Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,468 Commits 4 Branches 45 Tags 7.5 MiB
72da149fde
Commit Graph

679 Commits

Author SHA1 Message Date
Mathias Petermann
76dcfbd528 Add more tests 2020-10-27 10:28:33 +01:00
Mathias Petermann
d6719b729c Implement some test for AcmeHttpIssuerPlugin 2020-10-27 10:28:33 +01:00
Mathias Petermann
b2de986652 Split tests into handler, and dns specifics 2020-10-27 10:28:30 +01:00
Mathias Petermann
b93d271f31 Fix flake8 2020-10-27 10:25:31 +01:00
Mathias Petermann
e06bdcf2a3 Implement create_certificate for HTTP-01 challenge 2020-10-27 10:25:31 +01:00
Mathias Petermann
3012995c76 Improve naming, make it possible to create directories recursively with SFTP 2020-10-27 10:25:31 +01:00
Mathias Petermann
348d8477dd Refactor destination plugin, to allow upload of ACME http-challenge tokens 2020-10-27 10:25:31 +01:00
Mathias Petermann
d00dd9d295 Initial structure for ACME http challenge 2020-10-27 10:25:31 +01:00
csine-nflx
749aa772ba First change to get CNAME redirection working 2020-10-26 11:57:33 -07:00
Hossein Shafagh
f6554a9a1e typo, fixing abstract class complaints 2020-10-23 18:03:55 -07:00
Hossein Shafagh
0e02abbb37 Entrust just looks into CSR for RSA/EC key type 2020-10-23 18:03:27 -07:00
Hossein Shafagh
9957120a7f adding missing import 2020-10-23 18:03:07 -07:00
Hossein Shafagh
7e573d6d51 fixing typo 2020-10-23 18:02:54 -07:00
Hossein Shafagh
6891077501 readability 2020-10-23 18:02:35 -07:00
Hossein Shafagh
75bc3a5b20 refactoring and adding retry 2020-10-23 18:02:05 -07:00
Hossein Shafagh
d233490c8a simple retry 2020-10-23 18:01:14 -07:00
Hossein Shafagh
2c1e7b19a2 10x 10s delay might be too long for the load balancer request 2020-10-23 17:59:58 -07:00
Hossein Shafagh
3d83db6f8f
Merge branch 'master' into expanding-S3-plugin 2020-10-23 14:13:30 -07:00
Hossein Shafagh
01bd357b1c
Merge branch 'master' into sns 2020-10-23 11:38:35 -07:00
Hossein Shafagh
1495fb3595 now fixing the month to minute bug 2020-10-23 10:18:24 -07:00
Hossein Shafagh
bc6fb02fc2 fixing testing 2020-10-23 10:16:38 -07:00
Hossein Shafagh
e01863097b fixing the time bug, sub-second to second, and month to minute! 2020-10-23 10:16:23 -07:00
Jasmine Schladen
233f9768e8 Fix error handling 2020-10-23 09:35:46 -07:00
Jasmine Schladen
98962ae5f5
Merge branch 'master' into sns 2020-10-23 08:50:26 -07:00
Hossein Shafagh
2b274f723a
Merge branch 'master' into improved-logging 2020-10-23 07:59:30 -07:00
Hossein Shafagh
8610af8b83
more precise language 2020-10-22 17:54:46 -07:00
Hossein Shafagh
820106e333
Merge branch 'master' into expanding-S3-plugin 2020-10-22 17:35:20 -07:00
Hossein Shafagh
9ce0010bf1 handle_respone can also handle the no data response 2020-10-22 17:33:39 -07:00
Hossein Shafagh
97f80b79dc adjusting digicert test to support seconds 2020-10-22 17:23:33 -07:00
Hossein Shafagh
9acd974b74 fixing the test to support seconds 2020-10-22 17:20:47 -07:00
Hossein Shafagh
ae1e9d120b consistent messaging 2020-10-22 17:13:58 -07:00
Hossein Shafagh
2e7652962c refactoring of the error handling 2020-10-22 17:11:02 -07:00
Hossein Shafagh
1c96ea9ab1 better messaging of exceptions 2020-10-22 17:10:32 -07:00
Hossein Shafagh
02c040865d more meaningful message 2020-10-22 16:05:29 -07:00
Hossein Shafagh
