Hossein Shafagh
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
Hossein Shafagh
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
Hossein Shafagh
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
Hossein Shafagh
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
Hossein Shafagh
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
Hossein Shafagh
2459234147
removing lines
2019-04-11 14:34:26 -07:00
Hossein Shafagh
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
Hossein Shafagh
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
Hossein Shafagh
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
Hossein Shafagh
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
Hossein Shafagh
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
Curtis Castrapel
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
Hossein Shafagh
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
Hossein Shafagh
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
Hossein Shafagh
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
Javier Ramos
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
Hossein Shafagh
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
Marti Raudsepp
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
Javier Ramos
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
Ryan DeShone
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
Javier Ramos
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
Hossein Shafagh
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
Curtis
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
alwaysjolley
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
alwaysjolley
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
Javier Ramos
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
Javier Ramos
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
alwaysjolley
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
Curtis
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
Curtis
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
Curtis
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
Curtis
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
Curtis Castrapel
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
alwaysjolley
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
alwaysjolley
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
Hossein Shafagh
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
alwaysjolley
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
alwaysjolley
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
Hossein Shafagh
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
Hossein Shafagh
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
Hossein Shafagh
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00
Hossein Shafagh
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
Kevin Glisson
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
alwaysjolley
a1cb8ee266
fixing lint
2019-03-05 07:37:04 -05:00
alwaysjolley
880eaad6cb
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-05 07:22:18 -05:00
alwaysjolley
4a027797e0
fixing linting issues
2019-03-05 07:19:22 -05:00
Hossein Shafagh
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
Hossein Shafagh
c9bcd29082
Merge branch 'master' into lemur_vault_plugin
2019-03-04 17:55:00 -08:00
Curtis Castrapel
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
Marti Raudsepp
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
alwaysjolley
20518bc377
Merge branch 'master' into lemur_vault_plugin
2019-03-01 09:58:43 -05:00
alwaysjolley
5d2f603c84
renamed vault destination plugin to avoid conflict with vault pki plugin
2019-03-01 09:49:52 -05:00
Ronald Moesbergen
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
Ronald Moesbergen
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
Hossein Shafagh
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
Hossein Shafagh
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
Hossein Shafagh
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
Hossein Shafagh
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc
2019-02-26 09:28:48 -08:00
alwaysjolley
53301728fa
Moved url to config file instead of plugin option. One one url can be supported
...
unless both the token and url are moved to the plugin options.
2019-02-26 09:15:12 -05:00
Hossein Shafagh
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
alwaysjolley
cd65a36437
- support multiple bundle configuration, nginx, apache, cert only
...
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
2019-02-25 09:42:07 -05:00
Ronald Moesbergen
ef0c08dfd9
Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'.
...
This fix sets it to the common name instead.
2019-02-21 16:33:43 +01:00
alwaysjolley
eaa73998a0
adding lemur_vault destination plugin
2019-02-19 15:03:15 -05:00
Ronald Moesbergen
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
Ronald Moesbergen
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
Hossein Shafagh
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
Hossein Shafagh
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
Hossein Shafagh
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register
2019-02-05 12:41:26 -08:00
Hossein Shafagh
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
Hossein Shafagh
2107d58050
Merge branch 'master' into get_by_attributes
2019-02-05 10:31:35 -08:00
Hossein Shafagh
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-05 10:29:20 -08:00
Marti Raudsepp
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
Hossein Shafagh
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
Hossein Shafagh
f249a82d71
renaming destination to source.
2019-02-04 16:10:48 -08:00
Hossein Shafagh
44a060b159
adding support for creating a source while creating a new dst, while the destination is from AWS
2019-02-04 15:36:39 -08:00
sirferl
c1cf8d7a92
Merge branch 'master' into ADCS-plugin
2019-02-02 19:21:22 +01:00
Hossein Shafagh
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
Hossein Shafagh
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
Hossein Shafagh
6705a0e030
Merge branch 'master' into ADCS-plugin
2019-02-01 16:38:39 -08:00
sirferl
36ab1c0bec
Merge branch 'master' into ADCS-plugin
2019-02-01 19:10:46 +01:00
Marti Raudsepp
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
Curtis
e475d90e2e
Merge branch 'master' into master
2019-01-30 07:20:44 -08:00
Hossein Shafagh
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
Hossein Shafagh
7f4f4ffded
Merge branch 'master' into master
2019-01-29 16:30:15 -08:00
Hossein Shafagh
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
Curtis
1e708bf1c7
Merge branch 'master' into password_noninteractive
2019-01-29 15:21:34 -08:00
Curtis Castrapel
d2317acfc5
allowing create_user with noninteractive PW;updating reqs
2019-01-29 15:17:40 -08:00
Curtis
29638c7f3b
Merge branch 'master' into master
2019-01-29 14:59:55 -08:00
Curtis
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name
2019-01-29 14:56:31 -08:00
alwaysjolley
c68a9cf80a
fixing linting issues
2019-01-29 11:10:56 -05:00
alwaysjolley
254a3079f2
fix whitespace
2019-01-29 11:01:55 -05:00
alwaysjolley
b4d1b80e04
Adding support for cfssl auth mode signing
2019-01-29 10:13:44 -05:00
sirferl
c77ccdf46e
Merge branch 'master' into ADCS-plugin
2019-01-28 17:57:46 +01:00
Hossein Shafagh
c47fa0f9a2
adjusting the tests to reflect on the new full year convert limit!
2019-01-24 17:52:22 -08:00
Hossein Shafagh
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
Marti Raudsepp
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
Ronald Moesbergen
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
Ronald Moesbergen
cb35f19d6c
Add 'delete_cert' to enum log_type in logs table
2019-01-21 10:22:03 +01:00
Curtis Castrapel
0336d68ee2
Merge remote-tracking branch 'upstream/master'
2019-01-17 14:56:12 -08:00
Curtis Castrapel
7f88c24e83
Fix LetsEncrypt Dyn flow for duplicate CN/SAN
2019-01-17 14:56:04 -08:00
Hossein Shafagh
d3284a4006
adjusting the query to filter authorities based on matching CN
2019-01-14 17:52:06 -08:00
Curtis Castrapel
3567a768d5
Compare certificate hashes to determine if Lemur already has a synced certificate
2019-01-14 13:35:55 -08:00
Curtis Castrapel
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
Curtis Castrapel
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
Curtis
638a8450a3
Merge branch 'master' into more_retries
2019-01-11 11:25:00 -08:00
Curtis Castrapel
0e02e6da79
Be more forgiving to throttling
2019-01-11 11:13:43 -08:00
sirferl
a1ca61d813
changed a too long comment
2019-01-09 09:50:26 +01:00
sirferl
a43476bc87
minor errors after lint fix
2019-01-07 11:04:27 +01:00
sirferl
054685fc38
Merge branch 'master' into ADCS-plugin
2019-01-07 10:23:18 +01:00
sirferl
c62bcd1456
repaired several lint errors
2019-01-07 10:02:37 +01:00
Marti Raudsepp
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
Curtis
6a31856d0d
Update plugin.py
2018-12-21 12:33:47 -08:00
Curtis
b5d6abb01f
Merge branch 'master' into kubernetes-improvment
2018-12-21 12:06:09 -08:00
Curtis
b7332957e7
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:59:20 -08:00
Curtis
70381c4c89
Merge branch 'master' into kubernetes-fix
2018-12-21 07:44:11 -08:00
Curtis
a14fe08a63
Merge branch 'master' into kubernetes-improvment
2018-12-21 07:42:13 -08:00
Curtis
fb7605e34b
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:41:08 -08:00
Marti Raudsepp
72f6fdb17d
Properly handle Unicode in issuer name sanitization
...
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.
We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
Marti Raudsepp
0f2e30cdae
Deduplicate rows before notification associations unique constraint migration
2018-12-21 12:11:33 +02:00
sirferl
f02178c154
added ADCS issuer and source plugin
2018-12-20 11:54:47 +01:00
Wesley Hartford
fbf48316b1
Minor changes for code review suggestions.
2018-12-18 22:43:32 -05:00
Wesley Hartford
073d05ae21
Merge branch 'kubernetes-fix' into kubernetes-improvment
2018-12-18 22:26:03 -05:00
Wesley Hartford
e7313da03e
Minor changes for code review suggestions.
2018-12-18 22:24:48 -05:00
Curtis
425a07e988
Merge branch 'master' into destination-tpl-fix
2018-12-18 12:27:35 -08:00
Curtis
513e876e2e
Merge branch 'master' into master
2018-12-18 12:18:38 -08:00
Wesley Hartford
bc621c1468
Improve the Kubernetes Destination plugin
...
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.
The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.
The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.
Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl
a50d80992c
updated query to ignore empty parameters
2018-12-12 12:45:48 +01:00
Wesley Hartford
060c78fd91
Fix Kubernetes Destination Plugin
...
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.
The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford
437d918cf7
Fix textarea and validation on destination page
...
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen
dcf5ce0eec
Merge branch 'master' into master
2018-12-07 13:57:59 +01:00
Curtis Castrapel
c32e20b6fc
Fix notifications - Ensure that notifcation e-mails are sent appropriately
2018-12-06 12:25:43 -08:00
Ronald Moesbergen
e0ac749734
When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable")
2018-12-06 16:47:53 +01:00
Curtis Castrapel
2a235fb0e2
Prefer DNS provider with longest matching zone
2018-11-30 12:44:52 -08:00
Curtis Castrapel
a90154e0ae
LetsEncrypt Celery Flow
2018-11-29 09:29:05 -08:00
Curtis Castrapel
39b76d18dc
add countdown to async call
2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb
Add async call to create pending cert when needed
2018-11-28 11:32:52 -08:00
Ronald Moesbergen
da10913045
Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True
2018-11-20 10:37:36 +01:00
Ronald Moesbergen
61839f4aca
Add support for nested group membership in ldap authenticator
2018-11-19 13:42:42 +01:00
Curtis Castrapel
3ce8abe46e
Left outer join on domains tables to avoid missing results
2018-11-13 14:33:17 -08:00
Curtis Castrapel
92a771f5ed
More accurate db count functionality
2018-11-13 09:14:21 -08:00
Curtis
29be647911
Merge branch 'master' into no_csr_reissue
2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
Curtis Castrapel
6f0005c78e
Avoid colliding LetsEncrypt jobs
2018-11-09 10:31:27 -08:00
Curtis Castrapel
1643650685
Changing essential part of query
2018-11-07 16:02:04 -08:00
Curtis Castrapel
08a2a2b0e5
Optimize certificate filtering by name
2018-11-07 15:34:25 -08:00
Curtis Castrapel
a3f96b96ee
Add fixture to failing function
2018-11-05 15:16:09 -08:00
Curtis Castrapel
75183ef2f2
Unpin most dependencies, and fix moto
2018-11-05 14:37:52 -08:00
Curtis Castrapel
61738dde9e
Run query on DB
2018-11-05 13:15:53 -08:00
Curtis Castrapel
52e773230d
Add new gin index to optimize ILIKE queries
2018-11-05 10:29:11 -08:00
Curtis Castrapel
0277e4dc05
get_or_increase_name fix for pendingcertificates
2018-10-29 13:53:30 -07:00
Curtis Castrapel
50761d9d3b
safer reissue, fix celery sync job
2018-10-29 13:22:50 -07:00
Curtis Castrapel
56ed416cb7
Celery task for sync job
2018-10-29 09:10:43 -07:00
Curtis
a8b357965e
Merge branch 'master' into get_by_attributes
2018-10-29 08:15:42 -07:00
Curtis
2138930102
Merge branch 'master' into get_by_attributes
2018-10-24 07:20:46 -07:00
James Chuong
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
Curtis Castrapel
b709eed3c3
Only resolve pending cert if not attempted in last 5 min
2018-10-23 13:08:43 -07:00
Curtis Castrapel
054cc64ee8
Prevent dashes from appearing at end of cert name in AWS
2018-10-23 12:49:58 -07:00
Curtis Castrapel
73ed5164cd
deps
2018-10-22 14:51:13 -07:00
Curtis
b058508478
Merge branch 'master' into get_by_attributes
2018-10-22 09:09:55 -07:00
Curtis Castrapel
e83699b6ae
Add unique constraint to sources table - label column
2018-10-19 15:34:34 -07:00
Non Sequitur
81d114092e
Merge branch 'github' into get_by_attributes
2018-10-17 12:00:36 -04:00
Non Sequitur
48017a9d4c
Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods
2018-10-17 11:42:09 -04:00
Curtis Castrapel
a912c3488d
python fix to retrigger tests
2018-10-12 07:25:58 -07:00
Curtis Castrapel
89a077e54c
minor change to pass stuck github check
2018-10-12 07:14:31 -07:00
Curtis Castrapel
13ef965666
nit: comments
2018-10-12 05:56:14 -07:00
Curtis Castrapel
6073f9e7b6
datetime ref fix
2018-10-12 05:51:30 -07:00
Curtis Castrapel
4b3d458dba
Celery task to delete old pending certs
2018-10-12 05:47:16 -07:00
Curtis Castrapel
cc18a68c00
Lemur LetsEncrypt Polling Support
2018-10-11 22:01:05 -07:00
Curtis Castrapel
e91d8ec81b
add indexes to domains and certificates tables to optimize load time
2018-10-11 11:36:50 -07:00
Non Sequitur
79033f42b4
Merge branch 'master' into improved_verify
2018-10-02 09:19:24 -04:00
Non Sequitur
40f4444099
Flake8 fix in test_verify.py
2018-10-01 22:04:31 -04:00
Curtis Castrapel
56282845fa
Enable optional verisign cloud transparency configuration
2018-10-01 09:20:50 -07:00
Non Sequitur
50919d85a8
Merge remote-tracking branch 'upstream/master' into improved_verify
2018-09-27 11:19:06 -04:00
Mike Culbertson
590fac4aa8
docstring update in verify.py
2018-09-27 10:11:13 -04:00
Mike Culbertson
f19b6382bc
Updated verify tests
2018-09-27 10:10:04 -04:00
Mike Culbertson
11f2210894
Merge branch 'improved_verify' of github.com:explody/lemur into improved_verify
2018-09-27 09:28:45 -04:00
Mike Culbertson
652d7f65dd
flake8 tweak
2018-09-27 09:28:21 -04:00
Curtis Castrapel
563f0fb9b2
Celery refactoring, celery beat job in configuration
2018-09-17 10:52:12 -07:00
Curtis Castrapel
23382b2777
Celery integration
2018-09-13 10:35:54 -07:00
Curtis
c09d8ae630
Merge branch 'master' into fix_import_v1
2018-09-10 10:35:31 -07:00
Curtis Castrapel
7d42e4ce67
Fix certificate import issues
2018-09-10 10:34:47 -07:00
Curtis Castrapel
f6a130b09d
Add more logging to messaging
2018-09-10 09:13:31 -07:00
Curtis
c9836fbf25
Merge branch 'master' into improved_verify
2018-09-06 07:33:55 -07:00
Gus Esquivel
82e69db0c5
fix error message typo
2018-09-04 10:21:34 -05:00
Mike Culbertson
2815ddf6c8
Moved cert object to be passed to both ocsp/crl methods so we can report in better detail on the certs. Ensured proper returns of False (revoked) True (good) None (unknown) throughout the methods.
2018-08-31 13:34:55 -04:00
Mike Culbertson
34c88494b8
More specific exception catch for cert parsing. line shortening.
2018-08-31 12:19:55 -04:00
Mike Culbertson
7dbca821c3
Reducing the stacked exceptions plus a bit of pep8
2018-08-31 12:01:49 -04:00
Curtis Castrapel
d82a615e17
Validate config - fix for issue#1629
2018-08-28 09:15:28 -07:00
Curtis Castrapel
453bb43157
recommit https://github.com/Netflix/lemur/pull/1612
2018-08-27 09:50:02 -07:00
Curtis
1b77dfa47a
Revert "Precommit - Fix linty things"
2018-08-22 13:21:35 -07:00
Curtis Castrapel
3e9726d9db
Precommit work
2018-08-22 10:38:09 -07:00
Curtis Castrapel
6abf274680
Allow case insensitive role matching for cert permissions
2018-08-20 08:55:04 -07:00
Curtis Castrapel
9f64f0523b
Increase timeouts
2018-08-17 15:36:56 -07:00
Curtis Castrapel
43ae6c39e3
wait right here
2018-08-17 12:14:02 -07:00
Curtis Castrapel
7f9a035802
Fix private key bytecode issue
2018-08-17 10:59:01 -07:00
Curtis Castrapel
a6b1f33208
Ensure owner names are lowercase for new / updated certificates
2018-08-17 10:41:55 -07:00
Curtis Castrapel
1ad61b1550
allow null validity periods
2018-08-17 07:57:55 -07:00
Curtis Castrapel
be9d683e46
fix merge
2018-08-16 10:15:48 -07:00
Curtis Castrapel
da99bcda68
Better zone handling
2018-08-16 10:12:19 -07:00
Curtis Castrapel
2c22c9c2f1
Allow proper detection of zones, fix certificate detection
2018-08-14 14:37:45 -07:00
Curtis Castrapel
1a5abe6550
fix lint
2018-08-13 15:11:57 -07:00
Curtis Castrapel
cc836433fb
formatting
2018-08-13 15:06:16 -07:00
Curtis Castrapel
5829794d82
typo fix
2018-08-13 14:25:54 -07:00
Curtis Castrapel
bb026b8b59
Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider
2018-08-13 14:22:59 -07:00
Curtis
ab37189022
Merge branch 'master' into unittests-use-valid-certs
2018-08-07 09:42:39 -07:00
Curtis
cf71f88680
Merge branch 'master' into fill-missing-rotation-policy
2018-08-07 08:23:29 -07:00
Curtis
f9a7b97839
Merge branch 'master' into unittests-use-valid-certs
2018-08-07 07:45:45 -07:00
Cyril Dangerville
2869042f38
Fixed invalid JSON payloads (making API requests fail in particular) ( #1522 )
2018-08-03 15:26:48 -07:00
Marti Raudsepp
82158aece6
Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
...
