) True (good) None (unknown) throughout the methods. 2018-08-31 13:34:55 -04:00
Mike Culbertson
34c88494b8 More specific exception catch for cert parsing. line shortening. 2018-08-31 12:19:55 -04:00
Mike Culbertson
7dbca821c3 Reducing the stacked exceptions plus a bit of pep8 2018-08-31 12:01:49 -04:00
Curtis Castrapel
d82a615e17 Validate config - fix for issue#1629 2018-08-28 09:15:28 -07:00
Curtis Castrapel
453bb43157 recommit https://github.com/Netflix/lemur/pull/1612 2018-08-27 09:50:02 -07:00
Curtis
1b77dfa47a
Revert "Precommit - Fix linty things" 2018-08-22 13:21:35 -07:00
Curtis Castrapel
3e9726d9db Precommit work 2018-08-22 10:38:09 -07:00
Curtis Castrapel
6abf274680 Allow case insensitive role matching for cert permissions 2018-08-20 08:55:04 -07:00
Curtis Castrapel
9f64f0523b Increase timeouts 2018-08-17 15:36:56 -07:00
Curtis Castrapel
43ae6c39e3 wait right here 2018-08-17 12:14:02 -07:00
Curtis Castrapel
7f9a035802 Fix private key bytecode issue 2018-08-17 10:59:01 -07:00
Curtis Castrapel
a6b1f33208 Ensure owner names are lowercase for new / updated certificates 2018-08-17 10:41:55 -07:00
Curtis Castrapel
1ad61b1550 allow null validity periods 2018-08-17 07:57:55 -07:00
Curtis Castrapel
be9d683e46 fix merge 2018-08-16 10:15:48 -07:00
Curtis Castrapel
da99bcda68 Better zone handling 2018-08-16 10:12:19 -07:00
Curtis Castrapel
2c22c9c2f1 Allow proper detection of zones, fix certificate detection 2018-08-14 14:37:45 -07:00
Curtis Castrapel
1a5abe6550 fix lint 2018-08-13 15:11:57 -07:00
Curtis Castrapel
cc836433fb formatting 2018-08-13 15:06:16 -07:00
Curtis Castrapel
5829794d82 typo fix 2018-08-13 14:25:54 -07:00
Curtis Castrapel
bb026b8b59 Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider 2018-08-13 14:22:59 -07:00
Curtis
ab37189022
Merge branch 'master' into unittests-use-valid-certs 2018-08-07 09:42:39 -07:00
Curtis
cf71f88680
Merge branch 'master' into fill-missing-rotation-policy 2018-08-07 08:23:29 -07:00
Curtis
f9a7b97839
Merge branch 'master' into unittests-use-valid-certs 2018-08-07 07:45:45 -07:00
Cyril Dangerville
2869042f38 Fixed invalid JSON payloads (making API requests fail in particular) (#1522) 2018-08-03 15:26:48 -07:00
Marti Raudsepp
82158aece6 Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.

Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
2018-08-03 20:06:21 +03:00
Marti Raudsepp
1f0f432327 Fix unit tests certificates to have correct chains and private keys
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.

The test vector certs were generated using the Lemur "cryptography"
authority plugin.

* Certificates are now more similar to real-world usage: long serial
  numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
  anything if needed.
2018-08-03 19:45:13 +03:00
Marti Raudsepp
acd2701fa2 Delete dead code in unit tests (#1510) 2018-08-03 08:21:55 -07:00
Curtis
025d177565
Merge branch 'master' into letsencrypt_account_support 2018-07-30 15:28:29 -07:00
Curtis Castrapel
44192d4494 remove debug print 2018-07-30 15:27:23 -07:00
Curtis Castrapel
0889076d3b Support LetsEncrypt accounts 2018-07-30 15:25:02 -07:00
Mike Grima
d6b482755b Proper flask_restful boolean parsing.
This is documented here: https://github.com/flask-restful/flask-restful/issues/488
2018-07-30 13:49:41 -07:00
Curtis Castrapel
caf99d36d6 fix deletion 2018-07-27 15:52:22 -07:00
Curtis Castrapel
e16c1de001 Error logging 2018-07-27 14:17:50 -07:00
Curtis Castrapel
2a6dda07eb Show and send error for pending certs 2018-07-27 14:15:14 -07:00
Curtis Castrapel
9b29f9f819 Adding pessimistic sqlalchemy disconnection handling 2018-07-23 10:57:22 -07:00
Curtis Castrapel
2f51fea743 no bare except 2018-07-20 13:43:47 -07:00
Curtis Castrapel
c78077d8d6 Explicit capture exception during create failure 2018-07-20 13:43:47 -07:00
Steven Reiling
bd9203fcbc Adds an optional interval variable to notification service's
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
2018-07-20 13:43:47 -07:00
Marti Raudsepp
d071d85486 Clean up module imports
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-20 13:43:47 -07:00
Marti Raudsepp
04ee1656ee Cache parsed certificate instead of re-parsing for each field
Use @cached_property decorator to cache the results of parse_certificate().

