Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,648 Commits 4 Branches 45 Tags 7.5 MiB
0e02e6da79
Commit Graph

249 Commits

Author SHA1 Message Date
Nevins
162d5ccb62 Gracefully handle importing certificates with missing data (#674) 
* fixing index out of range issue

* catching exceptions is common values aren't set

* fixing lint errors

* fixing unrelated lint/import error
 2017-01-24 13:48:53 -08:00
kevgliss
83128f3019 Fixing elb sync issues. (#641) 
* Fixing elb sync issues.

* Fixing de-duplications of names.
 2017-01-05 16:06:34 -08:00
kevgliss
e5dee2d7e6 Adding additional metrics for when destinations fail to upload. (#637) 2016-12-28 09:52:23 -08:00
kevgliss
de7cec35c6 Clean refactor (#635) 
* Adding rotation to the UI.

* Removing spinkit dependency.

* refactoring source cleaning
 2016-12-27 10:31:33 -08:00
kevgliss
700c57b807 Rotation ui (#633) 
* Adding rotation to the UI.

* Removing spinkit dependency.
 2016-12-26 15:55:11 -08:00
kevgliss
ce75bba2c3 Replacement refactor. (#631) 
* Deprecating replacement keyword.

* Def renaming.
 2016-12-26 11:09:50 -08:00
kevgliss
46f8ebd136 Modifying the way rotation works. (#629) 
* Modifying the way rotation works.

* Adding docs.

* Fixing tests.
 2016-12-23 13:18:42 -08:00
kevgliss
072ca4da4f Adding some additional output to rotation command. (#627) 2016-12-21 13:34:14 -08:00
kevgliss
cdcae4efb0 Closes #594 (#621) 2016-12-20 14:26:39 -08:00
kevgliss
f7c795c7f6 Closes #577. (#622) 2016-12-20 14:26:29 -08:00
kevgliss
beba2ba092 Adding additional reporting and refactoring existing setup. (#620) 2016-12-20 12:48:14 -08:00
kevgliss
156b98f7f0 Ensuring that rotation only happens for certificates with endpoints to rotate. (#606) 2016-12-15 15:20:21 -08:00
kevgliss
d20c552248 Fixing issues with rotation. (#603) 
* Fixing issues with rotation.

* Fixing tests
 2016-12-14 17:30:13 -08:00
Marti Raudsepp
1eb3d563c6 Fix error reporting for certs without private key (#599) 2016-12-14 13:25:56 -08:00
Marti Raudsepp
71ddbb409c Minor documentation fixes/tweaks (#597) 
Mostly typos, grammar errors and inconsistent indentation in code
examples.

Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
 2016-12-14 09:29:04 -08:00
kevgliss
03d5a6cfe1 Refactors how notifications are generated. (#584) 2016-12-12 11:22:49 -08:00
kevgliss
968dd52f6f Fixes (#576) 
* Fixing email notification

* Adding endpoint expiration

* Fixing endpoint type for ELBs

* Allowing verisign to include additional SANs
 2016-12-08 15:52:27 -08:00
kevgliss
a4b32b0d31 Fixing up notification testing (#575) 2016-12-08 11:33:40 -08:00
kevgliss
fc205713c8 Certificate rotation enhancements (#570) 2016-12-07 16:24:59 -08:00
kevgliss
e94cf6ddc9 Ensuring that certificates returned from digicert are in the proper format (#564) 2016-12-06 12:05:18 -08:00
kevgliss
e622a49b72 Adding better error handling around certificate rotation (#562) 2016-12-05 15:12:55 -08:00
kevgliss
9030aed8a4 Ensuring that our syncing process can find duplicate certifcates that do no need to be sync'd (#560) 2016-12-05 11:08:29 -08:00
kevgliss
7f823a04cd Ensuring that acme and cryptography respect different key types (#554) 2016-12-02 10:54:18 -08:00
kevgliss
81bf98c746 Enabling RSA2048 and RSA4096 as available key types (#551) 
* Enabling RSA2048 and RSA4096 as available key types