8fa90a2ce5 digicert expects also seconds, though not yet honoring it 2020-10-22 16:01:09 -07:00
Hossein Shafagh
c60645bec4 improved logging for all responses 2020-10-22 16:00:26 -07:00
Hossein Shafagh
c2fe2b5e03 improved logging for all responses 2020-10-22 15:59:59 -07:00
Hossein Shafagh
906b3b2337 better handling of status code 2020-10-21 19:52:25 -07:00
Jasmine Schladen
4f552cb636 Code cleanup 2020-10-20 12:02:36 -07:00
Jasmine Schladen
d6075ebc11 Merge 2020-10-20 11:48:54 -07:00
Jasmine Schladen
669a4273c2 Merge branch 'master' of github.com:jtschladen/lemur into sns 2020-10-19 16:29:33 -07:00
Jasmine Schladen
e90b08b363 Correct typo and enable Slack notification test 2020-10-16 17:08:44 -07:00
Jasmine Schladen
60bb0037f0 Miscellaneous notification fixes and tests 2020-10-16 15:13:12 -07:00
Jasmine Schladen
a04cce6044 Initial implementation 2020-10-16 10:40:11 -07:00
Hossein Shafagh
503530e935 the test requires region param for sts 2020-10-16 10:32:10 -07:00
Hossein Shafagh
11ce540246 formatting 2020-10-16 10:31:19 -07:00
Hossein Shafagh
9c04a888d8 adjusting the S3 test 2020-10-16 09:52:04 -07:00
Hossein Shafagh
17e528b5dd adding testing for acme_upload method 2020-10-16 09:50:35 -07:00
Hossein Shafagh
d705e3ae3b expanding the S3 destination plugin to support the acme token upload inteface 2020-10-16 09:49:56 -07:00
Hossein Shafagh
7d8eb1c61e improving test 2020-10-16 09:49:26 -07:00
Hossein Shafagh
6aad37e1f9 cleaning up code 2020-10-16 09:49:00 -07:00
Hossein Shafagh
d73db59d23 revsering removing region 2020-10-16 09:48:47 -07:00
Hossein Shafagh
bfe89e131e adding delete and put interfaces for the S3 plugin 2020-10-15 18:13:50 -07:00
sayali
28381737dc Removed OU from digicert plugin 2020-10-13 19:40:15 -07:00
Mathias Petermann
817fc3f0fe
Merge branch 'master' into feature/store-acme-account-details 2020-10-11 14:37:31 +02:00
Hossein Shafagh
0fc050e17b
Merge branch 'master' into dymanic-digicert-ICAs 2020-10-09 17:53:54 -07:00
Hossein Shafagh
42e9b8b627 removing the intermediary from being optional 2020-10-09 15:40:25 -07:00
sirferl
5a968ffe63 Lint errors 2020-10-09 12:05:57 +02:00
sirferl
d43e240a2a dded ELIF at determine_end_date, becuase of error. 2020-10-09 11:41:44 +02:00
sirferl
a6a4f458e0 added Tests and removed problems in test-setup 2020-10-09 11:35:04 +02:00
Hossein Shafagh
1a270cd315 switching from static DigiCert ICAs to dynamic ones to support: 
https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html
 2020-10-07 20:06:20 -07:00
Mathias Petermann
57534d86cd Disable account saving by default 2020-10-07 12:28:22 +02:00
Mathias Petermann
8353396940 Improve tests 2020-10-07 12:28:22 +02:00
Mathias Petermann
9abd3e97e7 Add test loading acme account from authority 2020-10-07 12:28:22 +02:00
Mathias Petermann
bf66de0bfd Add Test for saving the accound details 2020-10-07 12:28:22 +02:00
Mathias Petermann
e0708410d0 Add store_account value to options in test_setup_acme_client_success 2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab Implement storage of acme account 2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661 Add store_account option to acme plugin 2020-10-07 12:28:22 +02:00
Hossein Shafagh
e5961146b9 session hook complains about metadata 
+ consistent language.