This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-20 13:43:47 -07:00
root
56372c55b4 initial commit 2018-07-20 13:43:47 -07:00
Marti Raudsepp
149caa5602 Clean up module imports
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-12 11:21:18 -07:00
Marti Raudsepp
b472e5e648 Cache parsed certificate instead of re-parsing for each field
Use @cached_property decorator to cache the results of parse_certificate().

This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-12 11:21:18 -07:00
Marti Raudsepp
64132ba92b Expose certificate dateCreated via API 2018-07-12 11:21:18 -07:00
Curtis Castrapel
9ef356f59d reformat code (noop) 2018-07-12 11:21:17 -07:00
Curtis Castrapel
3397fb6560 R53: Extend only TXT records 2018-06-20 10:33:35 -07:00
Curtis Castrapel
3efc709e03 tests 2018-06-19 21:16:35 -07:00
Curtis Castrapel
dda7f54a16 lint 2018-06-19 20:58:00 -07:00
Curtis Castrapel
2d33d3e2b8 lint 2018-06-19 20:35:00 -07:00
Curtis
d50c9c7748
Merge branch 'master' into acme_validation_dns_provider_option 2018-06-19 16:45:25 -07:00
Curtis Castrapel
a141b8c5ea Support concurrent issuance in Route53 for LetsEncrypt 2018-06-19 16:27:58 -07:00
Curtis
b2bc431823
Merge branch 'master' into dyn2 2018-06-14 08:06:31 -07:00
Curtis Castrapel
4e72cb96c9 Graceful cancellation of pending cert and order details in log for acme failure 2018-06-14 08:02:34 -07:00
Dmitry Zykov
b99aad743b remove linuxdst plugin 2018-06-13 15:15:09 -07:00
Curtis Castrapel
135f2b710c Limit dns queries to 10 attempts 2018-06-13 15:14:48 -07:00
Curtis Castrapel
065e0edc5f lint 2018-06-13 14:22:45 -07:00
Curtis Castrapel
d72792ff37 Fix unique dyn situation where zone does not match tld, and there's a deeper zone 2018-06-13 14:08:39 -07:00
Curtis
038f5dc554
Merge branch 'master' into linuxdst 2018-06-12 07:40:40 -07:00
Curtis Castrapel
7f5d1a0b6b sync error 2018-06-11 15:40:15 -07:00
Curtis Castrapel
92860cffca Default configuration for DNS providers 2018-06-11 13:32:53 -07:00
Curtis
80e3331596
Merge branch 'master' into master 2018-05-30 08:24:00 -07:00
kevgliss
2a3af5214e
Merge branch 'master' into linuxdst 2018-05-29 18:54:37 -07:00
James Chuong
4911d713a5 Fix import metrics in notifications/messaging.py (#1254)
`from lemur import metrics` is incorrect for notifications/messaging.py
because that is importing the `metrics` module rather than the
instanciated `lemur.extensions.metrics` object.  This will cause errors
if you import notifications/messaging.py elsewhere, since it can cause
circular dependencies.

Change-Id: Ice28c480373601420fc83bae2d27bb6467cdb752
2018-05-29 18:54:16 -07:00
Curtis Castrapel
5e24f685c1 lint error 2018-05-29 10:46:24 -07:00
Curtis Castrapel
97d3621705 convert description to TEXT column 2018-05-29 10:23:01 -07:00
Curtis Castrapel
544a02ca3f Addressing comments. Updating copyrights. Added function to determine authorative name server 2018-05-29 10:23:01 -07:00
Curtis
ae26e44cc2
Merge branch 'master' into master 2018-05-25 11:09:23 -07:00
Curtis Castrapel
b0f9d33b32 Requirements update 2018-05-25 11:07:26 -07:00
Curtis Castrapel
5e3add0b81 docstring 2018-05-24 15:21:38 -07:00
Curtis Castrapel
9fc6c9aaf7 Sort and page 2018-05-24 12:55:52 -07:00
James Chuong
a47b6c330d Use serial_number instead of serial (#1251)
* Add code coverage badge to README

* fixing docs (#1231)

* Change cert.serial to serial_number

This fixes deprecation warning coming from cryptography package about
using cert.serial instead of serial_number.

