Commit Graph

231 Commits

Author SHA1 Message Date
Marti Raudsepp 7762d6ed52 Reworked sensitive domain name and restriction logic (#878)
* This is a fix for a potential security issue; the old code had edge
  cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
  is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
  CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
  be valid domain names.
2017-08-16 19:24:49 -07:00
kevgliss 7507f6be50 Updating documentation (#849) 2017-07-05 20:17:19 -07:00
Asbjørn Kjær 35cc7ef8d7 Adding support for private DigiCert certificates (#835) 2017-06-14 09:20:24 -07:00
Henry Megarry 31f4cf0253 adding url context path to html templates (#814) 2017-05-25 10:20:32 -07:00
Arthur Lutz 97dceb5623 fixed typo in supervisord example config (#790) 2017-05-12 09:18:32 -07:00
marc-sensenich 23b6df536f Fix Minor Typo in index.rst (#793)
Changed LEMUR_DEFAUTL_ORGANIZATION to LEMUR_DEFAULT_ORGANIZATION
2017-05-12 09:17:52 -07:00
csv7 381cd2e1ff Updated apache config (#776)
You guys asked for one that worked... It took me a little while to tweak, esp. since I'm not a guru with python.  The comment about needing mod_wsgi isn't true, unless you want to run lemur as a cgi program... I suspect that's from an older version that ran as cgi and not as a standalone webserver.
2017-05-04 08:45:55 -07:00
kevgliss 2a2d5a5583 Adding an example digicert url. Closes #700. (#775) 2017-05-01 10:59:49 -07:00
kevgliss 6367a98134 Creating a user named 'lemur' in postgres (#773)
Creating a user named 'lemur' in postgres
2017-04-28 15:31:08 -07:00
Rick Breidenstein 0bbe2b0331 config LEMUR_MAIL to LEMUR_EMAIL (#772)
I referenced https://github.com/Netflix/lemur/blob/master/lemur/plugins/lemur_email/plugin.py and it appears this configuration option should be "LEMUR_EMAIL"
2017-04-28 15:01:21 -07:00
Paul Van de Vreede 989e3733a2 Add docker setup for running tests on a docker enabled dev environment. (#771) 2017-04-28 09:28:06 -07:00
Paul Van de Vreede 604cd60dbe Return correct intermediate certificate on digicert creation. (#762)
This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
2017-04-27 09:14:20 -07:00
Michael Treacher f90076abe9 Update index.rst (#754)
Seems the api for these actions have changed. Thought I would update the documentation around this. Let me know if I've misunderstood something.
2017-04-19 16:06:32 -07:00
Rick Breidenstein 221851abc1 supervisor ; cause services not to start (#744)
the ; in the supervisor/conf.d/app.conf file cause the service not to start.
2017-04-06 09:21:13 -07:00
Brint O'Hearn e18a188723 Spell fixes in docs (#740) 2017-03-30 21:09:30 -07:00
Henry Megarry dd39b9ebe8 adding url context path to build, adding documentation on url contextpath (#737) 2017-03-28 15:21:13 -07:00
Jason Spriggs 15896a3b11 Fix spelling error in LEMUR_DEFAULT_COUNTRY (#734) 2017-03-22 15:49:16 -07:00
Rick Breidenstein a4707c5fc9 added a few steps (#731)
Added a few steps that are needed during the install on a fresh Ubuntu image
2017-03-18 21:36:26 -07:00
Rick Breidenstein 7b4d31d4f6 added steps for loading custom plugin (#725)
* added steps for loading custom plugin

added steps for loading a custom plugin into Lemur once the files have been put into place (/www/lemur/lemur/plugins/) and the setup.py file (/www/lemur/setup.py) has been modified.

* updated __init__.py section


except Exception as e:
2017-03-14 09:30:22 -07:00
Rick Breidenstein 522e182694 added python3-dev to dependencies (#724)
make release fails without it
2017-03-13 15:45:10 -07:00
Rick Breidenstein 6c8a6620d2 specify python3 when creating virtualenv (#723)
Lemur is developed against Python3.5. If you do not specify the Python version it is possible the virtualenv will be built on a different version.
2017-03-13 13:58:44 -07:00
kevgliss a4068001a3 Updating docs to align with normal deployment. (#718) 2017-03-12 15:01:21 -07:00
Nevins 0326e1031f adding generic OAuth2 provider (#685)
* adding support for Okta Oauth2

* renaming to OAuth2

* adding documentation of options

* fixing flake8 problems
2017-02-03 10:36:49 -08:00
kevgliss 9f6ad08c50 Updating hooks. (#660) 2017-01-18 14:16:31 -08:00
Marti Raudsepp b327963925 Plugin base classes: update method signatures & fix raise (#598)
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.

Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"

Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
Marti Raudsepp 71ddbb409c Minor documentation fixes/tweaks (#597)
Mostly typos, grammar errors and inconsistent indentation in code
examples.

Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
2016-12-14 09:29:04 -08:00
kevgliss fbcedc2fa0 Specifying a recommended postgres version (#592) 2016-12-13 11:22:10 -08:00
kevgliss a40bc65fd4 Default authority. (#549)
* Enabling the specification of a default authority, if no default is found then the first available authority is selected

* PEP8

* Skipping tests relying on keytool
2016-12-01 15:42:03 -08:00
kevgliss f141ae78f3 Typo. (#485) 2016-11-10 14:40:59 -08:00
kevgliss 89470a0ce0 Adding default validity and retry logic. (#483) 2016-11-10 11:23:37 -08:00
kevgliss 25a6c722b6 Adding digicert documentation. (#480) 2016-11-08 14:56:05 -08:00
Neil Schelly f990f92977 Fixing typo in documentation for LEMUR_DEFAULT_ORGANIZATIONAL_UNIT spelling (#467) 2016-10-27 20:26:28 -07:00
Charles Hendrie cd9c112218 Implement a CFSSL issuer plugin (#452)
* Implement CFSSL issuer plugin

Implement a Lemur plugin for generating certificates from the open
source certificate authority CFSSL
(https://github.com/cloudflare/cfssl). The plugin interacts with CFSSL
through the CFSSL REST API. The CFSSL configuration is defined in the
lemur.conf.py property file using property names prefixed with "CFSSL_".

* Update documentation to include CFSSL plugin
2016-10-22 00:52:18 -07:00
kevgliss dcb18a57c4 Adds option to restrict certificate expiration dates to weekdays. (#453)
* Adding ability to restrict certificate creation to weekdays.

* Ensuring that we test for weekends.
2016-10-15 00:04:35 -07:00
JohnTheodore 35cfb50955 add variables to the documentation forwq oauth2 (#444) 2016-10-11 17:23:25 -07:00
Evan J Johnson 96674571a5 Fix a typo. UI -> API (#407) 2016-07-29 18:29:44 -07:00
kevgliss 4077893d08 Ensuring that destinations require private keys by default. (#390)
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
kevgliss a8040777b3 Upgrading plugin docs with better example. (#386) 2016-07-01 10:50:18 -07:00
kevgliss afb66df1a4 Adding plugin information to docs. (#379)
* Adding documentation about the installed plugins.

* Adding new default option.
2016-06-29 10:08:54 -07:00
kevgliss 81a6228028 Updating requirements.txt 2016-06-23 09:20:35 -07:00
kevgliss 6714595fee Fixing documentation requirement. 2016-06-22 14:04:41 -07:00
kevgliss 7c10c8dac7 adding an httpdomain version 2016-06-22 13:59:32 -07:00
kevgliss dc198fec8c Docs (#344)
* Adding release info.

* adding some fields

* Adding Source Plugin change.