 2020-09-23 14:22:58 -06:00
Hossein Shafagh
cc855e2758 modern python style 2020-09-18 17:16:07 -07:00
Hossein Shafagh
416f39222a testing 2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255 entrrust plugin revised 2020-09-18 11:09:32 -07:00
sirferl
02c7a5ca7c another round of lint errors 2020-09-14 16:34:56 +02:00
sirferl
e011cc9251 added several enhancements following advice from peer 2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25 fixed lint errors 2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4 lint errors and removed _path from the API-Cert variables 2020-09-14 15:42:36 +02:00
sirferl
84496b0f55 fixed a few problems 2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f added revoke functionality 2020-09-14 14:20:11 +02:00
sirferl
b337b27146 added response handler 2020-09-14 12:23:58 +02:00
sirferl
01678a714f added required vars check 2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin 2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76 Log message change 
PR comments
 2020-09-11 15:53:34 -07:00
sirferl
1c9c377751
Lint errors 2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors 2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints 2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2 entrust plugin inital edit 2020-09-10 16:04:31 +02:00
sirferl
f47f108f43 ientrust plgin - first version 2020-09-10 16:03:29 +02:00
sayali
8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sirferl
1b73b1d080
Merge branch 'master' into master 2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable 
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
 2020-08-19 12:25:52 +02:00
sayali
6ff8910f87 mention 397 for digicert plugin 2020-08-11 18:53:19 -07:00
sayali
d7ca1570be maximum 1 year validity for digicert 2020-08-11 18:02:42 -07:00
sayali
bde2829e72 Modify unit test test_determine_end_date to match new config 2020-08-11 17:10:29 -07:00
sayali
7a83799bcd Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-10 17:30:34 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-07-14 17:35:13 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c3b36d697f clarification 2020-06-08 15:17:45 -07:00
Hossein Shafagh
904bc9d8b6
Merge branch 'master' into improve-expiry-email 2020-05-27 15:28:41 -07:00
Hossein Shafagh
8861cc70cb rewordin 2020-05-26 17:12:47 -07:00
Hossein Shafagh
34e3f7c049 improved messaging 2020-05-26 16:38:12 -07:00
Hossein Shafagh
cc4fc66c93
Merge branch 'master' into master 2020-05-22 09:57:46 -07:00
Hossein Shafagh
8d0007b9c0 fixing the private DNS zone issue. 
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure  they are not added to the  dns_provider table.