Change-Id: I252820974c77cc1b80639920a5e8c2e874819dda
2018-05-23 16:04:30 -07:00
Curtis Castrapel
de52fa7f48 fix v1 backwards compatibility 2018-05-16 08:00:33 -07:00
Curtis Castrapel
680f4966a1 acme v2 support 2018-05-16 07:46:37 -07:00
Curtis Castrapel
a9b9b27a0b fix tests 2018-05-10 12:58:04 -07:00
Curtis Castrapel
52e7ff9919 Allow specification of dns provider name only 2018-05-10 12:58:04 -07:00
Curtis
f4a010e505
Merge branch 'master' into master 2018-05-09 07:52:07 -07:00
Curtis Castrapel
0bd14488bb Update requirements, handle more lemur_acme exceptions, and remove take a tour button 2018-05-08 15:35:03 -07:00
Curtis Castrapel
6500559f8e Fix issue with automatically renewing acme certificates 2018-05-08 14:54:10 -07:00
Curtis
642dbd4098
Merge branch 'master' into linuxdst 2018-05-08 12:09:05 -07:00
Curtis Castrapel
a8187d15c6 quick lint 2018-05-08 11:04:25 -07:00
Curtis Castrapel
df5168765b more tests 2018-05-08 11:03:17 -07:00
kevgliss
c26ae16060
fixing docs (#1231) 2018-05-08 10:58:48 -07:00
Curtis Castrapel
9ccb8fb838 Alembic simplification 2018-05-07 15:14:32 -07:00
Curtis Castrapel
e68b3d2cbd 0.7 release 2018-05-07 09:58:24 -07:00
Curtis Castrapel
1be3f8368f dyn support 2018-05-04 15:01:01 -07:00
Curtis Castrapel
3e64dd4653 Additional work 2018-05-04 15:01:01 -07:00
Curtis
74ca13861c
Merge branch 'master' into master 2018-04-27 11:19:23 -07:00
Curtis Castrapel
532872b3c6 dns_provider ui 2018-04-27 11:18:51 -07:00
Zach Seils
0579b2935c Print variable value instead of name (#1227)
* Print variable value instead of name

* Fixed ordering and variable name for stdout string
2018-04-26 09:39:42 -07:00
Curtis
c5cb01bd33
Merge branch 'master' into master 2018-04-26 09:16:31 -07:00
Curtis Castrapel
efd5836e43 fix test 2018-04-26 09:04:13 -07:00
Curtis Castrapel
f0f2092fb4 Some unit tests 2018-04-25 11:19:34 -07:00
kevgliss
e09b7eb978
Selectively enable CORS. (#1220) 2018-04-24 17:10:38 -07:00
Zach Seils
3e5db9eedb Check for default rotation policy before updating db (#1223) 2018-04-24 16:55:26 -07:00
Zach Seils
91500d1022 Minor comment & stdout corrections (#1225) 2018-04-24 16:53:51 -07:00
Curtis Castrapel
38b8df4a07 lint 2018-04-24 09:48:14 -07:00
Curtis Castrapel
7704f51441 Working acme flow. Pending DNS providers UI 2018-04-24 09:38:57 -07:00
Curtis
81e349e07d
Merge branch 'master' into hackday 2018-04-23 10:11:49 -07:00
Curtis Castrapel
44e3b33aaa More stuff. Will prioritize this more next week 2018-04-20 14:49:54 -07:00
Curtis Castrapel
fbce1ef7c7 temp digicert fix 2018-04-13 15:50:55 -07:00
Curtis Castrapel
309d10c4e2 stuff 2018-04-13 15:50:55 -07:00
Curtis Castrapel
4d05a09a20 fix_changes 2018-04-13 15:50:55 -07:00
Curtis Castrapel
3538f1a629 fix_errors 2018-04-13 15:50:55 -07:00
Curtis Castrapel
993958c356 up-reqs 2018-04-13 15:50:55 -07:00
Curtis Castrapel
2d6d2357b5 DNS Providers list returned 2018-04-13 15:50:55 -07:00
Curtis Castrapel
a66d85b63d clean up a bit 2018-04-13 15:50:55 -07:00
Curtis Castrapel
b0bd0435c4 more stuff 2018-04-13 15:50:54 -07:00
Curtis Castrapel
b2e6938815 WIP: Add support for Acme/LetsEncrypt with DNS Provider integration 2018-04-13 15:50:54 -07:00
Curtis Castrapel
5dd03098e5 actually update deps 2018-04-13 15:50:53 -07:00
Curtis Castrapel
c03133622f Correct validities 2018-04-13 15:18:17 -07:00
Curtis Castrapel
8303cfbd2b Fix datetime 2018-04-13 14:53:45 -07:00
Curtis
3ef550f738
Merge branch 'master' into hackday 2018-04-12 12:49:52 -07:00
Curtis Castrapel
f6fd262618 DNS Providers list returned 2018-04-11 15:56:00 -07:00
Curtis Castrapel
5125990c4c clean up a bit 2018-04-11 07:48:04 -07:00
Will Bengtson
52cb145333 ecc: add the support for ECC (#1191)
* ecc: add the support for ECC

update generate_private_key to support ECC.  Move key types to constant.  Update UI for the new key types