* Updating docs
2016-06-03 08:28:09 -07:00
kevgliss 565d7afa92 Merge pull request #293 from kevgliss/devdocs
Fixes #291
2016-04-25 12:30:54 -07:00
kevgliss 6f9280f64a Adding gulp path 2016-04-25 12:16:33 -07:00
kevgliss 8fe460e401 Fixes #291 2016-04-25 11:34:05 -07:00
kevgliss b9fe359d23 Fixes #285 Renames sync_sources function to sync to align documentation. 2016-04-25 11:21:25 -07:00
kevgliss 169490dbec Merge pull request #268 from kevgliss/252
Closes #252
2016-04-01 10:16:10 -07:00
kevgliss 37f2d5b8b0 Closes #252 2016-04-01 10:09:28 -07:00
Luke Faraone 6c378957e9 Remove duplicate `install` in Quickstart 2016-03-01 04:12:10 +00:00
kevgliss a30b8b21e4 updating postgres login 2016-02-29 08:53:35 -08:00
kevgliss 12204852aa changeing the default port to 8000 2016-02-29 08:48:27 -08:00
kevgliss 9f8f64b9ec removing pre 2.0 migration scripts, and adding documentation for correct path during init 2016-01-29 09:22:12 -08:00
kevgliss 42e5470dd0 updating dependencies 2016-01-04 10:36:39 -08:00
Cameron Norman 86c92eb31e docs/quickstart: fix port number 2015-12-31 12:57:18 -08:00
kevgliss 967c7ded8d Improving documentation layout 2015-12-31 11:12:56 -08:00
Robert Picard 60856cb7b9 Add an endpoint to return active authentication providers
This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
2015-12-22 18:03:56 -05:00
Robert Picard c80559005f Update example supervisor configuration file
supervisord should run as root and spawn the lemur process as the lemur
user. I also added the LEMUR_CONF environment variable because it was
not reading the configuration file in by default.
2015-12-10 17:39:49 -08:00
kevgliss 4db7931aa0 clarifying upgrade process 2015-12-09 17:18:01 -08:00
kevgliss 3c2ee8fbb3 Adding export plugin docs 2015-12-02 16:04:40 -08:00
José Lopes de Oliveira Jr edbe5a254b minor changes in quickstart guide 2015-12-02 14:34:22 +00:00
kevgliss bafc3d0082 minor adjustments 2015-12-01 13:03:08 -08:00
kevgliss 308f1b44c3 Merge branch 'master' of git://github.com/forkd/lemur into forkd-master 2015-12-01 13:01:54 -08:00
kevgliss cd17789529 Removing unneeded import 2015-12-01 11:51:39 -08:00
José Lopes de Oliveira Jr bf988d89c4 updated quickstart guide 2015-12-01 19:03:17 +00:00
kevgliss 95e2636f23 Updating docs 2015-12-01 09:15:53 -08:00
kevgliss 89f7f12f92 adding version.py 2015-12-01 08:33:37 -08:00
kevgliss 3651cce542 adding automatic versioning 2015-11-30 10:43:41 -08:00
requires.io 3c60f47e3f [requires.io] dependency update 2015-11-25 14:18:01 -08:00
kevgliss 2c88e4e3ba fixing conflict 2015-11-23 16:42:14 -08:00
kevgliss 0600481a67 Updating requirements 2015-11-23 15:41:11 -08:00
Patrick Kelley 93b4ef5f17 Removing hyphen from in-active.
`inactive` is a word.  in-active is ... something else.
2015-10-29 11:54:00 -07:00
belladzaster 01a1190524 Fixing grammer 2015-10-28 19:55:08 -07:00
kevgliss 6d00cb208d Merge pull request #131 from belladzaster/master
Fixing Typos
2015-10-28 19:32:08 -07:00
belladzaster 13b9bf687d Fixing Typos 2015-10-28 18:24:31 -07:00
kevgliss cafecd1e19 Version bump and needed documentation. 2015-10-24 11:18:27 -07:00
Robert Picard 40eb950e94 Use MultiFernet for encryption
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.

