kevgliss
fbc24ea400
There is an issue when iterating over extensions where certificates might not have been issued in adherence with basic constraints. Here we log these errors instead of failing out right. ( #770 )
2017-04-27 17:45:34 -07:00
Doppins
2b8c2f612e
Upgrade dependency pyjwt to ==1.5.0 ( #768 )
2017-04-27 12:16:36 -07:00
kevgliss
4905020e77
ensuring stdout has a default log level ( #766 )
2017-04-27 10:11:47 -07:00
kevgliss
75787d20bc
ensuring that lemur's default user has a valid email ( #765 )
2017-04-27 09:53:35 -07:00
kevgliss
ca9f120988
fixing some pep8 issues ( #764 )
2017-04-27 09:44:39 -07:00
Doppins
5fb6753445
Upgrade dependency marshmallow to ==2.13.5 ( #753 )
2017-04-27 09:20:03 -07:00
Rick Breidenstein
e86954e8ea
Destination Plugin/Lemur_linuxdst ( #736 )
...
* Added lemur_linuxdst
* Revert "Added lemur_linuxdst"
This reverts commit 010c19bd1937320189ee5a0660f9e356221121f3.
* added plugin\lemur_linuxdst
Destination plugin for a target linux host
* Update remote_host.py
* Update plugin.py
* Update remote_host.py
* Update plugin.py
* Update plugin.py
* chaning var and funct names
* Write data with local temp
* .
* .
* typo
* tested plugin successfully
* Update plugin.py
* Update remote_host.py
* removed whitespace
* set permissions on exported keys to 600
sftp.chmod(dst_dir_cn + '/' + dst_file, (stat.S_IRUSR))
* Update plugin.py
* Update remote_host.py
* Update plugin.py
* added 'paramiko==2.1.2'
required for lemur_linuxdst plugin
* data stored in clear text at rest
* Update plugin.py
* Update plugin.py
* Update remote_host.py
2017-04-27 09:19:49 -07:00
Paul Van de Vreede
604cd60dbe
Return correct intermediate certificate on digicert creation. ( #762 )
...
This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
2017-04-27 09:14:20 -07:00
Michael Treacher
05f4ae8e58
Hexify cert serial ( #763 )
...
* Hexify serial at the serialization layer
* Fix for flakey test. Change test to test for uppercased string
2017-04-27 09:13:04 -07:00
kevgliss
88ac783fd2
PEP8 Fixes ( #760 )
2017-04-25 09:23:18 -07:00
Travis McPeak
bc66ede9aa
Fixing Bandit findings and adding travis Bandit job ( #759 )
...
* Fixes for Bandit
This commit fixes a couple of issues so that Bandit can run
cleanly using medium+ severity and confidence filtering.
* Adding Lemur Bandit job to TravisCI
2017-04-24 18:37:03 -07:00
Michael Treacher
1c295896e6
Add test for when there are no notifications on a certificate ( #757 )
2017-04-24 09:04:49 -07:00
Michael Treacher
f90076abe9
Update index.rst ( #754 )
...
Seems the api for these actions have changed. Thought I would update the documentation around this. Let me know if I've misunderstood something.
2017-04-19 16:06:32 -07:00
kevgliss
01aa372e59
Version bump. ( #751 )
2017-04-08 13:23:48 -07:00
kevgliss
479ac81aa9
0.5 Release ( #750 )
2017-04-08 13:17:24 -07:00
Doppins
9c69c6d129
[Doppins] Upgrade dependency marshmallow-sqlalchemy to ==0.13.1 ( #719 )
...
* Upgrade dependency marshmallow-sqlalchemy to ==0.13.0
* Upgrade dependency marshmallow-sqlalchemy to ==0.13.1
2017-04-08 12:43:51 -07:00
Doppins
ea1e9cb4c6
Upgrade dependency psycopg2 to ==2.7.1 ( #721 )
2017-04-08 12:34:17 -07:00
Doppins
dac7a77afb
Upgrade dependency gunicorn to ==19.7.1 ( #733 )
2017-04-08 12:33:57 -07:00
Doppins
9b21197fec
Upgrade dependency SQLAlchemy-Utils to ==0.32.14 ( #745 )
2017-04-08 12:33:46 -07:00
Doppins
e4255649c0
Upgrade dependency acme to ==0.13.0 ( #746 )
2017-04-08 12:33:28 -07:00
kevgliss
81aff42e03
Removing this exception handling, that error should be caught above. ( #749 )
2017-04-07 16:01:40 -07:00
Rick Breidenstein
221851abc1
supervisor ; cause services not to start ( #744 )
...
the ; in the supervisor/conf.d/app.conf file cause the service not to start.
2017-04-06 09:21:13 -07:00
Michael Treacher
7f019583f2
Don’t set ‘custom_expiration_date’ if validity years is set in the UI. ( #742 )
...
* Don’t set ‘custom_expiration_date’ if validity years is set in the UI.
* Use single quotes instead of double quotes.