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.
Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
2018-08-03 20:06:21 +03:00
Marti Raudsepp
1f0f432327
Fix unit tests certificates to have correct chains and private keys
...
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.
The test vector certs were generated using the Lemur "cryptography"
authority plugin.
* Certificates are now more similar to real-world usage: long serial
numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
anything if needed.
2018-08-03 19:45:13 +03:00
Marti Raudsepp
acd2701fa2
Delete dead code in unit tests ( #1510 )
2018-08-03 08:21:55 -07:00
Curtis
025d177565
Merge branch 'master' into letsencrypt_account_support
2018-07-30 15:28:29 -07:00
Curtis Castrapel
44192d4494
remove debug print
2018-07-30 15:27:23 -07:00
Curtis Castrapel
0889076d3b
Support LetsEncrypt accounts
2018-07-30 15:25:02 -07:00
Mike Grima
d6b482755b
Proper flask_restful boolean parsing.
...
This is documented here: https://github.com/flask-restful/flask-restful/issues/488
2018-07-30 13:49:41 -07:00
Curtis Castrapel
caf99d36d6
fix deletion
2018-07-27 15:52:22 -07:00
Curtis Castrapel
e16c1de001
Error logging
2018-07-27 14:17:50 -07:00
Curtis Castrapel
2a6dda07eb
Show and send error for pending certs
2018-07-27 14:15:14 -07:00
Curtis Castrapel
9b29f9f819
Adding pessimistic sqlalchemy disconnection handling
2018-07-23 10:57:22 -07:00
Curtis Castrapel
2f51fea743
no bare except
2018-07-20 13:43:47 -07:00
Curtis Castrapel
c78077d8d6
Explicit capture exception during create failure
2018-07-20 13:43:47 -07:00
Steven Reiling
bd9203fcbc
Adds an optional interval variable to notification service's
...
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
2018-07-20 13:43:47 -07:00
Marti Raudsepp
d071d85486
Clean up module imports
...
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-20 13:43:47 -07:00
Marti Raudsepp
04ee1656ee
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-20 13:43:47 -07:00
root
56372c55b4
initial commit
2018-07-20 13:43:47 -07:00
Marti Raudsepp
149caa5602
Clean up module imports
...
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-12 11:21:18 -07:00
Marti Raudsepp
b472e5e648
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-12 11:21:18 -07:00
Marti Raudsepp
64132ba92b
Expose certificate dateCreated via API
2018-07-12 11:21:18 -07:00
Curtis Castrapel
9ef356f59d
reformat code (noop)
2018-07-12 11:21:17 -07:00
Curtis Castrapel
3397fb6560
R53: Extend only TXT records
2018-06-20 10:33:35 -07:00
Curtis Castrapel
3efc709e03
tests
2018-06-19 21:16:35 -07:00
Curtis Castrapel
dda7f54a16
lint
2018-06-19 20:58:00 -07:00
Curtis Castrapel
2d33d3e2b8
lint
2018-06-19 20:35:00 -07:00
Curtis
d50c9c7748
Merge branch 'master' into acme_validation_dns_provider_option
2018-06-19 16:45:25 -07:00
Curtis Castrapel
a141b8c5ea
Support concurrent issuance in Route53 for LetsEncrypt
2018-06-19 16:27:58 -07:00
Curtis
b2bc431823
Merge branch 'master' into dyn2
2018-06-14 08:06:31 -07:00
Curtis Castrapel
4e72cb96c9
Graceful cancellation of pending cert and order details in log for acme failure
2018-06-14 08:02:34 -07:00
Dmitry Zykov
b99aad743b
remove linuxdst plugin
2018-06-13 15:15:09 -07:00
Curtis Castrapel
135f2b710c
Limit dns queries to 10 attempts
2018-06-13 15:14:48 -07:00
Curtis Castrapel
065e0edc5f
lint
2018-06-13 14:22:45 -07:00
Curtis Castrapel
d72792ff37
Fix unique dyn situation where zone does not match tld, and there's a deeper zone
2018-06-13 14:08:39 -07:00
Curtis
038f5dc554
Merge branch 'master' into linuxdst
2018-06-12 07:40:40 -07:00
Curtis Castrapel
7f5d1a0b6b
sync error
2018-06-11 15:40:15 -07:00
Curtis Castrapel
92860cffca
Default configuration for DNS providers
2018-06-11 13:32:53 -07:00
Curtis
80e3331596
Merge branch 'master' into master
2018-05-30 08:24:00 -07:00
kevgliss
2a3af5214e
Merge branch 'master' into linuxdst
2018-05-29 18:54:37 -07:00
James Chuong
4911d713a5
Fix import metrics in notifications/messaging.py ( #1254 )
...
`from lemur import metrics` is incorrect for notifications/messaging.py
because that is importing the `metrics` module rather than the
instanciated `lemur.extensions.metrics` object. This will cause errors
if you import notifications/messaging.py elsewhere, since it can cause
circular dependencies.
Change-Id: Ice28c480373601420fc83bae2d27bb6467cdb752
2018-05-29 18:54:16 -07:00
Curtis Castrapel
5e24f685c1
lint error
2018-05-29 10:46:24 -07:00
Curtis Castrapel
97d3621705
convert description to TEXT column
2018-05-29 10:23:01 -07:00
Curtis Castrapel
544a02ca3f
Addressing comments. Updating copyrights. Added function to determine authorative name server
2018-05-29 10:23:01 -07:00
Curtis
ae26e44cc2
Merge branch 'master' into master
2018-05-25 11:09:23 -07:00
Curtis Castrapel
b0f9d33b32
Requirements update
2018-05-25 11:07:26 -07:00
Curtis Castrapel
5e3add0b81
docstring
2018-05-24 15:21:38 -07:00
Curtis Castrapel
9fc6c9aaf7
Sort and page
2018-05-24 12:55:52 -07:00
James Chuong
a47b6c330d
Use serial_number instead of serial ( #1251 )
...
* Add code coverage badge to README
* fixing docs (#1231 )
* Change cert.serial to serial_number
This fixes deprecation warning coming from cryptography package about
using cert.serial instead of serial_number.
Change-Id: I252820974c77cc1b80639920a5e8c2e874819dda
2018-05-23 16:04:30 -07:00
Curtis Castrapel
de52fa7f48
fix v1 backwards compatibility
2018-05-16 08:00:33 -07:00
Curtis Castrapel
680f4966a1
acme v2 support
2018-05-16 07:46:37 -07:00
Curtis Castrapel
a9b9b27a0b
fix tests
2018-05-10 12:58:04 -07:00
Curtis Castrapel
52e7ff9919
Allow specification of dns provider name only
2018-05-10 12:58:04 -07:00
Curtis
f4a010e505
Merge branch 'master' into master
2018-05-09 07:52:07 -07:00
Curtis Castrapel
0bd14488bb
Update requirements, handle more lemur_acme exceptions, and remove take a tour button
2018-05-08 15:35:03 -07:00
Curtis Castrapel
6500559f8e
Fix issue with automatically renewing acme certificates
2018-05-08 14:54:10 -07:00
Curtis
642dbd4098
Merge branch 'master' into linuxdst
2018-05-08 12:09:05 -07:00
Curtis Castrapel
a8187d15c6
quick lint
2018-05-08 11:04:25 -07:00
Curtis Castrapel
df5168765b
more tests
2018-05-08 11:03:17 -07:00
kevgliss
c26ae16060
fixing docs ( #1231 )
2018-05-08 10:58:48 -07:00
Curtis Castrapel
9ccb8fb838
Alembic simplification
2018-05-07 15:14:32 -07:00
Curtis Castrapel
e68b3d2cbd
0.7 release
2018-05-07 09:58:24 -07:00
Curtis Castrapel
1be3f8368f
dyn support
2018-05-04 15:01:01 -07:00
Curtis Castrapel
3e64dd4653
Additional work
2018-05-04 15:01:01 -07:00
Curtis
74ca13861c
Merge branch 'master' into master
2018-04-27 11:19:23 -07:00
Curtis Castrapel
532872b3c6
dns_provider ui
2018-04-27 11:18:51 -07:00
Zach Seils
0579b2935c
Print variable value instead of name ( #1227 )
...
* Print variable value instead of name
* Fixed ordering and variable name for stdout string
2018-04-26 09:39:42 -07:00
Curtis
c5cb01bd33
Merge branch 'master' into master
2018-04-26 09:16:31 -07:00
Curtis Castrapel
efd5836e43
fix test
2018-04-26 09:04:13 -07:00
Curtis Castrapel
f0f2092fb4
Some unit tests
2018-04-25 11:19:34 -07:00
kevgliss
e09b7eb978
Selectively enable CORS. ( #1220 )
2018-04-24 17:10:38 -07:00
Zach Seils
3e5db9eedb
Check for default rotation policy before updating db ( #1223 )
2018-04-24 16:55:26 -07:00
Zach Seils
91500d1022
Minor comment & stdout corrections ( #1225 )
2018-04-24 16:53:51 -07:00
Curtis Castrapel
38b8df4a07
lint
2018-04-24 09:48:14 -07:00
Curtis Castrapel
7704f51441
Working acme flow. Pending DNS providers UI
2018-04-24 09:38:57 -07:00
Curtis
81e349e07d
Merge branch 'master' into hackday
2018-04-23 10:11:49 -07:00
Curtis Castrapel
44e3b33aaa
More stuff. Will prioritize this more next week
2018-04-20 14:49:54 -07:00
Curtis Castrapel
fbce1ef7c7
temp digicert fix
2018-04-13 15:50:55 -07:00
Curtis Castrapel
309d10c4e2
stuff
2018-04-13 15:50:55 -07:00
Curtis Castrapel
4d05a09a20
fix_changes
2018-04-13 15:50:55 -07:00
Curtis Castrapel
3538f1a629
fix_errors
2018-04-13 15:50:55 -07:00
Curtis Castrapel
993958c356
up-reqs
2018-04-13 15:50:55 -07:00
Curtis Castrapel
2d6d2357b5
DNS Providers list returned
2018-04-13 15:50:55 -07:00
Curtis Castrapel
a66d85b63d
clean up a bit
2018-04-13 15:50:55 -07:00
Curtis Castrapel
b0bd0435c4
more stuff
2018-04-13 15:50:54 -07:00
Curtis Castrapel
b2e6938815
WIP: Add support for Acme/LetsEncrypt with DNS Provider integration
2018-04-13 15:50:54 -07:00
Curtis Castrapel
5dd03098e5
actually update deps
2018-04-13 15:50:53 -07:00
Curtis Castrapel
c03133622f
Correct validities
2018-04-13 15:18:17 -07:00
Curtis Castrapel
8303cfbd2b
Fix datetime
2018-04-13 14:53:45 -07:00
Curtis
3ef550f738
Merge branch 'master' into hackday
2018-04-12 12:49:52 -07:00
Curtis Castrapel
f6fd262618
DNS Providers list returned
2018-04-11 15:56:00 -07:00
Curtis Castrapel
5125990c4c
clean up a bit
2018-04-11 07:48:04 -07:00
Will Bengtson
52cb145333
ecc: add the support for ECC ( #1191 )
...
* ecc: add the support for ECC
update generate_private_key to support ECC. Move key types to constant. Update UI for the new key types
* ecc: Remove extra line to fix linting
* ecc: Fix flake8 lint problems
* Update options.tpl.html
2018-04-10 16:54:17 -07:00
Curtis Castrapel
5beb319b27
more stuff
2018-04-10 16:04:07 -07:00
kevgliss
12622d5847
Adding metrics for request timings. ( #1190 )
2018-04-10 15:55:02 -07:00
Mihir Jham
a9baaf4da4
add(plugins): Added a statsd plugin for lemur ( #1189 )
2018-04-10 15:15:03 -07:00
Curtis Castrapel
f61098b874
WIP: Add support for Acme/LetsEncrypt with DNS Provider integration
2018-04-10 14:28:53 -07:00
Will Bengtson
8ca4f730e8
lemur_digicert: Do not truncate valid_to anymore ( #1187 )
...
* lemur_digicert: Do not truncate valid_to anymore
The valid_to field for Digicert supports YYYY-MM-DDTHH:MM:SSZ so we should stop truncating
* lemur_digicert: Update unit tests for valid_to
2018-04-10 13:23:09 -07:00
Marti Raudsepp
8e2b2123f1
Fix filtering on boolean columns, broken with SQLAlchemy 1.2 upgrade
...
SQLAlchemy 1.2 does not allow comparing string values to boolean
columns. This caused errors like:
sqlalchemy.exc.StatementError: (builtins.TypeError) Not a boolean value: 'true'
For more details see http://docs.sqlalchemy.org/en/latest/changelog/migration_12.html#boolean-datatype-now-enforces-strict-true-false-none-values
2018-04-09 18:59:23 +03:00
Dmitry Zykov
28614b5793
remove linuxdst plugin
2018-04-04 14:49:25 +03:00
Dmitry Zykov
4a0103a88d
SFTP destination plugin ( #1170 )
...
* add sftp destination plugin
2018-04-03 10:30:19 -07:00
Curtis
259800ce35
Merge branch 'master' into issue_1089
2018-03-29 08:48:52 -07:00
Curtis Castrapel
b814a4f009
Remove get_pending_certificates from verisign issuer
2018-03-28 08:56:28 -07:00
Curtis Castrapel
c3a2781507
Allow quotes for exact match
2018-03-28 08:33:43 -07:00
iTitou
a316cbba73
[add] Docs and default config for metric plugins ( #1148 )
2018-03-27 15:51:32 -07:00
Curtis Castrapel
844202f36b
check if user active properly
2018-03-26 13:14:22 -07:00
kevgliss
c51fed5307
allowing null basic contraints ( #1131 )
2018-03-23 11:38:47 -07:00
kevgliss
db746f1296
Adds support for CDLDistributionPoints. ( #1130 )
2018-03-23 08:51:18 -07:00
Curtis Castrapel
e15836e9ca
Update more dependencies. Remove hashes
2018-03-21 14:48:51 -07:00
Curtis Castrapel
d67542d7f5
actually update deps
2018-03-21 12:46:30 -07:00
Curtis Castrapel
4087f1c03b
Update auth keys, change python version to satisfy tests
2018-03-21 11:57:19 -07:00
iTitou
bbacb7e210
[fix] No internal server error when trying to Google Auth an unregistered user ( #1109 )
2018-03-21 11:57:19 -07:00
cjwaian
19cf8f6bdd
Remove non-ASCII character ( #1104 )
2018-03-21 11:57:19 -07:00
Curtis Castrapel
74a516cde0
nt
2018-03-16 14:15:03 -07:00
Curtis Castrapel
58da68d72f
Revert "Requirements and Elasticsearch logging configuration"
...
This reverts commit c08d3dd82f
.
2018-03-16 14:10:12 -07:00
Curtis Castrapel
c7ca3949f6
info level, and new variable name
2018-03-16 11:55:53 -07:00
Curtis Castrapel
bbf5e95186
fix unusued import
2018-03-16 10:07:47 -07:00
Curtis
462e757f92
Merge branch 'master' into requirements_logging
2018-03-16 08:51:25 -07:00
Curtis Castrapel
c08d3dd82f
Requirements and Elasticsearch logging configuration
2018-03-16 08:36:10 -07:00
Curtis Castrapel
18c64fafe4
address comment
2018-02-27 12:34:18 -08:00
Curtis Castrapel
77a1600c13
Fix cloned notifications
2018-02-27 10:57:43 -08:00
Curtis Castrapel
5fe28f6503
Description modification
2018-02-26 12:37:31 -08:00
Curtis Castrapel
1f641c0ba6
Description modification
2018-02-26 12:36:40 -08:00
Curtis Castrapel
cca3797669
comments on alembic changes. resolve invalid usage of log_service.create
2018-02-26 12:08:31 -08:00
Curtis Castrapel
a28fdac242
fix pending cert db changes
2018-02-26 09:43:08 -08:00
Curtis
7032abf2e7
Merge branch 'master' into unq-const
2018-02-26 08:03:31 -08:00
Curtis Castrapel
9e8fa5827d
unq constraint
2018-02-24 23:15:39 -08:00
Harm Weites
5d18838868
Use Cloudflare as DNS provider for LE certs ( #945 )
...
* Use Cloudflare as DNS provider for LE certs
* Better handle dns_provider plugins
2018-02-22 08:17:28 -08:00
James Chuong
2578970f7d
Async Certificate Issuing using Pending Certificates ( #1037 )
...
* Add PendingCertificate model
This change creates a DB table called pending_certificates and
associated mapping relationship tables from pending certificate to
roles, rotation policy, destination, sources, etc.
The table is generated on initialization of Lemur. A pending
certificate holds most of the information of a Certificate, while it has
not be issued so that it can later backfill the information when the CA
has issued the certificate.
