Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,006 Commits 4 Branches 45 Tags 7.5 MiB
Commit Graph

1037 Commits

Author SHA1 Message Date
Curtis Castrapel 68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis Castrapel e3c5490d25 Expose exact response from digicert as error 2019-05-15 13:36:40 -07:00
Curtis Castrapel 26d10e8b98 change ordering in more places 2019-05-15 11:47:53 -07:00
Curtis Castrapel 7e92edc70a Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion 2019-05-15 11:43:59 -07:00
Curtis 6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup 2019-05-15 10:20:17 -07:00
Curtis Castrapel 5d8f71c3e4 nt 2019-05-14 13:02:24 -07:00
Curtis Castrapel 565142f985 Add soft timeouts to celery jobs; Check for PEM in LE order 2019-05-14 12:52:30 -07:00
Hossein Shafagh f452a7ce68 adding a new API for faster certificate lookup. 
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:

cn is a required parameter:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):

http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner  and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:

http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
 2019-05-11 18:06:51 -07:00
Curtis Castrapel ed18df22db remove permalink change 2019-05-09 14:54:44 -07:00
Curtis Castrapel e33a103ca1 Allow searching for certificates by name via API 2019-05-09 14:36:56 -07:00
Curtis c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate 2019-05-08 07:48:44 -07:00
Curtis Castrapel 87470602fd Gather more metrics on certificate reissue/rotate jobs 2019-05-08 07:48:08 -07:00
Curtis 317c84800c
Merge branch 'master' into jwks_validation_error_control 2019-05-08 06:50:56 -07:00
Curtis Castrapel 0eacbd42d7 Converting userinfo authorization to a config var 2019-05-07 15:31:42 -07:00
Jose Plana 4e6e7edf27 Rename return variable for better readability 2019-05-07 22:53:01 +02:00
Hossein Shafagh b7ce9ab901
Merge branch 'master' into jwks_validation_error_control 2019-05-07 13:09:02 -07:00
Hossein Shafagh ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration 2019-05-07 09:06:02 -07:00
Hossein Shafagh e58ff476c9
Merge branch 'master' into jwks_validation_error_control 2019-05-07 09:05:41 -07:00
Curtis 22caaa0c95
Merge branch 'master' into fix_userinfo_authorization 2019-05-07 07:48:47 -07:00
Curtis e65154b48e
Merge branch 'master' into develop 2019-05-07 07:36:51 -07:00
alwaysjolley ef7a8587fe Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source 2019-05-07 10:06:09 -04:00
alwaysjolley b0c8901b0a lint cleanup 2019-05-07 10:05:01 -04:00
alwaysjolley 36ce1cc7ef
Merge branch 'master' into lemur_vault_source 2019-05-07 09:41:50 -04:00
alwaysjolley fb3f0bd72a adding Vault Source plugin 2019-05-07 09:37:30 -04:00
Daniel Iancu a7af3cf8d2 Fix Cloudflare DNS 2019-05-07 03:05:24 +03:00
Jose Plana deed1b9685 Don't fail if googleGroups is not found in user profile 2019-05-06 12:30:25 +02:00
Jose Plana 6c99e76c9a Better error management in jwks token validation 2019-05-06 12:27:43 +02:00
Jose Plana 2063baefc9 Fixes userinfo using Bearer token 2019-05-06 12:23:24 +02:00
Curtis Castrapel 3a1da72419 nt 2019-04-29 13:57:04 -07:00
Curtis Castrapel 6e3f394cff Updated requirements ; Revert change and require DNS validation by provider 2019-04-29 13:55:26 -07:00
Curtis Castrapel 1a90e71884 Move ACME host validation logic prior to R53 host modification 2019-04-26 17:27:44 -07:00
Curtis Castrapel 333ba8030a Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname 2019-04-26 15:45:04 -07:00
Curtis Castrapel 1a3ba46873 More retry changes 2019-04-26 10:18:54 -07:00
Curtis Castrapel 1e64851d79 Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries 2019-04-26 10:16:18 -07:00
Curtis 8eef95b58e
Merge branch 'master' into expose_verisign_exception 2019-04-25 19:15:55 -07:00
Curtis Castrapel dcdfb32883 Expose verisign exceptions 2019-04-25 19:14:15 -07:00
Curtis Castrapel 39584f214b Process DNS Challenges appropriately (1 challenge -> 1 domain) 2019-04-25 15:12:52 -07:00
Curtis Castrapel 2bc604e5a9 Better metrics and error reporting 2019-04-25 13:50:41 -07:00
Curtis Castrapel 272285f64a Better exception handling, logging, and metrics for ACME flow 2019-04-24 15:26:23 -07:00
Curtis 0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload 2019-04-24 09:34:35 -07:00
alwaysjolley a801112cf6
Merge branch 'master' into lemur_vault_plugin 2019-04-23 07:07:39 -04:00
alwaysjolley 85efb6a99e cleanup tmp files 2019-04-23 07:06:52 -04:00
Hossein Shafagh 9b38761153
Merge branch 'master' into add-pending-certificate-upload 2019-04-22 11:47:02 -07:00
alwaysjolley f9dadb2670 fixing validation 2019-04-22 09:38:44 -04:00
alwaysjolley 8dccaaf544 simpler validation 2019-04-22 07:58:01 -04:00
alwaysjolley 1667c05742 removed unused functions 2019-04-18 13:57:10 -04:00
alwaysjolley b39e2e3f66 Merge branch 'master' into lemur_vault_plugin 2019-04-18 13:55:45 -04:00
alwaysjolley fb3b0e8cd7 adding regex filtering 2019-04-18 13:52:40 -04:00
Jose Plana 7dd9268ca7 Allow uploading a signed cert for a pending certificate. 2019-04-18 00:46:39 +02:00
Curtis 8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-17 10:43:44 -07:00