2017-04-04 17:11:17 -07:00
Brint O'Hearn
e18a188723
Spell fixes in docs ( #740 )
2017-03-30 21:09:30 -07:00
kevgliss
f91ae5b319
Fixes bug where authority status was not set correctly. ( #739 )
2017-03-29 10:10:51 -07:00
Henry Megarry
dd39b9ebe8
adding url context path to build, adding documentation on url contextpath ( #737 )
2017-03-28 15:21:13 -07:00
Jason Spriggs
15896a3b11
Fix spelling error in LEMUR_DEFAULT_COUNTRY ( #734 )
2017-03-22 15:49:16 -07:00
Doppins
e092606181
Upgrade dependency marshmallow to ==2.13.4 ( #732 )
2017-03-20 09:08:26 -07:00
Rick Breidenstein
a4707c5fc9
added a few steps ( #731 )
...
Added a few steps that are needed during the install on a fresh Ubuntu image
2017-03-18 21:36:26 -07:00
kevgliss
f0dde845db
Adding ability to exclude certificates from expiration ( #730 )
...
* adding ability to exclude certificates from expiration
* fixing tests
2017-03-15 11:25:19 -07:00
kevgliss
b0ea027769
Underscores should not be in hostnames ( #728 )
2017-03-15 08:41:06 -07:00
Doppins
d9f2faa462
Upgrade dependency pytest to ==3.0.7 ( #727 )
2017-03-14 15:06:54 -07:00
Rick Breidenstein
7b4d31d4f6
added steps for loading custom plugin ( #725 )
...
* added steps for loading custom plugin
added steps for loading a custom plugin into Lemur once the files have been put into place (/www/lemur/lemur/plugins/) and the setup.py file (/www/lemur/setup.py) has been modified.
* updated __init__.py section
except Exception as e:
2017-03-14 09:30:22 -07:00
Rick Breidenstein
522e182694
added python3-dev to dependencies ( #724 )
...
make release fails without it
2017-03-13 15:45:10 -07:00
Rick Breidenstein
6c8a6620d2
specify python3 when creating virtualenv ( #723 )
...
Lemur is developed against Python3.5. If you do not specify the Python version it is possible the virtualenv will be built on a different version.
2017-03-13 13:58:44 -07:00
putz612
d68b2b22e0
Update bower.json ( #722 )
...
Angular angular-sanitize is pulling in an incompatible version of angular knocking out the webUI by breaking chart.js.
2017-03-13 12:28:08 -07:00
kevgliss
a4068001a3
Updating docs to align with normal deployment. ( #718 )
2017-03-12 15:01:21 -07:00
Doppins
574fed2618
Upgrade dependency marshmallow to ==2.13.3 ( #717 )
2017-03-11 11:07:17 -08:00
Neil Schelly
8762e1c5ae
Issue #703 bugfix ( #711 )
...
* Ensures that both AKI serial/issue _and_ keyid won't be included.
Validation issues crop up if both types of AKI fields are present.
* Ensure that SAN extension includes the certificate's common name
* Fix scenario where subAltNames are getting dropped when applying a template
* Ensure that SAN includes the CN
* Ensuring that getting here without a SAN extension won't break things.
* New cleaner approach
* Some bits of handling the extensions are a bit hacky, requiring access to attributes inside the objects in x509.
I think this is pretty clean though.
* lintian check
* Fixing tests
2017-03-10 09:09:18 -08:00
Doppins
d94e3113ff
Upgrade dependency marshmallow to ==2.13.2 ( #716 )
2017-03-10 09:08:34 -08:00
kevgliss
3c5b2618c0
Rely on the lemur generating the correct name for rotated certificates. ( #714 )
...
* Rely on the lemur generating the correct name for rotated certificates.
* Fixing tests.
2017-03-09 13:09:20 -08:00
kevgliss
602c5580d3
Only validates values if present in options. Fixing authority test to parse plugin information. ( #713 )
2017-03-06 20:38:04 -08:00
Doppins
038beafb5e
Upgrade dependency gunicorn to ==19.7.0 ( #709 )
2017-03-04 18:28:35 -08:00
Doppins
14923f8c07
Upgrade dependency marshmallow to ==2.13.1 ( #710 )
2017-03-04 18:28:24 -08:00
kevgliss
b715687617
Ensuring that we don't fail cleaning if it doesn't exist. ( #708 )
2017-03-03 16:03:52 -08:00
kevgliss
c46fa5d69c
Ensures the rotation has a value during migration. ( #707 )
2017-03-03 15:16:25 -08:00
kevgliss
310e1d4501
Adds support for filtering by UI. Closes #702 . ( #706 )
2017-03-03 15:07:26 -08:00
kevgliss
fc957b63ff
Source syncing tweaks. ( #705 )
...
* Allow owner to be specified when syncing certs.
* Ensuring non-endpoint plugins don't fail to complete syncing.
* Adding in some additional error handling.
2017-03-03 14:53:56 -08:00
kevgliss
d53f64890c
Adding max notification constraint. ( #704 )
...
* Adds additional constraints to the max notification time. With an increasing number of certificates we need to limit the max notification time to reduce the number of certificates that need to be analyzed for notification eligibility.
2017-03-03 12:59:16 -08:00
Neil Schelly
5f5583e2cb
UI adjustments for mutually exclusive (radio button version) encipher/decipher-only Key Usage #664 ( #692 )
...
* UI adjustments to make Key Agreement, Encipher Only, and Decipher Only relationship more user-friendly
* whitespace typo
* Issue #663 switching Encipher/Decipher Only options to be mutually exclusive and un-checkable radio buttons.
* Found a bug in the fields schema that was dropping Key Agreement bit if encipher/decipher only weren't checked
2017-02-16 13:26:56 -08:00