Change-Id: I277c16b776a71fe5edaf0fa0e76bbedc88924db0
Tickets: PBL-36499
* Create a PendingCertificate if cert is empty
IssuePlugins should return empty cert bodies if the request failed to
complete immediately (such as Digicert). This way, we can immediately
return the certificate, or if not just place into PendingCertificates
for later processing.
+ Fix relation from Certificate to Pending Certificate, as view only.
There is no real need for anything more than that since Pending cert
only needs to know the cert to replace when it is issued later.
+ Made PendingCertificate private key be empty: UI does not allow
private key on 'Create' but only on 'Import'. For Instart, we require
the private key but upstream does not necessarily need it. Thus, if
someone at Instart wants to create a CSR / key combo, they should
manually issue the cert themselves and import later. Otherwise you
should let Lemur generate that. This keeps the workflow transparent for
upstream Lemur users.
Change-Id: Ib74722a5ed5792d4b10ca702659422739c95ae26
Tickets: PBL-36343
* Fix empty private_key when create Pending Cert
On creation of a certificate with a CSR, there is no option for private
key. In this case, we actually have a dictionary with private_key as
key, but the value is None. This fixes the strip() called on NoneType.
Change-Id: I7b265564d8095bfc83d9d4cd14ae13fea3c03199
Tickets: PBL-36499
* Source sync finds and uses pending certificate
When a source syncs certificates, it will check for a pending
certificate. If that is found via external_id (given by digicert as
order_id) then it will use the found Pending Certificate's fields to
create a new certificate. Then the pending certificate is deleted.
Tickets: PBL-36343
Change-Id: I4f7959da29275ebc47a3996741f7e98d3e2d29d9
* Add Lemur static files and views for pending certs
This adds the basic static files to view pending certificates in a
table.
Tickets: PBL-36343
Change-Id: Ia4362e6664ec730d05d280c5ef5c815a6feda0d9
* Add CLI and plugin based pending fetch
This change uses the adds a new function to issuer plugins to fetch
certificates like source, but for one order. This way, we can control
which pending certificates to try and populate instead of getting all
certificates from source.
Tickets: PBL-36343
Change-Id: Ifc1747ccdc2cba09a81f298b31ddddebfee1b1d6
* Revert source using Pending Certificate
Tickets: PBL-36343
Change-Id: I05121bc951e0530d804070afdb9c9e09baa0bc51
* Fix PendingCertificate init getting authority id
Should get authority id from authority.id instead of the authority_id
key in kwargs.
Change-Id: Ie56df1a5fb0ab2729e91050f3ad1a831853e0623
Tickets: n/a
* Add fixtures and basic test for PendingCertificate
Change-Id: I4cca34105544d40dac1cc50a87bba93d8af9ab34
Tickets: PBL-36343
* Add User to create_certificate parameters
create_certificate now takes a User, which will be used to populate the
'creator' field in certificates.service.upload(). This allows the UI
populate with the current user if the owner does not exist in Lemur.
+ Fix chain being replaced with version from pending certificate, which
may be empty (depends on plugin implementation).
Change-Id: I516027b36bc643c4978b9c4890060569e03f3049
Tickets: n/a
* Fix permalink and filters to pending certs
Fixes the permalink button to get a single pending certificate
Add argument filter parsing for the pending certificate API
Fix comment on API usage
Added get_by_name for pending_certificate (currently unused, but useful
for CLI, instead of using IDs)
Change-Id: Iaa48909c45606bec65dfb193c13d6bd0e816f6db
Tickets: PBL-36910
* Update displayed fields for Pending Certificates
There are a number of unused / unpopulated fields from Certificate UI
that does apply to Pending Certificates. Those ones were removed, and
added other useful fields:
Owner, number of attempts to fetch and date created
Change-Id: I3010a715f0357ba149cf539a19fdb5974c5ce08b
Tickets: PBL-36910
* Add common name (cn) to Pending Certificate model
Fixes the UI missing the CN for Pending Certificate, as it was
originally being parsed from the generated certificate. In the case of
pending certificate, the CN from the user generates the request, which
means a pending cert can trust the original user putting in the CN
instead of having to parse the not-yet-generated certificate. There is
no real possibility to return a certificate from a pending certificate
where the CN has changed since it was initially ordered.
Change-Id: I88a4fa28116d5d8d293e58970d9777ce73fbb2ab
Tickets: PBL-36910
* Fix missing imports for service filter
+ Removed duplicate get_by_name function from old merge
Change-Id: I04ae6852533aa42988433338de74390e2868d69b
Tickets: PBL-36910
* Add private key viewing to Pending Certificates
Add private key API for Pending Certificates, with the same
authorization as Certificates (only owner, creator or owner-roles can
view private key).
Change-Id: Ie5175154a10fe0007cc0e9f35b80c0a01ed48d5b
Tickets: PBL-36910
* Add edit capability to pending certificates
Like editing certificates, we should be able to modify some parts of a
pending certificate so the resulting certificate has the right
references, owner, etc.
+ Added API to update pending certificate
+ Fix UI to use pending certificate scope instead of reusing Certificate
+ Change pending_certificate.replaces to non-passive association, so
that updates do affect it (similar to roles/notifications/etc)
Tickets: PBL-36910
Change-Id: Ibbcb166a33f0337e1b14f426472261222f790ce6
* Add common_name parsing instead using kwargs
To fix tests where common name may not be passed in, use the CSR
generated to find the official common name.
Change-Id: I09f9258fa92c2762d095798676ce210c5d7a3da4
Tickets: PBL-36343
* Add Cancel to pending certificates and plugins
This allows pending certificates to be cancelled, which will be handled
by the issuer plugin.
Change-Id: Ibd6b5627c3977e33aca7860690cfb7f677236ca9
Tickets: PBL-36910
* Add API for Cancelling Pending Certificate
Added the DELETE handler for pending_certificates, which will cancel and
delete the pending certificate from the pending certs table on
successful cancellation via Issuer Plugin.
+ Add UT for testing cancel API
Change-Id: I11b1d87872e4284f6e4f9c366a15da4ddba38bc4
Tickets: PBL-36910
* Remove Export from Pending Certificates
Pending Certificates doesn't need an export since it should just be
fetched by Lemur via plugins, and the CSR is viewable via the UI.
Change-Id: I9a3e65ea11ac5a85316f6428e7f526c3c09178ae
Tickets: PBL-36910
* Add cancel button functionality to UI
This adds the Cancel option to the dropdown of pending certificates.
+ Adds modal window for Note (may not be required for all issuers, just
Digicert)
+ Add schema for cancel input
+ Fix Digitcert plugin for non-existant orders
When an order is actually issued, then attempting to cancel will return
a 403 from Digicert. This is a case where it should only be done once
we know the pending cert has been sitting for too long.
Change-Id: I256c81ecd142dd51dcf8e38802d2c202829887b0
Tickets: PBL-36910
* Fix test_pending_cancel UT
This change creates and injects a pending cert, which will then be used
for the ID so it can be canceled by the unit test.
Change-Id: I686e7e0fafd68cdaeb26438fb8504d79de77c346
Tickets: PBL-36343
* Fix test_digicert on non-existent order
cancelling a non-existent order is fine since we're cancelling it
Change-Id: I70c0e82ba2f4b8723a7f65b113c19e6eeff7e68c
Tickets: PBL-36343
* Add migrations for PendingCertificates
Added revision for Pending Certificates table and foreign key mapping
tables.
Change-Id: Ife8202cef1e6b99db377851264639ba540b749db
Tickets: n/a
* Fix relationship copy from Pending to Certificate
When a Pending Certificate is changed to a full Certificate, the
relationship fields are not copied via vars() function, as it's not a
column but mapped via association table. This adds an explicit copy for
these relations. Which will properly copy them to the new Certificate,
and thus also update destinations.
Change-Id: I322032ce4a9e3e67773f7cf39ee4971054c92685
Tickets: PBL-36343
* Fix renaming of certificates and unit tests
The rename flag was not used to rename certificates on creation as
expected.
Fixed unit test, instead of expunging the session, just copy the
pending_certificate so we don't have a weird reference to the object
that can't be copied via vars() function.
Change-Id: I962943272ed92386ab6eab2af4ed6d074d4cffa0
Tickets: PBL-36343
* Updated developer docs for async certs
Added blurb for implementing new issuer functions.
Change-Id: I1caed6e914bcd73214eae2d241e4784e1b8a0c4c
Tickets: n/a
2018-02-22 08:13:16 -08:00
pincushionman
f44fe81573
fix for https://github.com/Netflix/lemur/issues/1045 ( #1056 )
2018-02-20 08:28:11 -08:00
Curtis
f262c93912
Option to suppress SSL errors ( #1044 )
2018-01-17 09:17:03 -08:00
James Chuong
763c5e8356
Add DIGICERT_ORDER_TYPE to Digicert plugin ( #1025 )
...
* Add DIGICERT_ORDER_TYPE to Digicert plugin
This allows lemur.conf.py to control which kind of certificate to
order. User defined options are not currently supported in the the UI,
so we cannot create multiple Digicert authorities at runtime for
separate certificate types.
Change-Id: I06c216ec3c476e0001b240530626a86464be999e
* Fix Mock URL for Digicert test
Change-Id: Ida7c0ed1bd120c9024bea091c03b7d1ecfa66498
* Add documentation for DIGICERT_ORDER_TYPE
Change-Id: I0bc347883b628416eb7f13a7c60c937dcb6ae0c2
2018-01-13 18:06:17 -08:00
James Chuong
050295ea20
Fix DigiCert issuer plugin revoke URL ( #1041 )
...
The URL for revoking DigiCert certificates was incorrect.
Change-Id: I39fb7d290a2a649ab08a47e7dcbe18a8c0bd8a59
2018-01-11 17:12:21 -08:00
kevgliss
eea413a90f
Modifying the way we report metrics. Relying on metric tags instead of the the metric name for additional dimensions. ( #1036 )
2018-01-02 15:26:31 -08:00
kevgliss
8cad2f9f56
Version bump. ( #1034 )
2018-01-02 14:08:56 -08:00
kevgliss
64ac32f683
6.0 release. ( #1033 )
2018-01-02 14:03:38 -08:00
Marti Raudsepp
1287c3dc4a
CRL verify: handle "Remove from CRL" status as not revoked ( #1028 )
...
Per RFC 5280 section 6.3.3 (k):
https://tools.ietf.org/html/rfc5280#section-6.3.3
2018-01-02 13:39:02 -08:00
Marti Raudsepp
99b10c436a
CRL verify: skip unknown URI schemes like ldap:// and add unit tests ( #1027 )
2018-01-02 13:11:17 -08:00
kevgliss
9a0ada75fa
Upgrading satellizer library. ( #1031 )
2018-01-02 09:12:06 -08:00
kevgliss
848ce8c978
Refactoring authentincation to support GET and POST requests. Closes #990 . ( #1030 )
2018-01-01 19:11:29 -08:00
Zach Seils
7b8df16c9e
Fix typo in default SSH key path. ( #1026 )
2017-12-20 09:09:56 -08:00
Marti Raudsepp
7a84f38db9
Don't write files from the test suite ( #1020 )
...
The lemur_email.tests.test_render test would fail when running unittests
from a read-only source tree.
2017-12-12 10:14:39 -08:00
Marti Raudsepp
ba4de07ad8
Improve certificate details view, make information more concise ( #1021 )
...
The "Description" field can now display multi-line text content.
The "Authority" field now displays the authority name in Lemur (if
known) as well as issuer's name. For imported certs, "Imported" is
displayed.
2017-12-12 09:49:30 -08:00
Marti Raudsepp
b2d87940d6
Allow sorting and filtering by camelCase field names ( #1019 )
...
The API exposes camelCase field names everywhere, but only accepted
underscore_field_names in 'filter' or 'sort' GET attributes. Now both
are allowed.
2017-12-12 09:44:53 -08:00
Eric
6edc5180c7
fix roles assigned in the ui for sso ( #1017 )
...
This commit fixes the ability to assign roles to people in the ui
when the user is SSO. The idea is if a role is ever assigned via
SSO it becomes a "SSO Role" or a "Third Party" Role. by setting
third_party to true on the role object.
Once a role is marked as third party it can no longer be controlled
through the ui for SSO Users. (for ui users this poses no functional
change). It must be controlled via SSO.
2017-12-11 13:51:45 -08:00
Marti Raudsepp
e1f241bd55
Don't send notifications that are marked inactive ( #1015 )
...
Apparently previously Lemur ignored the "active" flag of notifications.
2017-12-06 08:32:24 -08:00
kevgliss
ad88637f22
Adding some niceties around the way users are associated with tokens. ( #1012 )
...
* Adding some niceties around the way users are associated with tokens.
- Includes user typeahead
- Tooltips
- User information displayed in table
- Default to current user when no user is passed
2017-12-05 10:57:17 -08:00
kevgliss
a756a74b49
Ensures we can get multiple endpoints with the same name but different ports. ( #1011 )
2017-12-04 13:13:02 -08:00
kevgliss
ecc0934657
Adding cli command to clear out pending symantec certificates. ( #1009 )
2017-12-04 10:04:12 -08:00
Eric
c402f1ff87
add per user api keys to the backend ( #995 )
...
Adds in per user api keys to the backend of lemur.
the basics are:
- API Keys are really just JWTs with custom second length TTLs.
- API Keys are provided in the exact same ways JWTs are now.
- API Keys can be revoked/unrevoked at any time by their creator
as well as have their TTL Change at anytime.
- Users can create/view/list their own API Keys at will, and
an admin role has permission to modify all api keys in the
instance.
Adds in support for lemur api keys to the frontend of lemur.
doing this required a few changes to the backend as well, but it is
now all working (maybe not the best way though, review will determine
that).
- fixes inconsistency in moduleauthor name I inputted during the
first commit.
- Allows the revoke schema to optionally allow a full api_key object.
- Adds `/users/:user_id/api_keys/:api_key` and `/users/:user_id/api_keys`
endpoints.
- normalizes use of `userId` vs `userId`
- makes `put` call respond with a JWT so the frontend can show
the token on updating.
- adds in the API Key views for clicking "API Keys" on the main nav.
- adds in the API Key views for clicking into a users edit page.
- adds tests for the API Key backend views I added.
2017-12-04 08:50:31 -08:00
Johannes Langer
5ac3ecb85e
Added revoke support to cfssl plugin ( #1007 )
...
* Added revoke support to cfssl plugin
2017-11-29 14:33:22 -08:00
kevgliss
c2b2ce1f11
Allowing the export of CAs that don't have a chain. ( #1000 )
2017-11-21 11:42:23 -08:00
kevgliss
cecfe47540
Adding the ability to revoke enmasse ( #999 )
2017-11-21 09:36:10 -08:00
James Chuong
4b544ae207
CSR Export Plugin ( #988 )
...
This plugin allows a certificate to be exported as a CSR via OpenSSL
x509. The workflow will be:
* Create self-signed cert via Cryptography authority
* Export CSR via this plugin
* Sign your own cert outside of Lemur
* Import new cert with private key
Change-Id: Id3f7db2506bd959236cd3a6df622841058abda5a
2017-11-14 10:11:06 -08:00
kevgliss
e30e17038b
Removing unused import. ( #989 )
2017-11-14 09:24:26 -08:00
Daniel Pramann
7e2c16ee38
Fixes for using ACME with Route53 ( #986 )
...
* Changes required for functional Route53 operations
* Changes required for functional ACME operations with Route53
* Changes required for functional ACME operations with Route53, need external ID
2017-11-13 10:19:54 -08:00
Johannes Langer
041f3a22fa
Added ability to set custom roles for users logging in via oauth provider ( #985 )
2017-11-10 08:38:33 -08:00
kevgliss
f990ef27cf
Adding sentry tracking to issued with certificate deployment. ( #978 )
2017-10-26 15:21:13 -07:00
kevgliss
d4209510c2
Adding some additional exception capturing during certificate parsing. ( #976 )
2017-10-25 08:19:07 -07:00
kevgliss
620e279453
Caa ( #975 )
...
* Adding verisign error code for a CAA failure.
* Tweaking error msg.
2017-10-24 14:46:33 -07:00
kevgliss
bbf73c48a3
Adding health exception tracking. ( #977 )
2017-10-24 14:04:51 -07:00
Johannes Langer
9319dda0ec
Added ability to ignore cert for oauth2 provider ( #971 )
...
* Added ability to ignore cert for oauth2 provider
This is useful for development environments where the OAuth provider
doesn't have a valid cert!
* Setting default for OAUTH2_VERIFY_CERT to true
2017-10-20 16:36:14 -07:00
kevgliss
14f5340802
During higher loads, retrying the connection attempt is often required for the CIS api. ( #972 )
2017-10-12 10:37:58 -07:00
kevgliss
0152985e64
Adding serial numbers when certificates with the same name are encoun… ( #970 )
...
* Adding serial numbers when certificates with the same name are encountered.
2017-10-11 13:20:19 -07:00
kevgliss
e43268f585
Source plugin ( #965 )
...
* Ensure that None values aren't passed.
2017-10-09 10:37:44 -07:00
kevgliss
7ef788752e
Source plugin ( #964 )
...
* Another minor fix.
2017-10-06 17:39:31 -07:00
kevgliss
b66d7ce1fd
Source plugin ( #963 )
...
* Ensuring that we have default options for source plugins.
* Handle duplicate serials. Serials are not unique across issuers.
* Minor fix.
2017-10-06 13:22:03 -07:00
kevgliss
dc34652efd
Source plugin ( #962 )
...
* Ensuring that we have default options for source plugins.
* Handle duplicate serials. Serials are not unique across issuers.