* Fixing re-issuance
 2016-12-01 15:41:53 -08:00
kevgliss
588ac1d6a6 Digicert cis fixes (#540) 2016-11-29 17:15:39 -08:00
kevgliss
058d2938fb migrating off of openssl (#539) 2016-11-29 11:30:44 -08:00
kevgliss
727bc87ede Log fixes (#534) 
* tying up some loose ends with event logging

* Ensuring creators can access
 2016-11-28 14:13:16 -08:00
kevgliss
250558baf3 Ensuring that authority owners can access certificates issued by that… (#526) 
* Ensuring that authority owners can access certificates issued by that authority
 2016-11-25 20:35:07 -08:00
kevgliss
8e5323e2d7 migrating flask imports (#525) 2016-11-22 21:11:20 -08:00
kevgliss
6eca2eb147 Re-working the way audit logs work. 
* Adding more checks.
 2016-11-21 11:28:11 -08:00
kevgliss
744e204817 Initial work on #74. (#514) 
* Initial work on #74.

* Fixing tests.

* Adding migration script.

* Excluding migrations from coverage report.
 2016-11-21 09:19:14 -08:00
kevgliss
d45e7d6b85 [WIP] - 422 elb rotate (#493) 
* Initial work on certificate rotation.

* Adding ability to get additional certificate info.

* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
 2016-11-18 11:27:46 -08:00
kevgliss
6fd47edbe3 Adds the ability to clone existing certificates. (#513) 2016-11-17 16:19:52 -08:00
kevgliss
a616310eb7 Fixing an issue were aws certificates plugins might not have a chain. (#512) 2016-11-17 14:47:10 -08:00
kevgliss
9ac1756011 removing new 'active' logic for the time being (#505) 2016-11-16 15:56:24 -08:00
kevgliss
851d74da3d Ensuring that private key is in string format before it gets stored (#504) 
* Ensuring that private key is in string format before it gets stored

* Fixing failing test.
 2016-11-16 15:05:25 -08:00
kevgliss
eaf34b1c8b Disabling the protect active flag (#498) 2016-11-16 09:31:02 -08:00
kevgliss
e9219adfb5 Ensuring model's have a basic __repr__. (#499) 2016-11-16 09:30:54 -08:00
kevgliss
114deba06e Adding the ability to silence notifications on creation. (#490) 2016-11-12 09:29:42 -08:00
kevgliss
0334f1094d fixing documentation typo (#489) 2016-11-11 13:35:24 -08:00
kevgliss
953d3a08e7 Adding example request to documentation. (#487) 2016-11-11 12:54:12 -08:00
kevgliss
e6b291d034 Time (#482) 
* adding python 3.5 as a target

* adding env flag

* Aligning on arrow dates.
 2016-11-09 10:56:22 -08:00
kevgliss
4afedaf537 Fixes (#476) 
* Ensures that Vault can accept bytes and strings.

* Make restricted domains optional.

* Fixing notify flag.
 2016-11-04 09:16:41 -07:00
kevgliss
1ac1a44e83 San alt name (#468) 2016-10-31 11:00:15 -07:00
kevgliss
a8f44944b1 Closes #415 2016-10-17 23:23:14 -07:00
kevgliss
f921b67fff Removing the ability to use spaces in custom names. (#455) 2016-10-15 04:56:25 -07:00
kevgliss
c367e4f73f Prevents the silencing of notifications that are actively deployed. (#454) 
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.

* Adding migration script to alter 'active' column.
 2016-10-15 00:12:11 -07:00
kevgliss
dcb18a57c4 Adds option to restrict certificate expiration dates to weekdays. (#453) 
* Adding ability to restrict certificate creation to weekdays.

* Ensuring that we test for weekends.
 2016-10-15 00:04:35 -07:00
kevgliss
c05a49f8c9 Fixes an issuer where a member of a role is not able to add new users to said role. (#445) 2016-10-11 17:24:15 -07:00
kevgliss
72a390c563 Ensure the openssl and cryptography work under python3. (#438) 2016-10-09 00:06:15 -07:00
Charles Hendrie
3ad7a37f95 Fix import certificate private key encoding (#434) 
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.