 2020-04-24 15:48:06 -07:00
csine-nflx
cee81bd693 updated requirements, fixed unittests, pytest, and distinguidedName ordering 2020-04-09 18:17:05 -07:00
Curtis Castrapel
1360d846fd Improve error logging for a couple of use cases 2020-04-08 11:50:42 -07:00
csine-nflx
46e0d1953b Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02 2020-04-05 21:47:24 -07:00
csine-nflx
f82ec24dfa updating _get_txt_records return values and docstrings 2020-04-05 21:46:33 -07:00
Curtis
d825616ea6
No need to retry 25 times on DeleteConflict errors 2020-04-01 10:53:17 -07:00
csine-nflx
6f3ba23fa0 updating sinlge line of comments 2020-03-30 13:34:24 -07:00
csine-nflx
9d9bf9d7ba Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02 2020-03-30 09:02:56 -07:00
csine-nflx
d6cc8a8a9a fixing whitespace 2020-03-30 09:01:28 -07:00
Chad S
2b7e60399c
Merge branch 'master' into powerdnsplugin_02 2020-03-27 10:27:33 -07:00
csine-nflx
0e314d0028 adding documentation and final cleanup 2020-03-27 10:18:38 -07:00
csine-nflx
0149f8b0d3 add support for wildcard and naked domains to PowerDNS module 2020-03-26 22:15:10 -07:00
Hossein Shafagh
88c40aa93c
Merge branch 'master' into master 2020-03-23 20:31:16 -07:00
Hossein Shafagh
697215f8bc better handling of destination plugin errors, and also checking cert expiration before upload 2020-03-21 20:05:35 -07:00
Ilya Makarov
7bd5173da4 Merge with Netflix/lemur master 2020-03-20 20:52:33 +03:00
csine-nflx
07dc31bed7 cleaning up whitespace changes 2020-03-16 11:41:05 -07:00
csine-nflx
1a19e250bb updating and cleaning up tests 2020-03-16 11:24:17 -07:00
csine-nflx
921d52b360 fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations 2020-03-13 00:03:31 -07:00
Ilya Makarov
be722fb1b3 Fix lint 2020-03-11 20:51:10 +03:00
Ilya Makarov
92a8942727 Fix lint 2020-03-11 15:37:11 +03:00
Ilya Makarov
a6c3b85fe1 Fix lint 2020-03-11 15:15:56 +03:00
Ilya Makarov
ba8e315eed Fix typo 2020-03-11 14:22:04 +03:00
Ilya Makarov
729ed3843d Fix bug wth get_options and slash in name 2020-03-11 14:16:29 +03:00
Ilya Makarov
d3cb0b517a Add format support 2020-03-11 02:27:31 +03:00
Ilya Makarov
ad86cf1fd9 Merge remote-tracking branch 'upstream/master' 2020-03-11 00:29:07 +03:00
csine-nflx
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01 2020-03-05 15:25:40 -08:00
csine-nflx
771e72187a updates based on feedback 2020-03-05 15:24:56 -08:00
csine-nflx
5dfb6acb17 adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation 2020-03-05 14:59:21 -08:00
Hossein Shafagh
4a4b3b932e
Merge branch 'master' into master 2020-03-04 10:32:10 -08:00
csine-nflx
1e81d47793 Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01 2020-03-03 17:28:58 -08:00
csine-nflx
fdc1e20c23 updating config_mock defaults 2020-03-03 17:27:15 -08:00
csine-nflx
38b7d6e5e3
Merge branch 'master' into renewal_validity_01 2020-03-03 14:44:33 -08:00
csine-nflx
6c46481ffd simplifying return statement for validity years 2020-03-03 14:40:50 -08:00
csine-nflx
318292704d fixing default/max DigiCert validity values 2020-03-03 14:29:17 -08:00
e11it
fe67ff2146
Update plugin.py 
Fix lint
 2020-03-02 09:18:02 +03:00
Ilya Makarov
a8c0adaa4d Merge remote-tracking branch 'upstream/master' 2020-02-27 17:08:35 +03:00
Ilya Makarov
9612d291ed Add path suffix options 2020-02-18 19:16:27 +03:00
Hossein Shafagh
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl 2020-02-17 10:30:58 -08:00
sirferl
e75df1ddc9
Update plugin.py 2020-02-17 19:04:20 +01:00
Hossein Shafagh
d29edabefe
Merge branch 'master' into le_Log_orderurl 2020-02-17 09:24:51 -08:00
sirferl
ed3472d029
Update plugin.py 2020-02-17 15:21:29 +01:00
sirferl
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter 
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>""" 
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
 2020-02-17 12:40:36 +01:00
sirferl
1815c89970
Made the change more elegant 
As suggested by @hosseinsh. This is of course more elegant.
 2020-02-16 09:28:52 +01:00