2017-10-06 08:49:05 -07:00
kevgliss
e0d2fb0de1
Ensuring that we have default options for source plugins. ( #961 )
2017-10-05 17:27:45 -07:00
kevgliss
e0d9443141
Ensuring existing users are also given the default role. ( #960 )
2017-10-05 16:47:52 -07:00
kevgliss
a6305a5cae
Adding Digicert CIS Sourceplugin ( #959 )
...
* Adding necessary features to complete backfill
* Fixing pagination logic.
2017-10-04 16:56:01 -07:00
kevgliss
9e2578be1e
Adding necessary features to complete backfill ( #958 )
2017-10-04 14:57:57 -07:00
kevgliss
09b8f532a7
Adding cli to mass revoke certificates. ( #955 )
2017-10-03 10:51:53 -07:00
kevgliss
e0939a2856
Adding some default data to put. ( #950 )
2017-09-29 14:49:07 -07:00
kevgliss
90f4b458e3
Adding the lemur identity to be able to re-issue certificates. ( #949 )
2017-09-29 14:07:40 -07:00
kevgliss
f5213deb67
Removing revocation comments for now. ( #947 )
2017-09-29 10:53:15 -07:00
kevgliss
bb08b1e637
Initial work allowing certificates to be revoked. ( #941 )
...
* Initial work allowing for certificates to be revoked.
2017-09-28 18:27:56 -07:00
Marti Raudsepp
54ff4cddbf
Disallow issuing certificates from inactive authority ( #936 )
2017-09-25 15:34:49 -07:00
Marti Raudsepp
645641f4bd
Avoid redundant key_view log entries ( #937 )
...
Don't re-request private key when it's already loaded in frontend.
2017-09-25 15:34:07 -07:00
Marti Raudsepp
97d83890e0
Various minor cleanups and fixes ( #938 )
...
* Documentation fixes
* Various docstring and help string fixes
* Minor code cleanups
* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
2017-09-25 15:33:42 -07:00
Marti Raudsepp
ec5dec4a16
Add option to disable owner email address in CSR subject ( #939 )
2017-09-25 15:32:08 -07:00
Horatiu Eugen Vlad
f766871824
Create default rotation policy with name ( #924 )
2017-09-18 09:09:59 -07:00
Rick Breidenstein
fc9b1e5b12
server_default from "False" to sa.false() ( #913 )
2017-09-11 09:19:19 -07:00
Marti Raudsepp
dafed86179
Improve certificate name normalization: remove Unicode characters, etc. ( #906 )
...
* Accented characters are replaced with non-accented version (ä -> a)
* Spaces are replaced with '-' (previously they were removed)
* Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 10:52:22 -07:00
Ian Stahnke
79d12578c7
basic ldap support ( #842 )
2017-09-03 20:41:43 -07:00
kevgliss
ff87c487c8
It's too expensive to attempt to load all certificates associated with a given notification. Some queries such as default
are associated with a large number of certificates. We have little control over when these objects are loaded, but when marshalled they are lazyloaded via SQLAlachemy. If a user needs to get all the certificates associated with a certificate they should use the /notifications/<id>/certificates endpoints that support pagination. ( #891 )
2017-08-28 17:57:39 -07:00
Marti Raudsepp
82b43b5a9d
Create signal hooks and handler for dumping CSR and certificate details ( #882 )
2017-08-28 17:35:56 -07:00
Marti Raudsepp
bb1c339655
Fix ability to remove all roles from authority ( #880 )
2017-08-28 17:35:01 -07:00
Marti Raudsepp
e7efaf4365
Prevent creation of empty SubjAltNames extension in CSR ( #883 )
2017-08-18 09:10:56 -07:00
Marti Raudsepp
c6d76f580e
Disable unused Flask Principal sessions ( #881 )
...
Lemur uses its own auth token for authentication; logging out doesn't
properly dispose of the Flask Principal session.
2017-08-17 09:24:35 -07:00
Marti Raudsepp
941df0366d
Fix roles display on user screen and fix removing user roles ( #879 )
2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52
Reworked sensitive domain name and restriction logic ( #878 )
...
* This is a fix for a potential security issue; the old code had edge
cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
be valid domain names.
2017-08-16 19:24:49 -07:00
Marti Raudsepp
cf805f530f
Prevent unintended access to sensitive fields (passwords, private keys) ( #876 )
...
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.
The filter() function allowed guessing the content of password hashes
one character at a time.
The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Rick Breidenstein
f5e120ad2e
Update readme.txt ( #869 )
2017-08-04 12:42:27 -07:00
kevgliss
f5082e2d3a
Starting transition away from not_before and not_after. ( #854 )
2017-07-14 09:24:59 -07:00
kevgliss
61c493fc91
Adding additional failure conditions to sentry tracking. ( #853 )
...
* Adding additional failure conditions to sentry tracking.
* Removing sentry extension as a circular import.
2017-07-13 14:49:04 -07:00
kevgliss
6779e19ac9
Adding enum migration. ( #852 )
2017-07-13 13:12:53 -07:00
kevgliss
443eb43d1f
Adding the ability to specify a per-certificate rotation policy. ( #851 )
2017-07-12 16:46:11 -07:00
Paul Van de Vreede
53113e5eeb
Add auditing for creating or updating a cert. ( #845 )
2017-07-04 06:39:16 -07:00
kevgliss
169dcb86e2
supporting the ability to push exceptions to sentry ( #843 )
2017-06-29 14:12:38 -07:00
Ian Stahnke
e4f5224f42
set ses email content type to utf-8 instead of string ( #841 )
2017-06-28 09:44:19 -07:00
kevgliss
98907e66e9
Minor fixes to S3.put signature ( #840 )
2017-06-27 16:18:34 -07:00
kevgliss
c05343d58e
Adds the ability for destination plugins to be sub-classed from Expor… ( #839 )
...
* Adds the ability for destination plugins to be sub-classed from ExportDestination. These plugins have the extra option of specifying an export plugin before the destination receives the data. Closes #807 .
* fixing tests
2017-06-26 12:03:24 -07:00
Paul Borg
541fbc9a6d
Use named kwargs rather than args when calling s3 put ( #830 )
2017-06-20 11:28:19 -07:00
Asbjørn Kjær
35cc7ef8d7
Adding support for private DigiCert certificates ( #835 )
2017-06-14 09:20:24 -07:00
Asbjørn Kjær
e77382864b
Fixing KeyError on error handling ( #834 )
2017-06-14 09:07:27 -07:00
kevgliss
d4d6d832b1
Fixing audit filtering and sorting. ( #827 )
2017-06-02 09:07:22 -07:00
kevgliss
9c92138f2d
Fixing autorotation failures. ( #825 )
...
* Fixing issue with auto rotation failing due to a change in the way certificate data is serialized.
2017-06-02 08:59:42 -07:00
kevgliss
5a4806bc43
Allowing description to be optional. ( #826 )
2017-06-01 17:09:04 -07:00
kevgliss
07969f7e10
Ensuring IPAddresses and IPNetworks are correctly serialized. ( #818 )
2017-05-26 10:48:26 -07:00
Michael LoSapio
3141b47fba
Catch OAuth providers that want the params sent as data ( #800 )
2017-05-25 10:21:29 -07:00
kevgliss
21d48b32c9
Fixing an issue with uploading to cloudfront. ( #815 )
2017-05-25 10:10:12 -07:00
kevgliss
11bd42af82
Correct status code for basic-auth ( #813 )
...
* ensuring those using basic auth recieve a correct status code when their password is incorrect
* Fixing oauth status codes
2017-05-23 09:48:31 -07:00
Paul Borg
f6b5012f56
Add Check of DB connections on healthcheck URL ( #812 )
2017-05-22 17:15:41 -07:00
kevgliss
f9b388c658
Modifying the was s3 uploading works. ( #810 )
...
* Modiying the was s3 uploading works.
* Fixing pep8
2017-05-20 12:07:44 -07:00
kevgliss
4093f4669a
Switching remaining uses of boto to boto3. ( #809 )
2017-05-20 11:09:55 -07:00
kevgliss
9594f2cd8d
Upgrading moto and fixing test that break due to deprecation. ( #808 )
...
* Upgrading moto and fixing test that break due to deprecation.
* Adding region.
2017-05-20 10:40:22 -07:00
kevgliss
380203eb53
Adding the ability to upload to cloudfront via the 'path' parameter. Cloudfront destinations must be created separately. ( #805 )
...
Closes #277
2017-05-18 13:49:17 -07:00
kevgliss
307a73c752
Fixing some confusion between 401 vs 403 error code. 401 indicates that the user should attempt to authenticate again. Where as 403 indicates the user is authenticated but not allowed to complete an action. ( #804 )
...
Closes #767
2017-05-18 13:20:17 -07:00
kevgliss
3050aca3e6
Minor fixes to the domains UI. ( #798 )
...
* Fixes checkbox input.
* Fixes notification message.
2017-05-15 19:14:12 -07:00
kevgliss
8c41c6785d
Fixes issue where domains without any associated certificates are not searchable. ( #797 )
2017-05-15 19:07:32 -07:00
kevgliss
092ce0f9d8
Closes #792 . ( #796 )
2017-05-15 19:07:16 -07:00
kevgliss
914de78576
Adds migration to fix keys on unique index. Closes #743 . ( #785 )
2017-05-10 12:13:42 -07:00
kevgliss
ecf00fe9d6
Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. ( #784 )
2017-05-10 12:05:03 -07:00
Michael Treacher
c71b3a319d
Log the audit logs ( #781 )
2017-05-08 09:43:26 -07:00
Michael Treacher
767147aef1
Check for unknown as status is no longer represented as a boolean ( #780 )
2017-05-08 09:43:19 -07:00
Michael Treacher
ce5a45037a
Fix for status representation in the view ( #778 )
2017-05-05 11:04:40 -07:00
kevgliss
9c9ca37586
Enabling hex serial numbers without breaking backward compatibility. ( #779 )
...
* Enabling hex serial numbers without breaking backward compatibility.
* Fixing tests.
2017-05-05 11:04:09 -07:00
Ian Stahnke
5c41dafc97
fix unit and interval transposition in schemas.py ( #752 ) ( #774 )
2017-04-30 12:23:34 -07:00
Paul Van de Vreede
989e3733a2
Add docker setup for running tests on a docker enabled dev environment. ( #771 )
2017-04-28 09:28:06 -07:00
kevgliss
fbc24ea400
There is an issue when iterating over extensions where certificates might not have been issued in adherence with basic constraints. Here we log these errors instead of failing out right. ( #770 )
2017-04-27 17:45:34 -07:00
kevgliss
4905020e77
ensuring stdout has a default log level ( #766 )
2017-04-27 10:11:47 -07:00
kevgliss
75787d20bc
ensuring that lemur's default user has a valid email ( #765 )
2017-04-27 09:53:35 -07:00
kevgliss
ca9f120988
fixing some pep8 issues ( #764 )
2017-04-27 09:44:39 -07:00
Rick Breidenstein
e86954e8ea
Destination Plugin/Lemur_linuxdst ( #736 )
...
* Added lemur_linuxdst
* Revert "Added lemur_linuxdst"
This reverts commit 010c19bd1937320189ee5a0660f9e356221121f3.
* added plugin\lemur_linuxdst
Destination plugin for a target linux host
* Update remote_host.py
* Update plugin.py
* Update remote_host.py
* Update plugin.py
* Update plugin.py
* chaning var and funct names
* Write data with local temp
* .
* .
* typo
* tested plugin successfully
* Update plugin.py
* Update remote_host.py
* removed whitespace
* set permissions on exported keys to 600
sftp.chmod(dst_dir_cn + '/' + dst_file, (stat.S_IRUSR))
* Update plugin.py
* Update remote_host.py
* Update plugin.py
* added 'paramiko==2.1.2'
required for lemur_linuxdst plugin
* data stored in clear text at rest
* Update plugin.py
* Update plugin.py
* Update remote_host.py
2017-04-27 09:19:49 -07:00
Paul Van de Vreede
604cd60dbe
Return correct intermediate certificate on digicert creation. ( #762 )
...
This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
2017-04-27 09:14:20 -07:00
Michael Treacher
05f4ae8e58
Hexify cert serial ( #763 )
...
* Hexify serial at the serialization layer
* Fix for flakey test. Change test to test for uppercased string
2017-04-27 09:13:04 -07:00
kevgliss
88ac783fd2
PEP8 Fixes ( #760 )
2017-04-25 09:23:18 -07:00
Travis McPeak
bc66ede9aa
Fixing Bandit findings and adding travis Bandit job ( #759 )
...
* Fixes for Bandit
This commit fixes a couple of issues so that Bandit can run
cleanly using medium+ severity and confidence filtering.
* Adding Lemur Bandit job to TravisCI
2017-04-24 18:37:03 -07:00
Michael Treacher
1c295896e6
Add test for when there are no notifications on a certificate ( #757 )
2017-04-24 09:04:49 -07:00
kevgliss
01aa372e59
Version bump. ( #751 )
2017-04-08 13:23:48 -07:00
kevgliss
81aff42e03
Removing this exception handling, that error should be caught above. ( #749 )
2017-04-07 16:01:40 -07:00
Michael Treacher
7f019583f2
Don’t set ‘custom_expiration_date’ if validity years is set in the UI. ( #742 )
...
* Don’t set ‘custom_expiration_date’ if validity years is set in the UI.
* Use single quotes instead of double quotes.
2017-04-04 17:11:17 -07:00
kevgliss
f91ae5b319
Fixes bug where authority status was not set correctly. ( #739 )
2017-03-29 10:10:51 -07:00
kevgliss
f0dde845db
Adding ability to exclude certificates from expiration ( #730 )
...
* adding ability to exclude certificates from expiration
* fixing tests
2017-03-15 11:25:19 -07:00
kevgliss
b0ea027769
Underscores should not be in hostnames ( #728 )
2017-03-15 08:41:06 -07:00
Neil Schelly
8762e1c5ae
Issue #703 bugfix ( #711 )
...
* Ensures that both AKI serial/issue _and_ keyid won't be included.
Validation issues crop up if both types of AKI fields are present.
* Ensure that SAN extension includes the certificate's common name
* Fix scenario where subAltNames are getting dropped when applying a template
* Ensure that SAN includes the CN
* Ensuring that getting here without a SAN extension won't break things.
* New cleaner approach
* Some bits of handling the extensions are a bit hacky, requiring access to attributes inside the objects in x509.
I think this is pretty clean though.
* lintian check
* Fixing tests
2017-03-10 09:09:18 -08:00
kevgliss
3c5b2618c0
Rely on the lemur generating the correct name for rotated certificates. ( #714 )
...
* Rely on the lemur generating the correct name for rotated certificates.
* Fixing tests.
2017-03-09 13:09:20 -08:00
kevgliss
602c5580d3
Only validates values if present in options. Fixing authority test to parse plugin information. ( #713 )
2017-03-06 20:38:04 -08:00
kevgliss
b715687617
Ensuring that we don't fail cleaning if it doesn't exist. ( #708 )
2017-03-03 16:03:52 -08:00
kevgliss
c46fa5d69c
Ensures the rotation has a value during migration. ( #707 )
2017-03-03 15:16:25 -08:00
kevgliss
310e1d4501
Adds support for filtering by UI. Closes #702 . ( #706 )
2017-03-03 15:07:26 -08:00
kevgliss
fc957b63ff
Source syncing tweaks. ( #705 )
...
* Allow owner to be specified when syncing certs.
* Ensuring non-endpoint plugins don't fail to complete syncing.
* Adding in some additional error handling.
2017-03-03 14:53:56 -08:00
kevgliss
d53f64890c
Adding max notification constraint. ( #704 )
...
* Adds additional constraints to the max notification time. With an increasing number of certificates we need to limit the max notification time to reduce the number of certificates that need to be analyzed for notification eligibility.
2017-03-03 12:59:16 -08:00
Neil Schelly
5f5583e2cb
UI adjustments for mutually exclusive (radio button version) encipher/decipher-only Key Usage #664 ( #692 )
...
* UI adjustments to make Key Agreement, Encipher Only, and Decipher Only relationship more user-friendly
* whitespace typo
* Issue #663 switching Encipher/Decipher Only options to be mutually exclusive and un-checkable radio buttons.
* Found a bug in the fields schema that was dropping Key Agreement bit if encipher/decipher only weren't checked
2017-02-16 13:26:56 -08:00
kevgliss
cf6ad94509
Adjusting the way that certificates are requested. ( #643 )
...
* Adjusting the way that certificates are requested.
* Fixing tests.
2017-02-16 13:24:05 -08:00
Gus E
08bb9c73a0
allow attributes to be excluded from a cert subject ( #690 )
...
* allow more flexibility in cert subject name
* clean up logic/remove unnecessary code
2017-02-16 13:21:52 -08:00
Neil Schelly
8e49194764
Issue 688 cert templates ( #689 )
...
* subAltNames were getting wiped out every time a template was selected
* isCritical variables aren't presented in the UI, nor is this information used in determining to use them.
2017-02-10 12:43:41 -08:00
kevgliss
8afcb50a39
Fixing the re-issuance process. Ensuring that certificates that are r… ( #686 )
...
* Fixing the re-issuance process. Ensuring that certificates that are re-issued go through the normal schema validation.
* Fixing tests.
2017-02-03 11:21:53 -08:00
Nevins
0326e1031f
adding generic OAuth2 provider ( #685 )
...