The fix in both cases is to correctly encode the private key as a bytes
object.
 2016-10-08 17:04:54 -07:00
kevgliss
2d7a6ccf3c Owner email (#414) 
* Ensuring python2 works with unicode strings.

* adding in owner DN

* fixing tests

* Upgrading requests.

* Fixing tests.
 2016-08-25 10:09:46 -07:00
kevgliss
29a330b1f4 Orphaned certificates (#406) 
* Fixing whitespace.

* Fixing syncing.

* Fixing tests
 2016-07-28 13:08:24 -07:00
kevgliss
f38868a97f Fixing various problems with the syncing of endpoints, throttling sta… (#398) 
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
 2016-07-12 08:40:49 -07:00
kevgliss
1ba7181067 Fixed an issue were default notifications were added even when updati… (#395) 
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.

* Ensuring imported certificates get the same treatment.
 2016-07-07 11:44:11 -07:00
kevgliss
4077893d08 Ensuring that destinations require private keys by default. (#390) 
* Ensuring that destinations require private keys by default.
 2016-07-04 15:30:20 -07:00
kevgliss
54b888bb08 Adding a toy certificate authority. (#378) 2016-06-29 09:05:39 -07:00
kevgliss
fe9703dd94 Closes #284 (#336) 2016-06-27 14:40:46 -07:00
kevgliss
19b928d663 Fixes #367 2016-06-23 13:29:59 -07:00
kevgliss
d9cc4980e8 Fixing destination upload. (#347) 
* Fixing an issue where uploaded certificates would have a name of 'None'

* Clarifying comment.

* Improving order.
 2016-06-03 18:45:58 -07:00
kevgliss
dc198fec8c Docs (#344) 
* Adding release info.

* adding some fields

* Adding Source Plugin change.

* Updating docs
 2016-06-03 08:28:09 -07:00
kevgliss
72e3fb5bfe Fixing several small issues. (#341) 
* Fixing several small issues.

* Fixing tests.
 2016-06-01 11:18:00 -07:00
kevgliss
b2539b843b Fixing and error causing duplicate roles to be created. (#339) 
* Fixing and error causing duplicate roles to be created.

* Fixing python3

* Fixing python2 and python3
 2016-05-31 15:44:54 -07:00
kevgliss
11f4bd503b Fixes (#332) 
* Ensuring domains are returned correctly.

* Ensuring certificates receive owner role
 2016-05-24 17:10:19 -07:00
kevgliss
1ca38015bc Fixes (#329) 
* Modifying the way roles are assigned.

* Adding migration scripts.

* Adding endpoints field for future use.

* Fixing dropdowns.
 2016-05-23 18:38:04 -07:00
kevgliss
656269ff17 Closes #147 (#328) 
* Closes #147

* Fixing tests

* Ensuring we can validate max dates.
 2016-05-23 11:28:25 -07:00
kevgliss
bd727b825d Making roles more apparent for certificates and authorities. (#327) 2016-05-20 12:48:12 -07:00
kevgliss
e04c1e7dc9 Fixing a few things, adding tests. (#326) 2016-05-20 09:03:34 -07:00
kevgliss
615df76dd5 Closes 262 (#324) 
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
 2016-05-19 13:37:05 -07:00
kevgliss
b187d8f836 Adding a better comparison. (#320) 2016-05-16 19:03:10 -07:00
kevgliss
1763a1a717 254 duplication certificate name (#319) 2016-05-16 15:59:40 -07:00
kevgliss
62b61ed980 Fixing various issues. (#318) 
* Fixing various issues.

