Commit Graph

3573 Commits

Author SHA1 Message Date
Curtis
425a07e988
Merge branch 'master' into destination-tpl-fix 2018-12-18 12:27:35 -08:00
Curtis
388699be7c
Merge pull request #2204 from rmoesbergen/master
Bugfix: Prevent 'unserializable' error for unknown SAN types
2018-12-18 12:27:15 -08:00
Curtis
513e876e2e
Merge branch 'master' into master 2018-12-18 12:18:38 -08:00
Curtis
04681d9e1e
Merge pull request #2227 from sirferl/cli-repair-query
updated query to ignore empty parameters
2018-12-18 12:18:08 -08:00
Wesley Hartford
bc621c1468 Improve the Kubernetes Destination plugin
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.

The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.

The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.

Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl
a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Wesley Hartford
060c78fd91 Fix Kubernetes Destination Plugin
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.

The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford
437d918cf7 Fix textarea and validation on destination page
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen
dcf5ce0eec
Merge branch 'master' into master 2018-12-07 13:57:59 +01:00
Curtis
afc7512914
Merge pull request #2200 from castrapel/notification_fix
Fix notification emails
2018-12-06 12:50:01 -08:00
Curtis Castrapel
da87135e02 update reqs 2018-12-06 12:29:16 -08:00
Curtis
27fdce3842
Merge branch 'master' into notification_fix 2018-12-06 12:26:51 -08:00
Curtis Castrapel
c32e20b6fc Fix notifications - Ensure that notifcation e-mails are sent appropriately 2018-12-06 12:25:43 -08:00
Ronald Moesbergen
e0ac749734 When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable") 2018-12-06 16:47:53 +01:00
Curtis
f944e6aa32
Merge pull request #2177 from castrapel/multiple_dns_providers
Prefer DNS provider with longest matching zone
2018-11-30 12:53:25 -08:00
Curtis Castrapel
2a235fb0e2 Prefer DNS provider with longest matching zone 2018-11-30 12:44:52 -08:00
Curtis
d36a51fabb
Merge pull request #2171 from castrapel/letsencrypt_fix
LetsEncrypt Celery Flow
2018-11-29 09:42:36 -08:00
Curtis Castrapel
a90154e0ae LetsEncrypt Celery Flow 2018-11-29 09:29:05 -08:00
Curtis
67b476e6d7
Merge pull request #2158 from castrapel/celery_pending
Add async call to create pending cert when needed
2018-11-28 15:22:31 -08:00
Curtis Castrapel
39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Curtis
c66c8f873e
Merge pull request #2127 from rmoesbergen/master
Add support for nested group membership in ldap authenticator
2018-11-26 12:09:37 -08:00
Ronald Moesbergen
5fc5a058b6 Add documentation for the LDAP_IS_ACTIVE_DIRECTORY setting 2018-11-20 10:51:14 +01:00
Ronald Moesbergen
da10913045 Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True 2018-11-20 10:37:36 +01:00
Ronald Moesbergen
61839f4aca Add support for nested group membership in ldap authenticator 2018-11-19 13:42:42 +01:00
Curtis
661bc9cc13
Merge pull request #2101 from castrapel/left_outer_join
Left outer join on domains tables to avoid missing results
2018-11-13 15:08:59 -08:00
Curtis
495b3fd844
Merge branch 'master' into left_outer_join 2018-11-13 14:33:51 -08:00
Curtis Castrapel
3ce8abe46e Left outer join on domains tables to avoid missing results 2018-11-13 14:33:17 -08:00
Curtis
d5bf85b3b0
Merge pull request #2099 from castrapel/count_accurate
More accurate db count functionality
2018-11-13 09:26:14 -08:00
Curtis Castrapel
92a771f5ed More accurate db count functionality 2018-11-13 09:14:21 -08:00
Curtis
9d07b6644f
Merge pull request #2092 from castrapel/no_csr_reissue
No csr reissue
2018-11-12 10:01:57 -08:00
Curtis
29be647911
Merge branch 'master' into no_csr_reissue 2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler 2018-11-12 09:52:11 -08:00
Curtis Castrapel
6f0005c78e Avoid colliding LetsEncrypt jobs 2018-11-09 10:31:27 -08:00
Curtis
de1c2fc500
Merge pull request #2062 from castrapel/optimize_filter_queries
Optimize certificate filtering by name
2018-11-08 08:40:01 -08:00
Curtis Castrapel
1643650685 Changing essential part of query 2018-11-07 16:02:04 -08:00
Curtis Castrapel
08a2a2b0e5 Optimize certificate filtering by name 2018-11-07 15:34:25 -08:00
Curtis
a2b22a7d09
Merge pull request #2041 from castrapel/unpin_dependencies_fix_moto
Unpin most dependencies, and fix moto
2018-11-05 15:23:59 -08:00
Curtis Castrapel
a3f96b96ee Add fixture to failing function 2018-11-05 15:16:09 -08:00
Curtis Castrapel
75183ef2f2 Unpin most dependencies, and fix moto 2018-11-05 14:37:52 -08:00
Curtis
8e3f9a3c5a
Merge pull request #2037 from castrapel/db_optimize_select
Add new gin index to optimize ILIKE queries
2018-11-05 13:32:37 -08:00
Curtis Castrapel
b9f511ed02 Updat email on travisci 2018-11-05 13:19:22 -08:00
Curtis Castrapel
61738dde9e Run query on DB 2018-11-05 13:15:53 -08:00
Curtis Castrapel
73e4396edd Enable on all schemas 2018-11-05 12:58:39 -08:00
Curtis Castrapel
bb36d0e0fa Add semicolon 2018-11-05 12:47:05 -08:00
Curtis Castrapel
0b697b9d53 Adding travis declaration for pg_trgm extension 2018-11-05 12:19:49 -08:00
Curtis Castrapel
b6cc8180fe downgrade flake8 2018-11-05 11:20:11 -08:00
Curtis Castrapel
52e773230d Add new gin index to optimize ILIKE queries 2018-11-05 10:29:11 -08:00
Curtis
baa73c7f3e
Merge pull request #1946 from castrapel/safer_reissue
safer reissue, fix celery sync job
2018-10-29 14:41:43 -07:00