* adding support for Okta Oauth2
* renaming to OAuth2
* adding documentation of options
* fixing flake8 problems
2017-02-03 10:36:49 -08:00
Neil Schelly
117009c0a2
Lemur cryptography refactor and updates ( #668 )
...
* Renaming the function so it sounds less root-specific
* Refactoring lemur_cryptography
* Adding to the certificate interface an easy way to request the subject and public_key of a certificate
* Turning the create authority functionality into a wrapper of creating a CSR in the certificate codebase and issueing that certificate in this plugin. (Dependent on https://github.com/Netflix/lemur/pull/666 changes first)
* Ensuring that intermediate certificates and signed certificates retain their chain cert data
* Handling extensions that are the responsibility of the CA
Implementing authority_key_identifier for lemur_cryptography signatures and including skeletons of handling the certificate_info_access and crl_distribution_points
* Fixing errors found with linter
* Updating plugin unit tests
* Changing this for Python3. Underlying cryptography library expects these to be bytes now.
* Updating tests to match new function names/interfaces
* Another naming update in the plugin tests
* Appears that create_csr won't like this input without an owner.
* Undoing last commit and putting it into the right place this time.
* create_csr should be good now with these options, and chain certs will be blank in tests
* This won't be blank in issue_certificate, like it will in creating an authority.
* Much cleaner
* unnecessary import
2017-02-01 10:34:24 -08:00
kevgliss
317b7cabb3
Ensuring usage matched OIDs. ( #681 )
2017-01-28 23:22:20 -08:00
kevgliss
a59bc1f436
Fixes ( #680 )
...
* Adding some additional logging.
2017-01-28 16:40:37 -08:00
kevgliss
c24810b876
Modifying variable to fit epextions. ( #679 )
2017-01-28 14:07:12 -08:00
kevgliss
bc94353850
Closes #648 , also fixes several issues #666 . ( #678 )
2017-01-27 21:05:25 -08:00
Neil Schelly
f13a3505f3
X509 extensions issue#646 ( #666 )
...
* Allowing that create_csr can be called with an additional flag in the csr_config to adjust the BasicConstraints for a CA.
* If there are no SANs, skip adding a blank list of SANs.
* Adding handling for all the extended key usage, key usage, and subject key identifier extensions.
* Fixing lint checks. I was overly verbose.
* This implements marshalling of the certificate extensions into x509 ExtensionType objects in the schema validation code.
* Will create x509 ExtensionType objects in the schema validation stage
* Allows errors parsing incoming options to bubble up to the requestor as ValidationErrors.
* Cleans up create_csr a lot in the certificates/service.py
* Makes BasicConstraints _just another extension_, rather than a hard-coded one
* Adds BasicConstraints option for path_length to the UI for creating an authority
* Removes SAN types which cannot be handled from the UI for authorities and certificates.
* Fixes Certificate() object model so that it doesn't just hard-code only SAN records in the extensions property and actually returns the extensions how you expect to see them. Since Lemur is focused on using these data in the "CSR" phase of things, extensions that don't get populated until signing will be in dict() form.* Trying out schema validation of extensions
2017-01-27 12:31:29 -08:00
Tom Lianza
4af871f408
Added migration to cover what seem to be missing fields. ( #676 )
2017-01-27 09:07:20 -08:00
Nevins
162d5ccb62
Gracefully handle importing certificates with missing data ( #674 )
...
* fixing index out of range issue
* catching exceptions is common values aren't set
* fixing lint errors
* fixing unrelated lint/import error
2017-01-24 13:48:53 -08:00
Neil Schelly
f353956353
Many fixes to authority/certificate extensions pages ( #659 )
...
* Aligning certificate creation between authority and certificate workflows
* Correctly missing and mis-named fields in schemas
* Re-ordering KeyUsage and ExtendedKeyUsage for consistency and clarity
* Adding client authentication to the authority options.
* Missing blank lines for pyflakes linting
* Updating tests for new fields/names/typos
2017-01-18 14:31:17 -08:00
Neil Schelly
02cfb2d877
Stealing this code form the attachSubAltName function in the certificates workflow. ( #655 )
...
The function was wiping out any extensions that weren't SAN names from the authority UI.
2017-01-18 14:24:15 -08:00
Neil Schelly
1b6f88f6fd
Fixing handling of adding custom OIDs in UI ( #653 )
...
* is_critical wasn't in the schema, so was getting dropped.
* isCritical in the Javascript wasn't getting assigned if it was unchecked. Now, it will be assumed false if missing.
* The display of critical or not in the list of added custom OIDs was unclear when it was just true/false with no heading. Now it will be displayed as critical or nothing instead.
* The namespace for the checkbox for isCritical was wrong, and didn't get processed with the oid/type/value variables.
2017-01-18 14:20:44 -08:00
Neil Schelly
25340fd744
Combining Authority Key Identifier extension options in the schema. ( #651 )
...
* Combining Authority Key Identifier extension options in the schema.
This makes processing them in the cert/csr generation stage make more sense because they are two options in the same x.509 extension. They were already in the same part of the schema for authorities, but this makes the certificates follow the same pattern, and it allows them to share the same schema/validation layout.
* Updating schema tests to match changes
* Fixing an idiot typo
* I promise to stop using Travis as a typo-corrector soon.
2017-01-18 14:16:19 -08:00
Neil Schelly
7f2b44db04
Correcting grammar for subca ValidationError message for clarity ( #657 )
2017-01-18 12:34:16 -08:00
kevgliss
d67b6c6120
Chains are not always a given. ( #645 )
2017-01-08 17:27:50 -08:00
kevgliss
83128f3019
Fixing elb sync issues. ( #641 )
...
* Fixing elb sync issues.
* Fixing de-duplications of names.
2017-01-05 16:06:34 -08:00
kevgliss
7aa5ba9c6b
Fixing an IAM syncing issue. Were duplicates were not properly sync'd… ( #638 )
...
* Fixing an IAM syncing issue. Were duplicates were not properly sync'd with Lemur. This resulted in a visibility gap. Even 'duplicates' need to sync'd to Lemur such that we can track rotation correctly. Failing on duplicates lead to missing those certificates and the endpoints onto which they were deployed. This commit removes the duplicate handling altogether.
* Fixing tests.
2017-01-04 17:46:47 -08:00
kevgliss
e5dee2d7e6
Adding additional metrics for when destinations fail to upload. ( #637 )
2016-12-28 09:52:23 -08:00
kevgliss
b0232b804e
Removing cloned date defaults. ( #636 )
2016-12-27 11:35:53 -08:00
kevgliss
de7cec35c6
Clean refactor ( #635 )
...
* Adding rotation to the UI.
* Removing spinkit dependency.
* refactoring source cleaning
2016-12-27 10:31:33 -08:00
kevgliss
700c57b807
Rotation ui ( #633 )
...
* Adding rotation to the UI.
* Removing spinkit dependency.
2016-12-26 15:55:11 -08:00
kevgliss
ce75bba2c3
Replacement refactor. ( #631 )
...
* Deprecating replacement keyword.
* Def renaming.
2016-12-26 11:09:50 -08:00
kevgliss
46f8ebd136
Modifying the way rotation works. ( #629 )
...
* Modifying the way rotation works.
* Adding docs.
* Fixing tests.
2016-12-23 13:18:42 -08:00
kevgliss
f8279d6972
Fixes a bug where pagination was incorrect. ( #628 )
2016-12-21 18:39:21 -08:00
kevgliss
072ca4da4f
Adding some additional output to rotation command. ( #627 )
2016-12-21 13:34:14 -08:00
kevgliss
8c5c30dfd4
Adding some additional output to expiration command. ( #626 )
2016-12-21 11:01:21 -08:00
kevgliss
74723d1a1f
Adding ability to modify ELBv2 endpoints. ( #624 )
2016-12-21 08:23:14 -08:00
kevgliss
cdcae4efb0
Closes #594 ( #621 )
2016-12-20 14:26:39 -08:00
kevgliss
f7c795c7f6
Closes #577 . ( #622 )
2016-12-20 14:26:29 -08:00
kevgliss
beba2ba092
Adding additional reporting and refactoring existing setup. ( #620 )
2016-12-20 12:48:14 -08:00
kevgliss
9ac10a97ce
Fix acme tests ( #619 )
...
* Ensures that in-active users are not allowed to login.
* Ensuring acme issuer loads correctly.
2016-12-19 22:59:23 -08:00
kevgliss
2f5f82d797
Ensures that in-active users are not allowed to login. ( #618 )
2016-12-19 22:58:57 -08:00
kevgliss
c7fdb2acd7
adding required variables ( #611 )
2016-12-18 18:21:22 -08:00
kevgliss
51c7216b70
Fixing configuration value. ( #610 )
...
* Fixing and configuration value.
* Pinning fake factory.
2016-12-18 18:21:12 -08:00
Marti Raudsepp
0f3ffaade0
Fall back to CN for CA name when organization is not available ( #607 )
...
In-house CAs may not have the organization field filled out.
2016-12-16 16:27:25 -08:00
kevgliss
156b98f7f0
Ensuring that rotation only happens for certificates with endpoints to rotate. ( #606 )
2016-12-15 15:20:21 -08:00
kevgliss
a09faac9a7
Endpoint sync fixes ( #604 )
2016-12-15 10:26:59 -08:00
kevgliss
d20c552248
Fixing issues with rotation. ( #603 )
...
* Fixing issues with rotation.
* Fixing tests
2016-12-14 17:30:13 -08:00
Marti Raudsepp
b327963925
Plugin base classes: update method signatures & fix raise ( #598 )
...
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.
Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"
Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
Marti Raudsepp
1eb3d563c6
Fix error reporting for certs without private key ( #599 )
2016-12-14 13:25:56 -08:00
kevgliss
02991c70a9
Allow Lemur "start" to use the global config. ( #596 )
...
* allowing our runserver to use the config specified by -c
* Maintaining config for gunicorn
2016-12-14 13:23:50 -08:00
Marti Raudsepp
71ddbb409c
Minor documentation fixes/tweaks ( #597 )
...
Mostly typos, grammar errors and inconsistent indentation in code
examples.
Some errors detected using Topy (https://github.com/intgr/topy ), all
changes verified by hand.
2016-12-14 09:29:04 -08:00
kevgliss
565c9ae98d
adding missing init ( #587 )
2016-12-13 09:21:31 -08:00
kevgliss
03d5a6cfe1
Refactors how notifications are generated. ( #584 )
2016-12-12 11:22:49 -08:00
kevgliss
1c3ac21291
Ensuring the digicert session is handled correctly ( #579 )
2016-12-11 08:38:59 -08:00
kevgliss
968dd52f6f
Fixes ( #576 )
...
* Fixing email notification
* Adding endpoint expiration
* Fixing endpoint type for ELBs
* Allowing verisign to include additional SANs
2016-12-08 15:52:27 -08:00
kevgliss
a4b32b0d31
Fixing up notification testing ( #575 )
2016-12-08 11:33:40 -08:00
kevgliss
be1415fbd4
Ensuring new cli is available ( #574 )
2016-12-08 09:11:19 -08:00
kevgliss
b5901a1570
adding needed migration files ( #573 )
2016-12-07 17:31:59 -08:00
kevgliss
bdc6dc8683
Fixing a bug were extensions got a default value ( #572 )
2016-12-07 17:28:18 -08:00
kevgliss
5087fa67dc
skipping a few tests that aren't ready yet ( #571 )
2016-12-07 16:52:00 -08:00
kevgliss
fc205713c8
Certificate rotation enhancements ( #570 )
2016-12-07 16:24:59 -08:00
kevgliss
9adc5ad59e
Adding last updated time ( #569 )
2016-12-07 15:43:57 -08:00
kevgliss
f63ccd033d
Ensuring that endpoints without output_schema work as expected ( #568 )
2016-12-07 15:40:29 -08:00
kevgliss
00da52f32e
Ensuring that CSRs are correctly validated under python3 ( #565 )
2016-12-06 12:25:43 -08:00
kevgliss
e94cf6ddc9
Ensuring that certificates returned from digicert are in the proper format ( #564 )
2016-12-06 12:05:18 -08:00
kevgliss
81272a2f7a
Moving validation to server start. ( #563 )
2016-12-05 16:43:38 -08:00
kevgliss
e622a49b72
Adding better error handling around certificate rotation ( #562 )
2016-12-05 15:12:55 -08:00
kevgliss
9030aed8a4
Ensuring that our syncing process can find duplicate certifcates that do no need to be sync'd ( #560 )
2016-12-05 11:08:29 -08:00
kevgliss
344abbda66
fixing signature ( #556 )
2016-12-02 13:48:50 -08:00
kevgliss
834814f867
adding additional status code metrics ( #555 )
2016-12-02 13:02:59 -08:00
kevgliss
7f823a04cd
Ensuring that acme and cryptography respect different key types ( #554 )
2016-12-02 10:54:18 -08:00
kevgliss
0f5e925a1a
Ensuring that default-issuer is set ( #553 )
2016-12-02 09:54:16 -08:00
kevgliss
a40bc65fd4
Default authority. ( #549 )
...
* Enabling the specification of a default authority, if no default is found then the first available authority is selected
* PEP8
* Skipping tests relying on keytool
2016-12-01 15:42:03 -08:00
kevgliss
81bf98c746
Enabling RSA2048 and RSA4096 as available key types ( #551 )
...
* Enabling RSA2048 and RSA4096 as available key types
* Fixing re-issuance
2016-12-01 15:41:53 -08:00
kevgliss
e1bbf9d80c
Improving endpoint rotation logic ( #545 )
2016-11-30 15:11:17 -08:00
kevgliss
abb91fbb65
fixing a few minor issue with cloning ( #544 )
2016-11-30 10:54:53 -08:00
kevgliss
f9b16a2110
csr as string ( #542 )
2016-11-29 18:50:20 -08:00
kevgliss
588ac1d6a6
Digicert cis fixes ( #540 )
2016-11-29 17:15:39 -08:00
kevgliss
058d2938fb
migrating off of openssl ( #539 )
2016-11-29 11:30:44 -08:00
kevgliss
3db3214cbe
installing the digicert CIS plugin ( #537 )
2016-11-29 10:02:40 -08:00
kevgliss
bfc80f982c
minor fixes and downgrading requests ( #535 )
2016-11-28 16:50:26 -08:00
kevgliss
727bc87ede
Log fixes ( #534 )
...
* tying up some loose ends with event logging
* Ensuring creators can access
2016-11-28 14:13:16 -08:00
kevgliss
e2143d3ee8
tweaking the way data is returned ( #532 )
2016-11-28 12:29:03 -08:00
kevgliss
b46ff4158a
Initial workon the digicert high issuance api. ( #531 )
2016-11-28 10:50:58 -08:00
kevgliss
250558baf3
Ensuring that authority owners can access certificates issued by that… ( #526 )
...
* Ensuring that authority owners can access certificates issued by that authority
2016-11-25 20:35:07 -08:00
kevgliss
8e5323e2d7
migrating flask imports ( #525 )
2016-11-22 21:11:20 -08:00
kevgliss
d5d036b412
adding a work around for new gunicorn ( #523 )
2016-11-22 16:47:29 -08:00
kevgliss
9d03e75d9b
tweaking a few things to support the new marshmallow ( #522 )
2016-11-22 15:14:19 -08:00
kevgliss
06a3f3ea0d
version bump ( #520 )
2016-11-21 15:29:31 -08:00
kevgliss
12ae0a587d
teaking the way exceptions are handled ( #519 )
2016-11-21 15:26:17 -08:00
kevgliss
b3aa057d58
Upgrade deps. ( #517 )
2016-11-21 14:29:20 -08:00
kevgliss
dd6d332166
Removing python2 compatibility. ( #518 )
2016-11-21 14:03:04 -08:00
kevgliss
6eca2eb147
Re-working the way audit logs work.
...
* Adding more checks.
2016-11-21 11:28:11 -08:00
kevgliss
744e204817
Initial work on #74 . ( #514 )
...
* Initial work on #74 .
* Fixing tests.
* Adding migration script.
* Excluding migrations from coverage report.
2016-11-21 09:19:14 -08:00
kevgliss
d45e7d6b85
[WIP] - 422 elb rotate ( #493 )
...
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
2016-11-18 11:27:46 -08:00
kevgliss
6fd47edbe3
Adds the ability to clone existing certificates. ( #513 )
2016-11-17 16:19:52 -08:00
kevgliss
a616310eb7
Fixing an issue were aws certificates plugins might not have a chain. ( #512 )
2016-11-17 14:47:10 -08:00
kevgliss
2130029f90
Adding new notification templates. ( #511 )
2016-11-17 14:16:59 -08:00
kevgliss
d11f254476
Closes : #469 ( #510 )
2016-11-17 12:16:30 -08:00
kevgliss
a9361fe428
Endpoints should be visible to all. ( #508 )
2016-11-17 10:45:26 -08:00
kevgliss
5345170a4f
Ensuring that the passed in configuration has precedence over the environment config. ( #507 )
2016-11-17 09:31:37 -08:00
Sakti Dwi Cahyono
520404c215
fix string -> byte conversion on python2 ( #472 )
2016-11-16 16:03:38 -08:00
kevgliss
9ac1756011
removing new 'active' logic for the time being ( #505 )
2016-11-16 15:56:24 -08:00
kevgliss
851d74da3d
Ensuring that private key is in string format before it gets stored ( #504 )
...
* Ensuring that private key is in string format before it gets stored
* Fixing failing test.