* ecc: Remove extra line to fix linting

* ecc: Fix flake8 lint problems

* Update options.tpl.html
2018-04-10 16:54:17 -07:00
Curtis Castrapel
5beb319b27 more stuff 2018-04-10 16:04:07 -07:00
kevgliss
12622d5847
Adding metrics for request timings. (#1190) 2018-04-10 15:55:02 -07:00
Mihir Jham
a9baaf4da4 add(plugins): Added a statsd plugin for lemur (#1189) 2018-04-10 15:15:03 -07:00
Curtis Castrapel
f61098b874 WIP: Add support for Acme/LetsEncrypt with DNS Provider integration 2018-04-10 14:28:53 -07:00
Will Bengtson
8ca4f730e8 lemur_digicert: Do not truncate valid_to anymore (#1187)
* lemur_digicert: Do not truncate valid_to anymore

The valid_to field for Digicert supports YYYY-MM-DDTHH:MM:SSZ so we should stop truncating

* lemur_digicert: Update unit tests for valid_to
2018-04-10 13:23:09 -07:00
Marti Raudsepp
8e2b2123f1 Fix filtering on boolean columns, broken with SQLAlchemy 1.2 upgrade
SQLAlchemy 1.2 does not allow comparing string values to boolean
columns. This caused errors like:

    sqlalchemy.exc.StatementError: (builtins.TypeError) Not a boolean value: 'true'

For more details see http://docs.sqlalchemy.org/en/latest/changelog/migration_12.html#boolean-datatype-now-enforces-strict-true-false-none-values
2018-04-09 18:59:23 +03:00
Dmitry Zykov
28614b5793 remove linuxdst plugin 2018-04-04 14:49:25 +03:00
Dmitry Zykov
4a0103a88d SFTP destination plugin (#1170)
* add sftp destination plugin
2018-04-03 10:30:19 -07:00
Curtis
259800ce35
Merge branch 'master' into issue_1089 2018-03-29 08:48:52 -07:00
Curtis Castrapel
b814a4f009 Remove get_pending_certificates from verisign issuer 2018-03-28 08:56:28 -07:00
Curtis Castrapel
c3a2781507 Allow quotes for exact match 2018-03-28 08:33:43 -07:00
iTitou
a316cbba73 [add] Docs and default config for metric plugins (#1148) 2018-03-27 15:51:32 -07:00
Curtis Castrapel
844202f36b check if user active properly 2018-03-26 13:14:22 -07:00
kevgliss
c51fed5307
allowing null basic contraints (#1131) 2018-03-23 11:38:47 -07:00
kevgliss
db746f1296
Adds support for CDLDistributionPoints. (#1130) 2018-03-23 08:51:18 -07:00
Curtis Castrapel
e15836e9ca Update more dependencies. Remove hashes 2018-03-21 14:48:51 -07:00
Curtis Castrapel
d67542d7f5 actually update deps 2018-03-21 12:46:30 -07:00
Curtis Castrapel
4087f1c03b Update auth keys, change python version to satisfy tests 2018-03-21 11:57:19 -07:00
iTitou
bbacb7e210 [fix] No internal server error when trying to Google Auth an unregistered user (#1109) 2018-03-21 11:57:19 -07:00
cjwaian
19cf8f6bdd Remove non-ASCII character (#1104) 2018-03-21 11:57:19 -07:00
Curtis Castrapel
74a516cde0 nt 2018-03-16 14:15:03 -07:00
Curtis Castrapel
58da68d72f Revert "Requirements and Elasticsearch logging configuration"
This reverts commit c08d3dd82f.
2018-03-16 14:10:12 -07:00
Curtis Castrapel
c7ca3949f6 info level, and new variable name 2018-03-16 11:55:53 -07:00
Curtis Castrapel
bbf5e95186 fix unusued import 2018-03-16 10:07:47 -07:00
Curtis
462e757f92
Merge branch 'master' into requirements_logging 2018-03-16 08:51:25 -07:00
Curtis Castrapel
c08d3dd82f Requirements and Elasticsearch logging configuration 2018-03-16 08:36:10 -07:00
Curtis Castrapel
18c64fafe4 address comment 2018-02-27 12:34:18 -08:00
Curtis Castrapel
77a1600c13 Fix cloned notifications 2018-02-27 10:57:43 -08:00