* Fixing tests
 2016-05-16 11:09:50 -07:00
kevgliss
a0c8765588 Various bug fixes. (#314) 2016-05-12 12:38:44 -07:00
kevgliss
f9655213b3 Marshmallowing notifications. (#308) 2016-05-10 11:27:57 -07:00
kevgliss
df0ad4d875 Authorities marshmallow addition (#303) 2016-05-09 11:00:16 -07:00
kevgliss
6ec3bad49a Closes #278 (#298) 
* Closes #278
 2016-05-05 15:28:17 -07:00
kevgliss
52f44c3ea6 Closes #278 and #199, Starting transition to marshmallow (#299) 
* Closes #278  and #199, Starting transition to marshmallow
 2016-05-05 12:52:08 -07:00
kevgliss
3f89d6d009 Merge pull request #271 from kevgliss/195 
Closes #195
 2016-04-08 12:01:10 -07:00
kevgliss
62d03b0d41 Closes #216 2016-04-01 16:54:33 -07:00
kevgliss
bfcfdb83a7 Closes #195 2016-04-01 14:27:57 -07:00
kevgliss
576265e09c Closes #246 2016-04-01 09:19:36 -07:00
kevgliss
028d86c0bb Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True. 2016-01-29 12:45:18 -08:00
kevgliss
2ba48995fe Fixing documentation for filter format 2016-01-29 11:47:16 -08:00
kevgliss
1e524a49c0 making 'replacements' a non-require attribute for importing. Closes #226 2016-01-29 09:02:51 -08:00
kevgliss
0a4f5ad64d Fixing an assumption that 'subAltNames' are always passed to the API. 2016-01-10 17:33:19 -08:00
kevgliss
3f024c1ef4 Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5 2015-12-30 15:11:08 -08:00
kevgliss
cabe2ae18d Adding the ability to issue third party created CSRs 2015-12-29 10:49:33 -08:00
kevgliss
9cadebcd50 adding example requests 2015-11-30 13:51:27 -08:00
kevgliss
ec896461a7 Adding final touches to #125 2015-11-30 09:47:36 -08:00
kevgliss
8eeed821d3 Adding UI elements 2015-11-27 13:27:14 -08:00
kevgliss
920d595c12 Initial work on #125 2015-11-25 14:54:08 -08:00
kevgliss
1c6e9caa40 Closes #144 2015-11-24 16:07:44 -08:00
kevgliss
d6b3f5af81 Closes #122 2015-11-24 14:53:22 -08:00
Robert Picard
40eb950e94 Use MultiFernet for encryption 
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.