2016-11-16 15:05:25 -08:00
kevgliss
3f2691c5d4
Minor fixes. ( #502 )
2016-11-16 13:23:35 -08:00
kevgliss
eaf34b1c8b
Disabling the protect active flag ( #498 )
2016-11-16 09:31:02 -08:00
kevgliss
e9219adfb5
Ensuring model's have a basic __repr__. ( #499 )
2016-11-16 09:30:54 -08:00
kevgliss
9eddaf66cb
adding human readable string ( #500 )
2016-11-16 09:30:46 -08:00
kevgliss
0a29a3fa2a
Adding release notes. ( #459 )
2016-11-15 16:44:40 -08:00
kevgliss
9bb0787410
Ensuring that duplicates are migrated correctly. ( #496 )
...
* Ensuring that duplicates are migrated correctly.
* fixing typo
2016-11-15 16:43:45 -08:00
JohnTheodore
dd14fd202d
clean out ADMINS references ( #495 )
...
* add variables to the documentation forwq oauth2
* remove old reference to ADMINS to get rid of any confusion
2016-11-15 16:43:28 -08:00
kevgliss
114deba06e
Adding the ability to silence notifications on creation. ( #490 )
2016-11-12 09:29:42 -08:00
kevgliss
0334f1094d
fixing documentation typo ( #489 )
2016-11-11 13:35:24 -08:00
kevgliss
7af68c3cc0
Adding additional metric gathering for failed sync operations. ( #488 )
2016-11-11 13:28:01 -08:00
kevgliss
953d3a08e7
Adding example request to documentation. ( #487 )
2016-11-11 12:54:12 -08:00
kevgliss
94d619cfa6
Minor errors. ( #484 )
2016-11-10 14:34:45 -08:00
kevgliss
89470a0ce0
Adding default validity and retry logic. ( #483 )
2016-11-10 11:23:37 -08:00
kevgliss
e6b291d034
Time ( #482 )
...
* adding python 3.5 as a target
* adding env flag
* Aligning on arrow dates.
2016-11-09 10:56:22 -08:00
kevgliss
25a6c722b6
Adding digicert documentation. ( #480 )
2016-11-08 14:56:05 -08:00
kevgliss
67a5993926
fixing type in ciphers ( #479 )
2016-11-08 12:23:21 -08:00
kevgliss
aa979e31fd
Digicert plugin ( #478 )
...
* Initial work on digicert plugin.
* Adding certificate pickup, to digicert plugin.
* Removing and rotating test api key.
2016-11-07 14:40:00 -08:00
kevgliss
b74df2b3e4
Minor changes for python3. ( #477 )
2016-11-07 14:33:07 -08:00
kevgliss
4afedaf537
Fixes ( #476 )
...
* Ensures that Vault can accept bytes and strings.
* Make restricted domains optional.
* Fixing notify flag.
2016-11-04 09:16:41 -07:00
Neil Schelly
2b79474060
Trying this to fix defaulting org to Netflix ( #475 )
2016-11-02 09:12:47 -07:00
kevgliss
a6360ebfe5
Adding pending certificate metric. ( #473 )
2016-11-01 14:24:45 -07:00
kevgliss
d99681904e
Fixing test to take python3 into account. ( #460 )
...
* Fixing test to take python3 into account.
2016-10-31 17:02:08 -07:00
kevgliss
1ac1a44e83
San alt name ( #468 )
2016-10-31 11:00:15 -07:00
cviecco
490d5b6e6c
python2.x .base64url_decode has a single parameter and incoming data is utf-8.. need to convert so string ( #463 )
2016-10-26 00:50:00 -07:00
Terin Stock
4b7fc8551c
fix(web): send JSON for all errors ( #464 )
...
Configure werkzeug to output JSON error messages for the benefit of
downstream clients. This also allows for metrics collection in all cases
where werkzeug is outputting an exception.
2016-10-26 00:46:43 -07:00
Charles Hendrie
cd9c112218
Implement a CFSSL issuer plugin ( #452 )
...
* Implement CFSSL issuer plugin
Implement a Lemur plugin for generating certificates from the open
source certificate authority CFSSL
(https://github.com/cloudflare/cfssl ). The plugin interacts with CFSSL
through the CFSSL REST API. The CFSSL configuration is defined in the
lemur.conf.py property file using property names prefixed with "CFSSL_".
* Update documentation to include CFSSL plugin
2016-10-22 00:52:18 -07:00
kevgliss
a8f44944b1
Closes #415
2016-10-17 23:23:14 -07:00
kevgliss
d31c9b19ce
Closes #412 . Allows 'name' be a valid attribute to specify a role. ( #457 )
2016-10-16 03:56:13 -07:00
kevgliss
fb178866f4
Fixes an issue with the source tests failing. ( #456 )
2016-10-16 03:55:37 -07:00
kevgliss
f921b67fff
Removing the ability to use spaces in custom names. ( #455 )
2016-10-15 04:56:25 -07:00
kevgliss
c367e4f73f
Prevents the silencing of notifications that are actively deployed. ( #454 )
...
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.
* Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
kevgliss
dcb18a57c4
Adds option to restrict certificate expiration dates to weekdays. ( #453 )
...
* Adding ability to restrict certificate creation to weekdays.
* Ensuring that we test for weekends.
2016-10-15 00:04:35 -07:00
Mike Grima
10d833e598
Added Symantec plugin error checking for invalid domain suffix ( #449 )
2016-10-13 15:23:56 -07:00
kevgliss
708d85abeb
Fixes a bug where certificates discovered by lemur's source plugins were not given the appropriate default notifications. ( #447 )
2016-10-11 21:08:13 -07:00
kevgliss
ee028382df
Show only roles that the user is a member of, in list view, for other views show all roles such that certificates and authorities can be shared across teams/groups. ( #446 )
2016-10-11 17:56:38 -07:00
kevgliss
c05a49f8c9
Fixes an issuer where a member of a role is not able to add new users to said role. ( #445 )
2016-10-11 17:24:15 -07:00
Charles Hendrie
f179e74a4a
Fix Java export default password generator ( #441 )
...
When exporting a certificate, the password is an optional parameter.
When a password is not supplied by the caller, a default password is
generated by the method. The generation library creates the random
password as a bytes object. The bytes object raises an error in the
'keytool' command used to export the certificate. The keytool is
expecting the password to be a str object.
The fix is to decode the generated password from a bytes object to a str
object.
The associated Java plugin tests have been updated to verify the export
method returns the password as a str object. In addition, the tests have
been updated to correctly test the export methods response object. The
original tests treated the response as a single object. The current
export methods return a tuple of data (type, password, data).
In order to make the tests compatible with both Python2 and Python3, the
'six' library was used to test the password is in fact a string.
2016-10-10 22:43:23 -07:00
Charles Hendrie
9065aa3750
Update the private key regex validation ( #435 )
...
* Update the private key regex validation
Private keys provided by the Let's Encrypt certificate authority as part
of their certificate bundle fail the import/upload certificate private
key validation. The validation is looking for a specific character
sequence at the begin of the certificate. In order to support valid
Let's Encrypt private keys, the regex has been updated to check for both
the existing sequence and the Let's Encrypt character sequence.
Example Let's Encrypt private key:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvsiwV8A5+r0tQ
QzUAJO0DfoEb9tMWvoFi0DLs9tx88IwMqItPPl9+RNzQnv9qqZR1h4W97sxP8aWY
...
AeS667IJO/2DMKaGiEldaVZtgqdUhCL8Rm4XUFVb1GjLa03E4VRU6W7eQ4hgT2a7
cHDAR8MiovNyfT0fm8Xz3ac=
-----END PRIVATE KEY-----
* Add private key regex for footer
Update the import/upload private key validation regex to verify both the
header and footer are matching.
2016-10-10 22:42:09 -07:00
kevgliss
96e42c793e
Refactors the default notification option. Also ensures that notifications and destinations are easier to test. ( #437 )
2016-10-09 00:06:53 -07:00
kevgliss
72a390c563
Ensure the openssl and cryptography work under python3. ( #438 )
2016-10-09 00:06:15 -07:00
kevgliss
a19c918c68
Closes #411 ( #439 )
2016-10-09 00:06:03 -07:00
Charles Hendrie
5cbf5365c5
Active S3 destination plugin ( #433 )
...
* Activate the AWS S3 destination plugin
Add the AWS S3 destination plugin to the list of available Lemur
plugins.
Update the S3 destination plugin's "accountNumber" option to be of type
'str' to handle account numbers starting with zeros.
Update Lemur's utils for parsing certificates to correctly encode the
X509 certificates before loading for python3.
* Add S3 destination plugin test
Added simple test to verify S3 destination plugin is available.
2016-10-08 17:06:20 -07:00
Charles Hendrie
3ad7a37f95
Fix import certificate private key encoding ( #434 )
...
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.
The fix in both cases is to correctly encode the private key as a bytes
object.
2016-10-08 17:04:54 -07:00
Mike Grima
6cac2838e3
Fix for missing profile pic. ( #429 )
2016-09-27 13:02:01 -07:00
Charles Hendrie
fbbf7f90f6
Fix test certificates module hanging issue ( #427 )
...
* Fix test certificates module hanging issue
When executing the lemur/tests/test_certificates.py module's tests, all
tests are executed, but the test process appears to hang and never
completes with the display of the results for the tests.
The hanging issue is traced to the two test methods:
test_import(logged_in_user) and test_upload(logged_in_user). The issue
has to do with the test methods' using the logged_in_user(app) fixture from
the conftest.py module as the method parameter.
The test methods at issue require the session, db, and app fixtures to
be initialized for the tests to complete successfully. The
logged_in_user() fixture only initializes the app fixture. Updating the
test_import() and test_upload() methods parameters to be the "session"
fixture fixes the hanging issue and the tests complete successfully.
This is the command being used to execute the tests...
$ py.test -s -v lemur/tests/test_certificates.py
* Update fix for test certificates hanging issue
Based on feedback from the original pull request for this fix, added the
session fixture to the logged_in_user fixture and reverted the
test_import() and test_upload() methods to use the logged_in_user
(instead of the session fixture).
2016-09-27 13:01:37 -07:00
Terin Stock
1ea75a5d2d
fix(certificates): import re module ( #428 )
2016-09-21 22:54:46 -07:00
Terin Stock
39645a1a84
feat(certificates): add support for restricted domains ( #424 )
...
Lemur's documentation already mentions LEMUR_RESTRICTED_DOMAINS, a list
of regular expressions matching domains only administrators can issue
certificates for. An option to mark domains as sensitive existed in the
API, however the configuration option was not implemented.
Now both ways of sensitivity are checked in the same place.
2016-09-12 16:59:14 -07:00
kevgliss
a60e372c5a
Ensuring that password hashes are compared correctly under python3
2016-09-07 13:25:51 -07:00
kevgliss
76cece7b90
Ensuring that private keys are retrieved correctly under python3. ( #422 )
2016-09-07 12:34:50 -07:00
kevgliss
ca2944d566
Ensuring the inactive certificates are not alerted on. ( #418 )
2016-08-29 15:46:35 -07:00
kevgliss
53d0636574
Python3 ( #417 )
...
* Fixing tests.
* Fixing issue where decrypted credentials were not returning valid strings.
* Fixing issues with python3 authentication.
2016-08-29 08:58:53 -07:00
kevgliss
7e6278684c
Python3 ( #416 )
...
* Fixing issue where decrypted credentials were not returning valid strings.
2016-08-26 16:02:23 -07:00
kevgliss
2d7a6ccf3c
Owner email ( #414 )
...
* Ensuring python2 works with unicode strings.
* adding in owner DN
* fixing tests
* Upgrading requests.
* Fixing tests.
2016-08-25 10:09:46 -07:00
kevgliss
18b99c0de4
Fixing an issue where openssl can't find the certificates to create PKCS12 files ( #408 )
2016-08-17 10:33:59 -07:00
kevgliss
29a330b1f4
Orphaned certificates ( #406 )
...
* Fixing whitespace.
* Fixing syncing.
* Fixing tests
2016-07-28 13:08:24 -07:00
kevgliss
a644f45625
Adding some simplified reporting. ( #403 )
...
* Adding issuance report.
* Fixing whitespace.
2016-07-27 12:41:32 -07:00
kevgliss
3db669b24d
Ensuring that the temporary certificate is created correctly ( #400 )
2016-07-12 18:07:11 -07:00
kevgliss
f38868a97f
Fixing various problems with the syncing of endpoints, throttling sta… ( #398 )
...
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
2016-07-12 08:40:49 -07:00
kevgliss
4f3dc5422c
Allowing the role-user associated to be updated. ( #396 )
...
* Allowing the role-user associated to be updated.
* Fixing tests
* Fixing tests, for real.
2016-07-07 13:03:10 -07:00
kevgliss
1ba7181067
Fixed an issue were default notifications were added even when updati… ( #395 )
...
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.
* Ensuring imported certificates get the same treatment.
2016-07-07 11:44:11 -07:00
kevgliss
74bf54cb8f
Slack spruce up ( #394 )
...
* Formatting slack message.
* Tweaking tests.
2016-07-06 10:27:13 -07:00
kevgliss
d4732d3ab0
Closes #335 . ( #392 )
2016-07-04 16:08:16 -07:00
kevgliss
cb9631b122
Closes #356 . ( #391 )
2016-07-04 15:38:51 -07:00
kevgliss
4077893d08
Ensuring that destinations require private keys by default. ( #390 )
...
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
kevgliss
4ee1c21144
Closes #372 ( #389 )
...
* Closes #372
2016-07-04 14:32:46 -07:00
kevgliss
c8eca56690
Closes #366 ( #387 )
2016-07-04 13:03:46 -07:00
kevgliss
300e2d0b7d
Adding plugin tests. ( #385 )
...
* Adding plugin tests.
* Fixing some python 2/3 incompatibilities.
2016-07-01 11:32:19 -07:00
kevgliss
e34de921b6
Target Individuals for Certificates ( #384 )
...
* Allowing individual users to be targeted for a role.
* Ensuring that even new users get a per user-role
2016-07-01 09:04:39 -07:00
kevgliss
9aec899bfd
Fixing a few errors.
...
* Fixing organizational_unit and common name
* FIxing organization name and allow creaters to view CA.
2016-06-29 16:16:37 -07:00
kevgliss
54b888bb08
Adding a toy certificate authority. ( #378 )
2016-06-29 09:05:39 -07:00
kevgliss
eefff8497a
Adding a new default issuer.
2016-06-28 17:46:26 -07:00
kevgliss
ecbab64c35
Adding endpoint migration script. ( #376 )
2016-06-28 16:12:56 -07:00
kevgliss
c8447dea3d
Fixing a few issues with startup. ( #374 )
2016-06-28 14:28:05 -07:00
kevgliss
5021e8ba91
Adding ACME Support ( #178 )
2016-06-27 15:57:53 -07:00
kevgliss
f846d78778
S3 destination ( #371 )
2016-06-27 15:11:46 -07:00
kevgliss
fe9703dd94
Closes #284 ( #336 )
2016-06-27 14:40:46 -07:00
mik373
b44a7c73d8
Kubernetes desination plugin ( #357 )
...
* Kubernetes desination plugin
* fixing build warnings
* fixing build warnings
2016-06-27 14:40:01 -07:00
kevgliss
19b928d663
Fixes #367
2016-06-23 13:29:59 -07:00
kevgliss
daea8f6ae4
Bug fixes ( #355 )
...
* we should not require password to update users
* Fixing an issue were roles would not be added.
2016-06-13 17:22:45 -07:00
Roi Martin
41d1fe9191
Using UTC time in JWT token creation ( #354 )
...
As stated in PyJWT's documentation [1] and JWT specification [2][3], UTC
times must be used. This commit fixes JWT decoding in servers not using
UTC time.
[1] https://pypi.python.org/pypi/PyJWT/1.4.0
[2] https://tools.ietf.org/html/rfc7519#section-4.1.6
[3] https://tools.ietf.org/html/rfc7519#section-2
2016-06-13 11:18:07 -07:00
Mike Grima
9a653403ae
Fix for Issue #352 .
2016-06-08 16:41:31 -07:00
kevgliss
77f13c9edb
Fixing issue were, after a user changes their mind validity years wil… ( #349 )
2016-06-06 12:11:40 -07:00
kevgliss
d9cc4980e8
Fixing destination upload. ( #347 )
...
* Fixing an issue where uploaded certificates would have a name of 'None'
* Clarifying comment.
* Improving order.
2016-06-03 18:45:58 -07:00
kevgliss
5e987fa8b6
Adding additional data migrations. ( #346 )
2016-06-03 17:56:32 -07:00
kevgliss
42001be9ec
Fixing the way filters were toggled. ( #345 )
2016-06-03 09:24:17 -07:00
kevgliss
dc198fec8c
Docs ( #344 )
...
* Adding release info.
* adding some fields
* Adding Source Plugin change.
* Updating docs
2016-06-03 08:28:09 -07:00
kevgliss
acd47d5ec9
Fixing an issue were authorities were not related to their roles ( #342 )
2016-06-02 09:07:17 -07:00
kevgliss
72e3fb5bfe
Fixing several small issues. ( #341 )
...
* Fixing several small issues.
* Fixing tests.
2016-06-01 11:18:00 -07:00
kevgliss
b2539b843b
Fixing and error causing duplicate roles to be created. ( #339 )
...
* Fixing and error causing duplicate roles to be created.
* Fixing python3
* Fixing python2 and python3
2016-05-31 15:44:54 -07:00
kevgliss
be5dff8472
Adding a visualization for authorities. ( #338 )
...
* Adding a visualization for authorities.