Fixes #117 and #119.
2015-10-13 16:58:58 -07:00
Robert Picard 2fc6d4cd21 Fix a handful of typos in documentation
As I was reading through the docs I made note of grammar issues and
typos I saw. Not a huge deal but might as well fix what I noticed.
2015-10-06 15:05:05 -07:00
kevgliss 168f46a436 Adding the ability to track a certificates signing key algorithm 2015-10-06 12:51:59 -07:00
kevgliss 70f9022aae Merge pull request #104 from kevgliss/guide
Adding connections in user guides
2015-09-24 16:28:52 -07:00
kevgliss 9560791002 Merge pull request #99 from pandragoq/patch-1
Update index.rst
2015-09-24 14:28:06 -07:00
kevgliss ed93b5a2c5 SSL 2015-09-24 09:36:11 -07:00
kevgliss 21e4cc9f4d Adding connections in user guides 2015-09-24 09:21:08 -07:00
Igor Vuk 3e546eaa21 Fix typos in docs/administration/index.rst 2015-09-23 21:00:52 +02:00
pandragoq e70deb155d Update index.rst
Right package for postgres is postgresql in ubuntu.
2015-09-22 16:57:53 -07:00
Stacy Watts c15f525167 Fix grammar in index.rst 2015-09-22 15:33:37 -07:00
kevgliss 1559727f2d Making make build the static assets 2015-09-22 14:49:37 -07:00
kevgliss a596793a9a clearing up docs based on feedback 2015-09-22 14:18:38 -07:00
kevgliss 862bf3f619 Merge pull request #94 from kevgliss/notifications
Notifications
2015-09-22 13:37:51 -07:00
kevgliss 6a24e88d9a removing pip install instructions until available 2015-09-22 10:22:12 -07:00
pandragoq 2444191bf2 Update index.rst
Typo on nginx spelling
2015-09-21 17:43:56 -07:00
Eric Mill 3f53629175 Re 2015-09-21 18:16:40 -04:00
Eric Mill 7cb50c654b Rename SSL to TLS 2015-09-21 18:15:06 -04:00
kevgliss fc0a884d5f Cleaning up unneed/unused files 2015-09-20 09:49:16 -07:00
kevgliss bcd0aae8c6 adding additional requirements so rtd can build the documation correctly 2015-09-19 11:31:31 -07:00
kevgliss d7ca6d4327 More documentation fixes 2015-09-19 10:12:12 -07:00
kevgliss 1486e7b8f6 adding information about sub commands 2015-09-19 09:41:50 -07:00
kevgliss e73f2bcb2b setting default theme 2015-09-19 09:38:39 -07:00
kevgliss a412569ff7 aligning doc version with tagged version 2015-09-19 09:34:48 -07:00
kevgliss 13d0359041 Adding flask sphinx auto-docs 2015-09-18 17:28:48 -07:00
kevgliss ef72de89b3 Minor fixes 2015-09-18 15:50:59 -07:00
kevgliss 067122f8f4 improving docs 2015-09-14 13:46:39 -07:00
kevgliss 6a1a744eff removing duplicate route 2015-09-12 10:05:58 -07:00
kevgliss 180c8228e1 adding verisign source 2015-09-02 14:37:07 -07:00
kevgliss 80136834b5 Merge pull request #59 from kevgliss/cleanup
Cleanup
2015-08-29 10:30:03 -07:00
kevgliss 572c44b78b Adding a some more docs around oauth2 2015-08-29 10:15:31 -07:00
kevgliss 9a04371680 Adding ability to define distinguished names in config 2015-08-27 12:59:40 -07:00
kevgliss b8720566d7 fixing merge conflict 2015-08-09 16:52:14 -07:00
kevgliss d0d3e06c81 fixing merge conflicts 2015-08-09 16:51:25 -07:00
kevgliss 48f38a8625 Fixing bad cherry pick 2015-08-09 16:49:18 -07:00
kevgliss 13f34fc600 Merge pull request #21 from kevgliss/buildfixes
Build Fixes
2015-08-09 16:47:39 -07:00
kevgliss 8b9eb70432 Adding docs explaining entropy and how lemur deals with it. 2015-08-08 17:50:54 -07:00
kevgliss 0360ccc666 Cleaning up some documentation 2015-08-03 09:49:33 -07:00
kevgliss e7e6a99ff4 Adding more source syncing logic 2015-08-01 18:31:38 -07:00
kevgliss c5a6a0570a adding link to python packaging documentation 2015-07-31 19:02:44 -07:00
kevgliss f55a93b29a adding in new files 2015-07-30 22:57:14 -07:00
kevgliss d3b0822e14 updating docs with new API endpoints and plugin information 2015-07-30 22:54:59 -07:00
kevgliss 1191fbe6c2 Merge pull request #25 from kevgliss/smtp
Adding support for SMTP emails
2015-07-23 16:28:54 -07:00
kevgliss 35b3f28797 Source code installation should use the make helper for now. 2015-07-23 16:25:28 -07:00
kevgliss 7d8cac6605 Adding support for SMTP emails 2015-07-23 13:46:54 -07:00
kevgliss 9c0f2917ad Merge branch 'master' into ci
* master:
  Fixed issue where hardcoded localhost:port combination existed in Javascript, added another step to setup.py 'package' that removes such instances and creates a more agnostic javascript blob.
  Fixing issue where nginx was not sending the right mimetype for CSS files.

Conflicts:
	gulp/build.js
2015-07-20 16:53:58 -07:00
kevgliss c89dff7994 Getting travisCI setup 2015-07-20 16:13:42 -07:00
kevgliss f679392c61 Fixing bad cherry pick 2015-07-19 19:28:49 -07:00
kevgliss f78e9d47d1 Merge pull request #21 from kevgliss/buildfixes
Build Fixes
2015-07-19 19:21:46 -07:00
kevgliss 8e0e22d49d Fixing issue where nginx was not sending the right mimetype for CSS files. 2015-07-19 19:03:04 -07:00
kevgliss 8239aa55e1 fixing conflicts 2015-07-07 16:26:37 -07:00
kevgliss a7d20cb3a5 fixing conflict 2015-07-07 15:33:29 -07:00
kevgliss 6d384f342f adding test utils 2015-07-07 15:32:55 -07:00
kevgliss 02bea85f85 Docfixes 2015-07-06 16:30:13 -07:00
kevgliss 2856d13a4e Making docs more clear on steps to get database installed. 2015-07-02 13:51:52 -07:00
Kevin Glisson 4330ac9c05 initial commit 2015-06-22 13:47:27 -07:00