Fixes #117 and #119.
 2015-10-13 16:58:58 -07:00
kevgliss
168f46a436 Adding the ability to track a certificates signing key algorithm 2015-10-06 12:51:59 -07:00
kevgliss
5cfa9d4bc5 description should be optional 2015-09-29 16:37:32 -07:00
kevgliss
7ebd0bf5d4 making fields required 2015-09-24 08:42:31 -07:00
kevgliss
06a69c09a0 Fixing a bug where notifications associated during certificate creation would not be respected. 2015-09-22 13:01:05 -07:00
kevgliss
be6a5b859e adding notification example 2015-09-22 09:46:54 -07:00
kevgliss
aaae4d5a1f unifying lemur defaults 2015-09-04 15:52:56 -07:00
kevgliss
3b109ec578 Cleaning up temporary file creation, and revocation checking 2015-09-02 09:19:06 -07:00
kevgliss
45158c64a2 cleaning up temporary file creation 2015-09-02 09:19:06 -07:00
kevgliss
aca69ce03c Closes #53 2015-09-02 09:15:11 -07:00
kevgliss
bf8ce354e5 Closes #55 2015-09-02 09:13:47 -07:00
kevgliss
8d09d865b1 Closes #57 2015-09-02 09:13:47 -07:00
kevgliss
8977c5ddbf Ensuring notifications follow owner 2015-08-29 12:02:50 -07:00
kevgliss
9a04371680 Adding ability to define distinguished names in config 2015-08-27 12:59:40 -07:00
kevgliss
a07db5625b Fixing an issue were extensions were implicitly required 2015-08-22 10:22:36 -07:00
kevgliss
4b7a55c89f Fixing issue with a certificate with no role not being viewable 2015-08-21 16:08:53 -07:00
kevgliss
6b2da2fe6b Fixes #35 2015-08-19 18:05:18 -07:00
kevgliss
eb55d5465f Making LEMUR_DEFAULT_SECURITY_EMAIL optional 2015-08-17 16:03:57 -07:00
kevgliss
32ef793c4d Switch to relying on the configuration key in the configuration file 2015-08-08 16:12:29 -07:00
kevgliss
fc68552d0f Making Lemur py3 compatible 2015-08-03 21:07:28 -07:00
kevgliss
7d169f7c4c Fixing up some of the sync related code 2015-08-03 13:51:27 -07:00
kevgliss
cdb3814469 Fixing notification deduplication and roll up 2015-08-02 09:14:27 -07:00
kevgliss
c9e9a9ed7c Fixing upload description 2015-08-02 07:45:10 -07:00
kevgliss
02b717dd7c Fixing upload, and removing old unneeded code 2015-08-02 05:57:26 -07:00
kevgliss
aef1587635 Adding default notifications 2015-08-01 19:08:46 -07:00
kevgliss
46652ba117 Purging ELB and Listener specific models 2015-08-01 15:47:14 -07:00
kevgliss
e247d635fc Adding backend code for sources models 2015-08-01 15:29:34 -07:00
kevgliss
c5a6a0570a adding link to python packaging documentation 2015-07-31 19:02:44 -07:00
kevgliss
1e748a64d7 Initial support for notification plugins closes #8, closes #9, closes #7, closes #4, closes #16 2015-07-29 17:13:06 -07:00
kevgliss
c02390d63b PEP8 2015-07-23 09:08:07 -07:00
kevgliss
a4ed83cb62 Refactoring out challenge 2015-07-23 08:52:30 -07:00
kevgliss
8d576aa3d8 Fixing tests 2015-07-22 10:51:55 -07:00
kevgliss
c75e20a1ea Pleasing the PEP8 gods 2015-07-21 13:06:13 -07:00
kevgliss
0c7204cdb9 Refactored 'accounts' to be more general with 'destinations' 2015-07-10 17:06:57 -07:00
kevgliss
5156371913 Modify the naming structure for certificates. AWS is pretty picky about what is a valid name. 2015-07-08 16:39:00 -07:00
kevgliss
002f83092d Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well. 2015-07-08 16:37:48 -07:00
kevgliss
f660450043 Aligning config variables 2015-07-07 17:23:46 -07:00
kevgliss
8239aa55e1 fixing conflicts 2015-07-07 16:26:37 -07:00
kevgliss
82c4be29a4 fixing merge conflict 2015-07-07 15:36:39 -07:00
kevgliss
c59bf3f257 Fixing tests 2015-07-06 10:53:12 -07:00
kevgliss
3f49bb95ff Starting to move to new plugin architecture. 2015-07-04 12:47:57 -07:00
kevgliss
b17e12bed4 Doc fix 2015-07-03 12:59:48 -07:00
kevgliss
95bab9331d Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir. 2015-07-03 10:30:17 -07:00
kevgliss
8cbc6b8325 Initial work at removing openssl 2015-07-02 15:48:56 -07:00
Kevin Glisson
bc0f9534c2 Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions 2015-07-02 15:48:56 -07:00
Kevin Glisson
096d88bc9b Ensuring a 404 is returned when we can't find the specified certificate 2015-07-02 15:48:56 -07:00
Kevin Glisson
f28d3a54c5 API change in cryptography 2015-07-02 15:48:55 -07:00
Kevin Glisson
37669b906c Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations. 2015-07-02 15:48:54 -07:00
kevgliss
1a01209e78 Merge pull request #10 from kevgliss/tests 
Tests
 2015-06-29 14:10:54 -07:00
Kevin Glisson
964d1c1c52 Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions 2015-06-26 16:18:31 -07:00
Kevin Glisson
1f9d943a4c Ensuring a 404 is returned when we can't find the specified certificate 2015-06-26 16:17:22 -07:00
Kevin Glisson
c6ae689dc8 Adding role tests 2015-06-26 10:31:55 -07:00
kevgliss
b1f93c5dd2 Merge pull request #3 from kevgliss/hotfix/upload 
API change in cryptography
 2015-06-25 13:57:45 -07:00
Kevin Glisson
e92113d28f API change in cryptography 2015-06-25 13:50:46 -07:00
Kevin Glisson
be97f3dcc2 Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations. 2015-06-24 16:51:44 -07:00
Kevin Glisson
4330ac9c05 initial commit 2015-06-22 13:47:27 -07:00