* Fixing some lint.
* Fixing some lint.
2016-05-30 21:52:34 -07:00
kevgliss
76037e8b3a
Fixing certificate names. ( #337 )
2016-05-27 12:00:10 -07:00
kevgliss
11f4bd503b
Fixes ( #332 )
...
* Ensuring domains are returned correctly.
* Ensuring certificates receive owner role
2016-05-24 17:10:19 -07:00
kevgliss
6688b279e7
Fixing some bad renaming. ( #331 )
2016-05-24 10:43:40 -07:00
kevgliss
1ca38015bc
Fixes ( #329 )
...
* Modifying the way roles are assigned.
* Adding migration scripts.
* Adding endpoints field for future use.
* Fixing dropdowns.
2016-05-23 18:38:04 -07:00
kevgliss
656269ff17
Closes #147 ( #328 )
...
* Closes #147
* Fixing tests
* Ensuring we can validate max dates.
2016-05-23 11:28:25 -07:00
kevgliss
bd727b825d
Making roles more apparent for certificates and authorities. ( #327 )
2016-05-20 12:48:12 -07:00
kevgliss
e04c1e7dc9
Fixing a few things, adding tests. ( #326 )
2016-05-20 09:03:34 -07:00
kevgliss
615df76dd5
Closes 262 ( #324 )
...
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
2016-05-19 13:37:05 -07:00
kevgliss
112c6252d6
Adding password reset command to the cli. ( #325 )
2016-05-19 10:07:15 -07:00
kevgliss
b13370bf0d
Making dropdowns look a bit better. ( #322 )
...
* Making dropdowns look a bit better.
* Pleasing Lint.
2016-05-19 09:04:50 -07:00
kevgliss
88aa5d3fdb
Making nested notifications less verbose ( #321 )
2016-05-19 08:48:55 -07:00
kevgliss
b187d8f836
Adding a better comparison. ( #320 )
2016-05-16 19:03:10 -07:00
kevgliss
1763a1a717
254 duplication certificate name ( #319 )
2016-05-16 15:59:40 -07:00
kevgliss
62b61ed980
Fixing various issues. ( #318 )
...
* Fixing various issues.
* Fixing tests
2016-05-16 11:09:50 -07:00
kevgliss
c11034b9bc
Fixes various issues. ( #317 )
2016-05-16 09:23:48 -07:00
kevgliss
58e8fe0bd0
Fixes various issues. ( #316 )
2016-05-13 14:35:38 -07:00
kevgliss
a0c8765588
Various bug fixes. ( #314 )
2016-05-12 12:38:44 -07:00
kevgliss
9022059dc6
Marshmallowing roles ( #313 )
2016-05-10 14:22:22 -07:00
kevgliss
7f790be1e4
Marsmallowing users ( #312 )
2016-05-10 14:19:24 -07:00
kevgliss
93791c999d
Marsmallowing destinations ( #311 )
2016-05-10 13:43:26 -07:00
kevgliss
5e9f1437ad
Marsmallowing sources ( #310 )
2016-05-10 13:16:33 -07:00
kevgliss
f9655213b3
Marshmallowing notifications. ( #308 )
2016-05-10 11:27:57 -07:00
kevgliss
008d608ec4
Fixing error in notifications. ( #307 )
2016-05-09 17:35:18 -07:00
kevgliss
78c8d12ad8
Cleaning up the way authorities are selected and upgrading uib dependencies.
2016-05-09 17:17:00 -07:00
kevgliss
df0ad4d875
Authorities marshmallow addition ( #303 )
2016-05-09 11:00:16 -07:00
Harm Weites
776e0fcd11
Slack plugin for notifications ( #305 )
2016-05-08 09:07:16 -07:00
kevgliss
6ec3bad49a
Closes #278 ( #298 )
...
* Closes #278
2016-05-05 15:28:17 -07:00
kevgliss
52f44c3ea6
Closes #278 and #199 , Starting transition to marshmallow ( #299 )
...
* Closes #278 and #199 , Starting transition to marshmallow
2016-05-05 12:52:08 -07:00
kevgliss
db8243b4b4
Closes #301
2016-05-04 16:56:05 -07:00
kevgliss
8e1b7c0036
Removing validation because regex is hard
2016-04-25 16:13:33 -07:00
kevgliss
9b0e0fa9c2
removing validtion from openssl
2016-04-25 16:11:37 -07:00
kevgliss
b9fe359d23
Fixes #285 Renames sync_sources function to sync to align documentation.
2016-04-25 11:21:25 -07:00
kevgliss
dbd1279226
Fixes #289 and #275
2016-04-21 16:22:19 -07:00
kevgliss
82b4f5125d
Fixes an issue where custom OIDs would clear out san extensions
2016-04-11 11:17:18 -07:00
kevgliss
3f89d6d009
Merge pull request #271 from kevgliss/195
...
Closes #195
2016-04-08 12:01:10 -07:00
kevgliss
c2387dc120
Fixes an issue where custom OIDs would clear out san extensions
2016-04-07 10:29:08 -07:00
kevgliss
dbc4964e94
Fixing an issue were metrics would not be sent
2016-04-05 10:23:33 -07:00
kevgliss
62d03b0d41
Closes #216
2016-04-01 16:54:33 -07:00
kevgliss
b5a4b293a9
Merge pull request #270 from kevgliss/248
...
Closes #248
2016-04-01 14:28:52 -07:00
kevgliss
bfcfdb83a7
Closes #195
2016-04-01 14:27:57 -07:00
kevgliss
4ccbfa8164
Closes #248
2016-04-01 13:29:08 -07:00
kevgliss
2cde7336dc
Closes #263
2016-04-01 13:01:56 -07:00
kevgliss
3ceb297276
Merge pull request #267 from kevgliss/261
...
Closes #261
2016-04-01 10:12:10 -07:00
kevgliss
5958bac2a2
Merge pull request #265 from kevgliss/257
...
Closes #257
2016-04-01 10:11:32 -07:00
kevgliss
47891d2953
Closes #261
2016-04-01 09:58:19 -07:00
kevgliss
939194158a
Closes #257
2016-04-01 09:49:44 -07:00
kevgliss
576265e09c
Closes #246
2016-04-01 09:19:36 -07:00
Mike Grima
ba666ddbfa
Removed deprecated auth api endpoint.
2016-02-16 15:04:53 -08:00
kevgliss
ac1f493338
version bump
2016-02-05 13:12:21 -08:00
kevgliss
e8e7bdf9e0
adding changelog
2016-02-05 13:00:59 -08:00
kevgliss
028d86c0bb
Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True.
2016-01-29 12:45:18 -08:00
kevgliss
f8b6830013
Merge pull request #239 from kevgliss/228-filter-values
...
Fixing documentation for filter format
2016-01-29 11:54:13 -08:00
kevgliss
2ba48995fe
Fixing documentation for filter format
2016-01-29 11:47:16 -08:00
kevgliss
3cc8ade6d8
associating new authorities with the owner roles
2016-01-29 10:59:04 -08:00
kevgliss
39c9a0a299
Merge pull request #237 from kevgliss/218_password_regex
...
relaxing keystore password validation
2016-01-29 10:37:49 -08:00
kevgliss
3ad317fb6d
Merge pull request #236 from kevgliss/migration_script_fixups
...
Removing per 2.0 migration scripts
2016-01-29 10:30:41 -08:00
kevgliss
bd46440d12
relaxing keystore password validation
2016-01-29 10:29:04 -08:00
kevgliss
9f8f64b9ec
removing pre 2.0 migration scripts, and adding documentation for correct path during init
2016-01-29 09:22:12 -08:00
kevgliss
1e524a49c0
making 'replacements' a non-require attribute for importing. Closes #226
2016-01-29 09:02:51 -08:00
Edward Barker
b36e72bfcc
Minor spelling fix
...
Using the possessive “Your” rather than “You’re” in “Your passphrase
is:”
2016-01-12 22:04:42 -08:00
kevgliss
48f8b33d7d
Adding a rolling metric count
2016-01-11 15:26:32 -08:00
kevgliss
d87ace8c89
Merge pull request #211 from kevgliss/hotfix
...
fixing an issue were urllib does not like unicode
2016-01-11 10:38:45 -08:00
kevgliss
b1326d4145
fixing an issue were urllib does not like unicode
2016-01-11 10:31:58 -08:00
kevgliss
7c2862c958
Merge pull request #210 from kevgliss/hotfix
...
Fixes an assumption that 'subAltNames' are always passed to the API.
2016-01-11 09:08:38 -08:00
kevgliss
0a4f5ad64d
Fixing an assumption that 'subAltNames' are always passed to the API.
2016-01-10 17:33:19 -08:00
kevgliss
c617a11c55
Merge pull request #209 from kevgliss/migrate_chain
...
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:37:29 -08:00
kevgliss
053167965a
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:20:36 -08:00
kevgliss
a7ac45b937
Merge pull request #206 from kevgliss/syncing
...
Fixing issue where we were seeing AWS API errors due to certificates …
2016-01-08 16:39:51 -08:00
kevgliss
5482bbf4bd
Fixing issue where we were seeing AWS API errors due to certificates not having private keys and could not be uploaded or 'synced'
2016-01-07 13:42:46 -08:00
Robert Picard
a1395a5808
Fix how the provider settings are passed to Satellizer
2016-01-05 17:26:09 -08:00
kevgliss
685e2c8b6d
fixing typo
2016-01-05 09:40:53 -08:00
kevgliss
967c7ded8d
Improving documentation layout
2015-12-31 11:12:56 -08:00
kevgliss
d6917155e8
Fixing tests
2015-12-30 15:32:01 -08:00
kevgliss
3f024c1ef4
Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5
2015-12-30 15:11:08 -08:00
kevgliss
9b166fb9a9
version bump
2015-12-30 09:15:11 -08:00
kevgliss
ca82b227b9
0.2.1 release info
2015-12-30 09:11:19 -08:00
Matthias Hähnel
8bb9a8c5d1
Define ACTIVE_PROVIDERS in default config
...
The configuration item ACTIVE_PROVIDERS must be initialized
Workaround for this error:
2015-12-30 13:58:48,073 ERROR: Internal Error [in /www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py:299]
Traceback (most recent call last):
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 462, in wrapper
resp = resource(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask/views.py", line 84, in view
return self.dispatch_request(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 572, in dispatch_request
resp = meth(*args, **kwargs)
File "/www/lemur/lemur/auth/views.py", line 276, in get
for provider in current_app.config.get("ACTIVE_PROVIDERS"):
TypeError: 'NoneType' object is not iterable
2015-12-30 14:56:59 +01:00
kevgliss
00cb66484b
Merge pull request #188 from kevgliss/csr
...
Adding the ability to submit a third party CSR
2015-12-29 12:11:11 -08:00
kevgliss
cabe2ae18d
Adding the ability to issue third party created CSRs
2015-12-29 10:49:33 -08:00
kevgliss
3b5d7eaab6
More Linting
2015-12-27 18:08:17 -05:00
kevgliss
aa2358aa03
Fixing linting
2015-12-27 18:02:38 -05:00
kevgliss
a7decc1948
Fixing some issues with dynamically supporting multiple SSO providers
2015-12-27 17:54:11 -05:00
Robert Picard
60856cb7b9
Add an endpoint to return active authentication providers
...
This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
2015-12-22 18:03:56 -05:00
Robert Picard
350d013043
Add Google SSO
...
This pull request adds Google SSO support. There are two main changes:
1. Add the Google auth view resource
2. Make passwords optional when creating a new user. This allows an admin
to create a user without a password so that they can only login via Google.
2015-12-22 13:44:30 -05:00
kevgliss
6211b126a9
Fixing py3 syntax error
2015-12-18 11:01:08 -05:00
kevgliss
54c3fcc72a
Adding rotate command
2015-12-17 23:17:27 -05:00
kevgliss
b8c2d42cad
Closes #176
2015-12-17 14:52:20 -08:00
kevgliss
2896ce0dad
Closes #172
2015-12-16 08:18:01 -08:00
kevgliss
29bcde145c
0.2.1 release
2015-12-14 10:42:51 -08:00
kevgliss
6d17e4d538
Fixing templates
2015-12-04 09:51:38 -08:00
kevgliss
de9478a992
Disabling one-time binding
2015-12-03 16:57:37 -08:00
kevgliss
78037dc9ec
Fixing the startup port
2015-12-02 17:13:52 -08:00
kevgliss
041382b02f
Version bump
2015-12-02 14:53:46 -08:00
kevgliss
aa18b88a61
Making the notification email template cleaner
2015-12-01 17:13:43 -08:00
kevgliss
b1e842ae47
Merge pull request #162 from kevgliss/160-startup
...
Closes #160
2015-12-01 10:08:03 -08:00
kevgliss
e2524e43cf
adding exports
2015-12-01 09:44:41 -08:00
kevgliss
6aac2d62be
Closes #160
2015-12-01 09:40:27 -08:00
kevgliss
95e2636f23
Updating docs
2015-12-01 09:15:53 -08:00
kevgliss
11f2d88b16
Adding current migration files.
2015-11-30 15:43:38 -08:00
kevgliss
c3091a7346
Adding missing files.
2015-11-30 14:08:17 -08:00
kevgliss
9cadebcd50
adding example requests
2015-11-30 13:51:27 -08:00
kevgliss
f194e2a1be
Linting
2015-11-30 10:24:53 -08:00
kevgliss
ec896461a7
Adding final touches to #125
2015-11-30 09:47:36 -08:00
kevgliss
8eeed821d3
Adding UI elements
2015-11-27 13:27:14 -08:00
kevgliss
920d595c12
Initial work on #125
2015-11-25 14:54:08 -08:00
kevgliss
1c6e9caa40
Closes #144
2015-11-24 16:07:44 -08:00
kevgliss
d6b3f5af81
Closes #122
2015-11-24 14:53:22 -08:00
kevgliss
e14eefdc31
Added the ability to find an authority even if a user only types the name in and does not select it.
2015-11-23 16:41:31 -08:00
kevgliss
f0324e4755
Merge pull request #148 from kevgliss/120-error-length
...
Closes #120
2015-11-23 15:25:30 -08:00
kevgliss
00f0f957c0
Lint again
2015-11-23 15:13:18 -08:00
kevgliss
9c652d784d
Merge pull request #143 from kevgliss/requirements
...
Updating requirements
2015-11-23 14:59:31 -08:00
kevgliss
eb2fa74661
Fixing test
2015-11-23 14:49:05 -08:00
kevgliss
146c599deb
Lint cleanup
2015-11-23 14:47:34 -08:00
kevgliss
574c4033ab
Closes #120
2015-11-23 14:30:23 -08:00
kevgliss
eb0f6a04d8
Closes #140
2015-11-23 10:43:07 -08:00
kevgliss
df4364714e
Closes #139
2015-11-23 09:53:55 -08:00
Ryan Clough
2073090628
Use american english for consistency
2015-10-28 19:39:10 -07:00
kevgliss
0453afcb0e
Fixing issuer where roles were not added correctly to user.
2015-10-26 10:59:20 -07:00
kevgliss
4b968a9474
Adding aes - fernet migration
2015-10-23 16:47:17 -07:00
Robert Picard
40eb950e94
Use MultiFernet for encryption
...
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.
Fixes #117 and #119 .
2015-10-13 16:58:58 -07:00
Robert Picard
2fc6d4cd21
Fix a handful of typos in documentation
...
As I was reading through the docs I made note of grammar issues and
typos I saw. Not a huge deal but might as well fix what I noticed.
2015-10-06 15:05:05 -07:00
kevgliss
a20726a301
Fixing python 3.x syntax error
2015-10-06 13:11:24 -07:00
kevgliss
39727a1c9f
Fixing tests
2015-10-06 13:00:06 -07:00
kevgliss
168f46a436
Adding the ability to track a certificates signing key algorithm
2015-10-06 12:51:59 -07:00
kevgliss
798a6295ee
Fixes destination stat
2015-10-06 09:43:31 -07:00
kevgliss
63b7b71b49
adding clipboard functionality
2015-10-05 16:06:56 -07:00
kevgliss
9965af9ccd
fixing links, and adding zeroclipboard
2015-10-05 09:48:52 -07:00
kevgliss
867be09e29
more double quotes
2015-10-05 09:24:11 -07:00
kevgliss
8362a92898
fixing double quotes
2015-10-05 09:19:14 -07:00
kevgliss
162482dbc4
Adding ui router and perma links to certificates and authorities
2015-10-05 09:00:51 -07:00
kevgliss
2187898494
adding copy and a better profile picture for non-sso users
2015-10-02 15:36:50 -07:00
kevgliss
d4bc6ae7a1
Fixes #105
2015-10-02 13:46:13 -07:00
kevgliss
5cfa9d4bc5
description should be optional
2015-09-29 16:37:32 -07:00
kevgliss
7ebd0bf5d4
making fields required
2015-09-24 08:42:31 -07:00
kevgliss
06a69c09a0
Fixing a bug where notifications associated during certificate creation would not be respected.
2015-09-22 13:01:05 -07:00
kevgliss
be6a5b859e
adding notification example
2015-09-22 09:46:54 -07:00
Eric Mill
baef329a4d
Rename SSL to TLS
2015-09-21 18:16:19 -04:00
Eric Mill
a3385bd2ac
Rename SSL to TLS
2015-09-21 18:15:25 -04:00
kevgliss
fc0a884d5f
Cleaning up unneed/unused files
2015-09-20 09:49:16 -07:00
kevgliss
ef72de89b3
Minor fixes
2015-09-18 15:50:59 -07:00
kevgliss
a563986ce4
fixing an error where dates components were not replaced in logical order
2015-09-16 11:10:09 -07:00
kevgliss
d3cf273a45
Merge pull request #72 from kevgliss/docker
...
