Commit Graph

2238 Commits

Author SHA1 Message Date
Curtis a14fe08a63
Merge branch 'master' into kubernetes-improvment 2018-12-21 07:42:13 -08:00
Curtis fb7605e34b
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:41:08 -08:00
Curtis ae2b227943
Merge pull request #2260 from intgr/deduplicate-before-unique-migration
Deduplicate rows before notification associations unique constraint migration
2018-12-21 07:40:24 -08:00
Marti Raudsepp 72f6fdb17d Properly handle Unicode in issuer name sanitization
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.

We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
Marti Raudsepp 0f2e30cdae Deduplicate rows before notification associations unique constraint migration 2018-12-21 12:11:33 +02:00
sirferl f02178c154 added ADCS issuer and source plugin 2018-12-20 11:54:47 +01:00
sirferl 194e2a43e7
Merge pull request #1 from Netflix/master
Merge fork with updated master again
2018-12-20 09:10:46 +01:00
Wesley Hartford fbf48316b1 Minor changes for code review suggestions. 2018-12-18 22:43:32 -05:00
Wesley Hartford 073d05ae21 Merge branch 'kubernetes-fix' into kubernetes-improvment 2018-12-18 22:26:03 -05:00
Wesley Hartford e7313da03e Minor changes for code review suggestions. 2018-12-18 22:24:48 -05:00
Curtis 0b39d0fa34
Merge pull request #2242 from castrapel/up-reqs-12182018
Update requirements
2018-12-18 12:48:04 -08:00
Curtis 49723d9aed
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:34:41 -08:00
Curtis 9e8804dddb
Merge pull request #2218 from wfhartford/destination-tpl-fix
Fix textarea and validation on destination page
2018-12-18 12:34:26 -08:00
Curtis d01e9f21f9
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:29:37 -08:00
Curtis Castrapel b35d494f2d Update requirements 2018-12-18 12:29:12 -08:00
Curtis 425a07e988
Merge branch 'master' into destination-tpl-fix 2018-12-18 12:27:35 -08:00
Curtis 388699be7c
Merge pull request #2204 from rmoesbergen/master
Bugfix: Prevent 'unserializable' error for unknown SAN types
2018-12-18 12:27:15 -08:00
Curtis 513e876e2e
Merge branch 'master' into master 2018-12-18 12:18:38 -08:00
Curtis 04681d9e1e
Merge pull request #2227 from sirferl/cli-repair-query
updated query to ignore empty parameters
2018-12-18 12:18:08 -08:00
Wesley Hartford bc621c1468 Improve the Kubernetes Destination plugin
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.

The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.

The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.

Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Wesley Hartford 060c78fd91 Fix Kubernetes Destination Plugin
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.

The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford 437d918cf7 Fix textarea and validation on destination page
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen dcf5ce0eec
Merge branch 'master' into master 2018-12-07 13:57:59 +01:00
Curtis afc7512914
Merge pull request #2200 from castrapel/notification_fix
Fix notification emails
2018-12-06 12:50:01 -08:00
Curtis Castrapel da87135e02 update reqs 2018-12-06 12:29:16 -08:00
Curtis 27fdce3842
Merge branch 'master' into notification_fix 2018-12-06 12:26:51 -08:00
Curtis Castrapel c32e20b6fc Fix notifications - Ensure that notifcation e-mails are sent appropriately 2018-12-06 12:25:43 -08:00
Ronald Moesbergen e0ac749734 When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable") 2018-12-06 16:47:53 +01:00
Curtis f944e6aa32
Merge pull request #2177 from castrapel/multiple_dns_providers
Prefer DNS provider with longest matching zone
2018-11-30 12:53:25 -08:00
Curtis Castrapel 2a235fb0e2 Prefer DNS provider with longest matching zone 2018-11-30 12:44:52 -08:00
Curtis d36a51fabb
Merge pull request #2171 from castrapel/letsencrypt_fix
LetsEncrypt Celery Flow
2018-11-29 09:42:36 -08:00
Curtis Castrapel a90154e0ae LetsEncrypt Celery Flow 2018-11-29 09:29:05 -08:00
Curtis 67b476e6d7
Merge pull request #2158 from castrapel/celery_pending
Add async call to create pending cert when needed
2018-11-28 15:22:31 -08:00
Curtis Castrapel 39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel 2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Curtis c66c8f873e
Merge pull request #2127 from rmoesbergen/master
Add support for nested group membership in ldap authenticator
2018-11-26 12:09:37 -08:00
Ronald Moesbergen 5fc5a058b6 Add documentation for the LDAP_IS_ACTIVE_DIRECTORY setting 2018-11-20 10:51:14 +01:00
Ronald Moesbergen da10913045 Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True 2018-11-20 10:37:36 +01:00
Ronald Moesbergen 61839f4aca Add support for nested group membership in ldap authenticator 2018-11-19 13:42:42 +01:00
Curtis 661bc9cc13
Merge pull request #2101 from castrapel/left_outer_join
Left outer join on domains tables to avoid missing results
2018-11-13 15:08:59 -08:00
Curtis 495b3fd844
Merge branch 'master' into left_outer_join 2018-11-13 14:33:51 -08:00
Curtis Castrapel 3ce8abe46e Left outer join on domains tables to avoid missing results 2018-11-13 14:33:17 -08:00
Curtis d5bf85b3b0
Merge pull request #2099 from castrapel/count_accurate
More accurate db count functionality
2018-11-13 09:26:14 -08:00
Curtis Castrapel 92a771f5ed More accurate db count functionality 2018-11-13 09:14:21 -08:00
Curtis 9d07b6644f
Merge pull request #2092 from castrapel/no_csr_reissue
No csr reissue
2018-11-12 10:01:57 -08:00
Curtis 29be647911
Merge branch 'master' into no_csr_reissue 2018-11-12 09:54:47 -08:00
Curtis Castrapel a7a05e26bc Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler 2018-11-12 09:52:11 -08:00
Curtis Castrapel 6f0005c78e Avoid colliding LetsEncrypt jobs 2018-11-09 10:31:27 -08:00