Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
782 Commits 4 Branches 45 Tags 7.5 MiB
46f8ebd136
Commit Graph

143 Commits

Author SHA1 Message Date
kevgliss
46f8ebd136 Modifying the way rotation works. (#629) 
* Modifying the way rotation works.

* Adding docs.

* Fixing tests.
 2016-12-23 13:18:42 -08:00
kevgliss
072ca4da4f Adding some additional output to rotation command. (#627) 2016-12-21 13:34:14 -08:00
kevgliss
cdcae4efb0 Closes #594 (#621) 2016-12-20 14:26:39 -08:00
kevgliss
f7c795c7f6 Closes #577. (#622) 2016-12-20 14:26:29 -08:00
kevgliss
beba2ba092 Adding additional reporting and refactoring existing setup. (#620) 2016-12-20 12:48:14 -08:00
kevgliss
156b98f7f0 Ensuring that rotation only happens for certificates with endpoints to rotate. (#606) 2016-12-15 15:20:21 -08:00
kevgliss
d20c552248 Fixing issues with rotation. (#603) 
* Fixing issues with rotation.

* Fixing tests
 2016-12-14 17:30:13 -08:00
Marti Raudsepp
1eb3d563c6 Fix error reporting for certs without private key (#599) 2016-12-14 13:25:56 -08:00
Marti Raudsepp
71ddbb409c Minor documentation fixes/tweaks (#597) 
Mostly typos, grammar errors and inconsistent indentation in code
examples.

Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
 2016-12-14 09:29:04 -08:00
kevgliss
03d5a6cfe1 Refactors how notifications are generated. (#584) 2016-12-12 11:22:49 -08:00
kevgliss
968dd52f6f Fixes (#576) 
* Fixing email notification

* Adding endpoint expiration

* Fixing endpoint type for ELBs

* Allowing verisign to include additional SANs
 2016-12-08 15:52:27 -08:00
kevgliss
a4b32b0d31 Fixing up notification testing (#575) 2016-12-08 11:33:40 -08:00
kevgliss
fc205713c8 Certificate rotation enhancements (#570) 2016-12-07 16:24:59 -08:00
kevgliss
e94cf6ddc9 Ensuring that certificates returned from digicert are in the proper format (#564) 2016-12-06 12:05:18 -08:00
kevgliss
e622a49b72 Adding better error handling around certificate rotation (#562) 2016-12-05 15:12:55 -08:00
kevgliss
9030aed8a4 Ensuring that our syncing process can find duplicate certifcates that do no need to be sync'd (#560) 2016-12-05 11:08:29 -08:00
kevgliss
7f823a04cd Ensuring that acme and cryptography respect different key types (#554) 2016-12-02 10:54:18 -08:00
kevgliss
81bf98c746 Enabling RSA2048 and RSA4096 as available key types (#551) 
* Enabling RSA2048 and RSA4096 as available key types

* Fixing re-issuance
 2016-12-01 15:41:53 -08:00
kevgliss
588ac1d6a6 Digicert cis fixes (#540) 2016-11-29 17:15:39 -08:00
kevgliss
058d2938fb migrating off of openssl (#539) 2016-11-29 11:30:44 -08:00
kevgliss
727bc87ede Log fixes (#534) 
* tying up some loose ends with event logging

* Ensuring creators can access
 2016-11-28 14:13:16 -08:00
kevgliss
250558baf3 Ensuring that authority owners can access certificates issued by that… (#526) 
* Ensuring that authority owners can access certificates issued by that authority
 2016-11-25 20:35:07 -08:00
kevgliss
8e5323e2d7 migrating flask imports (#525) 2016-11-22 21:11:20 -08:00
kevgliss
6eca2eb147 Re-working the way audit logs work. 
* Adding more checks.
 2016-11-21 11:28:11 -08:00
kevgliss
744e204817 Initial work on #74. (#514) 
* Initial work on #74.

* Fixing tests.

* Adding migration script.

* Excluding migrations from coverage report.
 2016-11-21 09:19:14 -08:00
kevgliss
d45e7d6b85 [WIP] - 422 elb rotate (#493) 
* Initial work on certificate rotation.