[WIP] Docker
2015-09-11 15:36:25 -07:00
kevgliss
25f652c1eb
fixing merge conflict
2015-09-11 08:38:48 -07:00
kevgliss
7f119e95e1
making the verisign urls more generic
2015-09-11 08:27:34 -07:00
kevgliss
1e314b505f
fixing keyerror
2015-09-08 18:18:14 -07:00
kevgliss
ef9a80ebfd
adding actual recipients
2015-09-08 18:03:18 -07:00
kevgliss
84d0afae4c
fixing email internvals
2015-09-08 17:56:20 -07:00
kevgliss
48a53ad436
fixing error in default password creation
2015-09-08 17:42:57 -07:00
kevgliss
2f4aee49e2
adding logging
2015-09-08 10:56:23 -07:00
kevgliss
f3f5b9eeb3
adding password commandline option
2015-09-08 10:56:23 -07:00
kevgliss
8ab9c06778
removing more netflix
2015-09-04 15:54:52 -07:00
kevgliss
0afd4c94b4
removing more netflix
2015-09-04 15:54:02 -07:00
kevgliss
aaae4d5a1f
unifying lemur defaults
2015-09-04 15:52:56 -07:00
kevgliss
9da713ab06
cleaning up references to netflix
2015-09-04 15:29:57 -07:00
kevgliss
160eaa6901
Fixing issue with expiration emails not being sent
2015-09-04 09:24:55 -07:00
kevgliss
180c8228e1
adding verisign source
2015-09-02 14:37:07 -07:00
kevgliss
089c0b2b1b
Merge pull request #68 from kevgliss/crons
...
Crons
2015-09-02 09:35:46 -07:00
kevgliss
3b109ec578
Cleaning up temporary file creation, and revocation checking
2015-09-02 09:19:06 -07:00
kevgliss
45158c64a2
cleaning up temporary file creation
2015-09-02 09:19:06 -07:00
kevgliss
a350940cd1
Adding command to fetch and publish verisign units
2015-09-02 09:19:06 -07:00
kevgliss
efec79d8de
removing silly description validation from lemur and enforcing it on the cloudca plugin (who actually cares)
2015-09-02 09:15:12 -07:00
kevgliss
62950128a2
Adding a better error message for really long common names Fixes #38
2015-09-02 09:15:11 -07:00
kevgliss
aca69ce03c
Closes #53
2015-09-02 09:15:11 -07:00
kevgliss
bf8ce354e5
Closes #55
2015-09-02 09:13:47 -07:00
kevgliss
8d09d865b1
Closes #57
2015-09-02 09:13:47 -07:00
kevgliss
480078da42
Removing str casting for role permission
2015-09-01 14:15:40 -07:00
kevgliss
46a5355377
Allows authorities to have editable owners and descriptions
2015-09-01 14:15:40 -07:00
kevgliss
3fb226ec11
Merge pull request #64 from kevgliss/validation
...
Validation of common name field
2015-08-29 14:01:31 -07:00
kevgliss
7471984ecf
removing silly description validation from lemur and enforcing it on the cloudca plugin (who actually cares)
2015-08-29 13:57:07 -07:00
kevgliss
df9b345541
Adding a better error message for really long common names Fixes #38
2015-08-29 13:57:07 -07:00
kevgliss
a484a6e24d
Closes #53
2015-08-29 13:07:30 -07:00
kevgliss
a7fd74396c
Merge pull request #61 from kevgliss/editOwner
...
Closes #55
2015-08-29 12:09:09 -07:00
kevgliss
8977c5ddbf
Ensuring notifications follow owner
2015-08-29 12:02:50 -07:00
kevgliss
f492e9ec1b
Closes #55
2015-08-29 11:53:46 -07:00
kevgliss
03e2991ced
Closes #57
2015-08-29 11:48:39 -07:00
kevgliss
80136834b5
Merge pull request #59 from kevgliss/cleanup
...
Cleanup
2015-08-29 10:30:03 -07:00
kevgliss
3b2f71cc8a
Merge pull request #58 from kevgliss/configBasedNames
...
Adding ability to define distinguished names in config
2015-08-29 10:23:21 -07:00
kevgliss
783acf6d8c
Removing Meechum specific code
2015-08-29 10:11:03 -07:00
Jeremy Heffner
53ce9cac4c
Fix a typo, add a typo
2015-08-27 15:55:39 -07:00
Jeremy Heffner
51800d5e4b
Added better error handling
...
Added a "dry run" option
2015-08-27 15:48:49 -07:00
Jeremy Heffner
627b36d2a5
Adding method to get existing listeners
2015-08-27 15:45:00 -07:00
kevgliss
70ccd137e1
removing netflix specific code from auth flow
2015-08-27 13:09:02 -07:00
kevgliss
9a04371680
Adding ability to define distinguished names in config
2015-08-27 12:59:40 -07:00
kevgliss
f799ff3af1
Seeing if using decode explicity this helps py3 problem
2015-08-24 20:10:03 -07:00
Jeremy Heffner
6db1d0b031
fixing unicode support
2015-08-24 16:37:24 -07:00
Jeremy Heffner
d599aaa410
Updating to handle unicode in python 2 and 3$
...
added retry with backoff for the SSL cert to show up after it is added (CAP, ftw)$
2015-08-24 16:17:04 -07:00
Jeremy Heffner
09bc79ef84
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-24 12:18:40 -07:00
Jeremy Heffner
6e39a1e666
Finished glue code to push ELBs.
2015-08-24 12:18:15 -07:00
kevgliss
75de814b15
Adding new verisign error
2015-08-24 09:43:30 -07:00
kevgliss
b4c348aef7
switching out default orgname
2015-08-24 09:41:03 -07:00
kevgliss
45c442000e
Fixing some unfortunate casting that prevent creators from viewing/updating their certs
2015-08-22 10:56:15 -07:00
kevgliss
a07db5625b
Fixing an issue were extensions were implicitly required
2015-08-22 10:22:36 -07:00
kevgliss
4b7a55c89f
Fixing issue with a certificate with no role not being viewable
2015-08-21 16:08:53 -07:00
Jeremy Heffner
3ff5cdf43f
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-21 14:29:03 -07:00
Jeremy Heffner
dbfd6b1e17
Fixing this so it pulls the named option
2015-08-21 13:09:29 -07:00
kevgliss
d62f57eab3
Fixing an issue with futures, unicode and b64 not being able to handle the unicode values
2015-08-20 15:49:08 -07:00
Jeremy Heffner
96c3ab7f9d
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-20 15:46:11 -07:00
Jeremy Heffner
38ebeab163
Refactoring.. with pep8 fixes
2015-08-20 15:45:53 -07:00
Jeremy Heffner
fcfaa21a24
Refactoring
2015-08-20 15:45:42 -07:00
kevgliss
0f0d11a828
Merge pull request #45 from kevgliss/authByOwner
...
Fixes #35
2015-08-19 18:08:55 -07:00
kevgliss
6b2da2fe6b
Fixes #35
2015-08-19 18:05:18 -07:00
kevgliss
cbcc8af3bd
Fixing bug were domains would not have correct pagination
2015-08-19 16:42:56 -07:00
Jeremy Heffner
ab7b0c442c
provisionelb creates certs. needs some cleanup and the rest of the glue
2015-08-19 16:10:45 -07:00
kevgliss
b00917aa60
Ensure there are no accidental newlines when fetching the ENCRYPTION_KEY
2015-08-19 15:46:10 -07:00
kevgliss
b96af3a1f1
Editing footer text
2015-08-19 10:10:19 -07:00
kevgliss
28e12a973f
Misc fixed around certificate notifications
2015-08-19 10:07:22 -07:00
kevgliss
c6747439fb
Misc fixed around certificate syncing
2015-08-18 16:17:20 -07:00
kevgliss
f09f5eb0f1
Fixing issue with creating roles
2015-08-17 22:51:29 -07:00
kevgliss
dd607e5c07
Making CLOUDCA_API_ENDPOINT configurable
2015-08-17 17:09:31 -07:00
kevgliss
eb55d5465f
Making LEMUR_DEFAULT_SECURITY_EMAIL optional
2015-08-17 16:03:57 -07:00
kevgliss
500b212a25
Adding a few default expiration intervals
2015-08-17 15:49:16 -07:00
kevgliss
bfcbd1b065
Fixes issue where client authentication was not displaying in the UI
2015-08-11 15:43:59 -07:00
kevgliss
32ef793c4d
Switch to relying on the configuration key in the configuration file
2015-08-08 16:12:29 -07:00
kevgliss
63b1babf7b
Fixing a few syntax errors
2015-08-03 21:16:55 -07:00
kevgliss
fc68552d0f
Making Lemur py3 compatible
2015-08-03 21:07:28 -07:00
kevgliss
888e75e7f7
Fixing tests
2015-08-03 16:15:59 -07:00
kevgliss
710b4d45bc
Allowing notifications to be marked as in-active
2015-08-03 16:10:00 -07:00
kevgliss
a873e5c7ea
Lots of minor fixes
2015-08-03 15:52:39 -07:00
kevgliss
7d169f7c4c
Fixing up some of the sync related code
2015-08-03 13:51:27 -07:00
kevgliss
0360ccc666
Cleaning up some documentation
2015-08-03 09:49:33 -07:00
kevgliss
cdb3814469
Fixing notification deduplication and roll up
2015-08-02 09:14:27 -07:00
kevgliss
c9e9a9ed7c
Fixing upload description
2015-08-02 07:45:10 -07:00
kevgliss
02b717dd7c
Fixing upload, and removing old unneeded code
2015-08-02 05:57:26 -07:00
kevgliss
e61de4578e
Ensuring that default notifications are made based on app configuration during app initialization
2015-08-02 05:10:50 -07:00
kevgliss
aef1587635
Adding default notifications
2015-08-01 19:08:46 -07:00
kevgliss
b2a4219a0f
Removing AWS bootstrapping
2015-08-01 18:33:31 -07:00
kevgliss
e7e6a99ff4
Adding more source syncing logic
2015-08-01 18:31:38 -07:00
kevgliss
46652ba117
Purging ELB and Listener specific models
2015-08-01 15:47:14 -07:00
kevgliss
abf21d2931
Adding in frontend javascript for sources
2015-08-01 15:37:47 -07:00
kevgliss
e247d635fc
Adding backend code for sources models
2015-08-01 15:29:34 -07:00
kevgliss
c5a6a0570a
adding link to python packaging documentation
2015-07-31 19:02:44 -07:00
kevgliss
d3b0822e14
updating docs with new API endpoints and plugin information
2015-07-30 22:54:59 -07:00
kevgliss
2e1abdd2f1
Fixing tests and pinning versions
2015-07-29 21:54:29 -07:00
kevgliss
79353c142a
Pleasing jshint gods
2015-07-29 19:24:05 -07:00
kevgliss
1e748a64d7
Initial support for notification plugins closes #8 , closes #9 , closes #7 , closes #4 , closes #16
2015-07-29 17:13:06 -07:00
kevgliss
7d8cac6605
Adding support for SMTP emails
2015-07-23 13:46:54 -07:00
kevgliss
c02390d63b
PEP8
2015-07-23 09:08:07 -07:00
kevgliss
017eab6e39
Adding tests to AWS plugin
2015-07-23 08:52:56 -07:00
kevgliss
a4ed83cb62
Refactoring out challenge
2015-07-23 08:52:30 -07:00
kevgliss
49c7421591
More test fixes
2015-07-22 20:32:29 -07:00
kevgliss
412d2a1bbe
adding testing conf
2015-07-22 10:53:35 -07:00
kevgliss
8d576aa3d8
Fixing tests
2015-07-22 10:51:55 -07:00
kevgliss
a826bd16f7
Pleasing the JSHint gods
2015-07-21 13:36:03 -07:00
kevgliss
c75e20a1ea
Pleasing the PEP8 gods
2015-07-21 13:06:13 -07:00
kevgliss
309590fb6b
Removing unneeded directory
2015-07-21 09:50:33 -07:00
kevgliss
9c0f2917ad
Merge branch 'master' into ci
...
* master:
Fixed issue where hardcoded localhost:port combination existed in Javascript, added another step to setup.py 'package' that removes such instances and creates a more agnostic javascript blob.
Fixing issue where nginx was not sending the right mimetype for CSS files.
Conflicts:
gulp/build.js
2015-07-20 16:53:58 -07:00
kevgliss
c89dff7994
Getting travisCI setup
2015-07-20 16:13:42 -07:00
kevgliss
5ce3f9427b
Fixed issue where hardcoded localhost:port combination existed in Javascript, added another step to setup.py 'package' that removes
...
such instances and creates a more agnostic javascript blob.
2015-07-19 19:04:42 -07:00
kevgliss
a30a8481d0
Adding support for multiple plugin types.
2015-07-10 17:09:22 -07:00
kevgliss
c79905cd92
Refactoring views to use modals for create/edit instead of their own pages.
2015-07-10 17:08:39 -07:00
kevgliss
1e902750c3
Adding destination javascript controllers and partials.
2015-07-10 17:07:41 -07:00
kevgliss
0c7204cdb9
Refactored 'accounts' to be more general with 'destinations'
2015-07-10 17:06:57 -07:00
kevgliss
b26de2b000
Adding support for marshaling bare lists.
2015-07-10 17:03:28 -07:00
kevgliss
76049b4ff1
Fixing how we feed a list of destinations to be saved.
2015-07-10 17:02:23 -07:00
kevgliss
5476547e74
Simplifiying SAN identification.
2015-07-08 16:45:19 -07:00
kevgliss
601d80388f
Adding links to the roles that Authorities are associated with.
2015-07-08 16:44:48 -07:00
kevgliss
0ed3918113
Changing default as 'State' cannot be abbreviated in a CSR
2015-07-08 16:44:06 -07:00
kevgliss
67dc12347e
Removing verisign specific frontend code, we also give some more hints to user on how to make SAN certificates.
2015-07-08 16:42:57 -07:00
kevgliss
bc6202adf7
Refactoring out static methods and removing the old SHA1 intermediate certificates.
2015-07-08 16:41:45 -07:00
kevgliss
1a2e437b33
Factoring out 'dry' run. This doesn't really make sense to have as we don't have a concept of a pre-flight request. Plugin tests should mock out their particular dependencies.
2015-07-08 16:40:46 -07:00
kevgliss
5156371913
Modify the naming structure for certificates. AWS is pretty picky about what is a valid name.
2015-07-08 16:39:00 -07:00
kevgliss
002f83092d
Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.
2015-07-08 16:37:48 -07:00
kevgliss
f660450043
Aligning config variables
2015-07-07 17:23:46 -07:00
kevgliss
8239aa55e1
fixing conflicts
2015-07-07 16:26:37 -07:00
kevgliss
82c4be29a4
fixing merge conflict
2015-07-07 15:36:39 -07:00
kevgliss
a7d20cb3a5
fixing conflict
2015-07-07 15:33:29 -07:00
kevgliss
6d384f342f
adding test utils
2015-07-07 15:32:55 -07:00
kevgliss
c59bf3f257
Fixing tests
2015-07-06 10:53:12 -07:00
kevgliss
737d4d62d4
Merge pull request #15 from kevgliss/master
...
General cleanup and hotfixes
2015-07-04 12:57:17 -07:00
kevgliss
b04fb471e9
Ensuring that path to to the default config is correct regardless of how the app was started.
2015-07-04 12:55:28 -07:00
kevgliss
277599f0e5
fixing an a small typo
2015-07-04 12:50:41 -07:00
kevgliss
3f49bb95ff
Starting to move to new plugin architecture.
2015-07-04 12:47:57 -07:00
kevgliss
b17e12bed4
Doc fix
2015-07-03 12:59:48 -07:00
kevgliss
95bab9331d
Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir.
2015-07-03 10:30:17 -07:00
kevgliss
8cbc6b8325
Initial work at removing openssl
2015-07-02 15:48:56 -07:00
Kevin Glisson
7123e77edf
Extending certificate tests.
2015-07-02 15:48:56 -07:00
Kevin Glisson
9def00d1a2
Adding basic authority tests.
2015-07-02 15:48:56 -07:00
Kevin Glisson
bc0f9534c2
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-07-02 15:48:56 -07:00
Kevin Glisson
096d88bc9b
Ensuring a 404 is returned when we can't find the specified certificate
2015-07-02 15:48:56 -07:00
Kevin Glisson
7ab3e27c79
Starting add certificate tests
2015-07-02 15:48:56 -07:00
Kevin Glisson
57ec9c068a
Adding role tests
2015-07-02 15:48:55 -07:00
Kevin Glisson
9f20880615
Adding domain module tests
2015-07-02 15:48:55 -07:00
Kevin Glisson
8a6abc6f82
Adding for handling proxy-based errors
2015-07-02 15:48:55 -07:00
Kevin Glisson
6b5383633d
Removing duplicated commit
2015-07-02 15:48:55 -07:00
Kevin Glisson
6aa1a12ef6
Removing netflix specific role
2015-07-02 15:48:55 -07:00
Kevin Glisson
bea8e6f2a3
Adding more tests to the accounts model
2015-07-02 15:48:55 -07:00
Kevin Glisson
f28d3a54c5
API change in cryptography
2015-07-02 15:48:55 -07:00