* Adding ability to get additional certificate info.

* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
 2016-11-18 11:27:46 -08:00
kevgliss
6fd47edbe3 Adds the ability to clone existing certificates. (#513) 2016-11-17 16:19:52 -08:00
kevgliss
a616310eb7 Fixing an issue were aws certificates plugins might not have a chain. (#512) 2016-11-17 14:47:10 -08:00
kevgliss
9ac1756011 removing new 'active' logic for the time being (#505) 2016-11-16 15:56:24 -08:00
kevgliss
851d74da3d Ensuring that private key is in string format before it gets stored (#504) 
* Ensuring that private key is in string format before it gets stored

* Fixing failing test.
 2016-11-16 15:05:25 -08:00
kevgliss
eaf34b1c8b Disabling the protect active flag (#498) 2016-11-16 09:31:02 -08:00
kevgliss
e9219adfb5 Ensuring model's have a basic __repr__. (#499) 2016-11-16 09:30:54 -08:00
kevgliss
114deba06e Adding the ability to silence notifications on creation. (#490) 2016-11-12 09:29:42 -08:00
kevgliss
0334f1094d fixing documentation typo (#489) 2016-11-11 13:35:24 -08:00
kevgliss
953d3a08e7 Adding example request to documentation. (#487) 2016-11-11 12:54:12 -08:00
kevgliss
e6b291d034 Time (#482) 
* adding python 3.5 as a target

* adding env flag

* Aligning on arrow dates.
 2016-11-09 10:56:22 -08:00
kevgliss
4afedaf537 Fixes (#476) 
* Ensures that Vault can accept bytes and strings.

* Make restricted domains optional.

* Fixing notify flag.
 2016-11-04 09:16:41 -07:00
kevgliss
1ac1a44e83 San alt name (#468) 2016-10-31 11:00:15 -07:00
kevgliss
a8f44944b1 Closes #415 2016-10-17 23:23:14 -07:00
kevgliss
f921b67fff Removing the ability to use spaces in custom names. (#455) 2016-10-15 04:56:25 -07:00
kevgliss
c367e4f73f Prevents the silencing of notifications that are actively deployed. (#454) 
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.

* Adding migration script to alter 'active' column.
 2016-10-15 00:12:11 -07:00
kevgliss
dcb18a57c4 Adds option to restrict certificate expiration dates to weekdays. (#453) 
* Adding ability to restrict certificate creation to weekdays.

* Ensuring that we test for weekends.
 2016-10-15 00:04:35 -07:00
kevgliss
c05a49f8c9 Fixes an issuer where a member of a role is not able to add new users to said role. (#445) 2016-10-11 17:24:15 -07:00
kevgliss
72a390c563 Ensure the openssl and cryptography work under python3. (#438) 2016-10-09 00:06:15 -07:00
Charles Hendrie
3ad7a37f95 Fix import certificate private key encoding (#434) 
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.

The fix in both cases is to correctly encode the private key as a bytes
object.
 2016-10-08 17:04:54 -07:00
kevgliss
2d7a6ccf3c Owner email (#414) 
* Ensuring python2 works with unicode strings.

* adding in owner DN

* fixing tests

* Upgrading requests.

* Fixing tests.
 2016-08-25 10:09:46 -07:00
kevgliss
29a330b1f4 Orphaned certificates (#406) 
* Fixing whitespace.

* Fixing syncing.

* Fixing tests
 2016-07-28 13:08:24 -07:00
kevgliss
f38868a97f Fixing various problems with the syncing of endpoints, throttling sta… (#398) 
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
 2016-07-12 08:40:49 -07:00
kevgliss
1ba7181067 Fixed an issue were default notifications were added even when updati… (#395) 
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.

* Ensuring imported certificates get the same treatment.
 2016-07-07 11:44:11 -07:00
kevgliss
4077893d08 Ensuring that destinations require private keys by default. (#390) 
* Ensuring that destinations require private keys by default.
 2016-07-04 15:30:20 -07:00