Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,039 Commits 4 Branches 45 Tags 7.5 MiB
8353396940
Commit Graph

517 Commits

Author SHA1 Message Date
csine-nflx
ca8e73286f fixed get_domains() to remove duplicate entries, updated usage and tests 2020-02-12 15:10:24 -08:00
Hossein Shafagh
b23ae60847
Merge branch 'master' into vault-k8s-auth 2020-02-10 11:12:52 -08:00
csine-nflx
bcdb3173bd ensuring that "3" is set as an integer instead of a string 2020-02-04 18:23:17 -08:00
csine-nflx
8ea54d7db2 removing exception if domain zone not found. Logging the issue instead 2020-02-04 14:50:56 -08:00
csine-nflx
48bccd6f68 moving _check_config() lower in file, near other private methods 2020-02-03 19:08:28 -08:00
csine-nflx
c38e651eb0 Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01 2020-02-03 19:04:05 -08:00
csine-nflx
53f81fb09f updating based on suggestions in 2911 2020-02-03 18:58:31 -08:00
csine-nflx
ac0282529e adding basic logging on success 2020-02-03 11:05:20 -08:00
csine-nflx
fecb5b6252
Merge branch 'master' into powerdnsplugin_01 2020-01-31 16:37:57 -08:00
csine-nflx
be7736d350 adding dns tests and assorted exception handling 2020-01-31 13:16:37 -08:00
csine-nflx
969a7107fe fixed PowerDNS Tests 2020-01-29 13:12:09 -08:00
csine-nflx
ef115ef2b1 moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES 2020-01-29 11:20:39 -08:00
csine-nflx
b91899fe99 created CLI options for testin ACME over dns. Examle: acme dnstest -d _acme-chall.foo.com -t token1 2020-01-28 19:13:28 -08:00
sirferl
620f972635
Fixed an error 
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
 2020-01-27 11:04:49 +01:00
csine-nflx
c465062673 integrated PowerDNS plugin into dns_providers 2020-01-23 23:53:38 -08:00
csine-nflx
bddae6e428 adding PowerDNS delete_txt_record with associated tests 2020-01-22 16:18:52 -08:00
csine-nflx
52c7686d58 adding wait_for_dns_change() and tests for PowerDNS ACME plugin 2020-01-21 18:47:21 -08:00
csine-nflx
915ec0ba63 added PowerDNS support for create_txt_record and associated tests 2020-01-21 17:08:59 -08:00
Hossein Shafagh
acf531ece3
Merge branch 'master' into vault-k8s-auth 2020-01-20 15:18:29 -08:00
csine-nflx
3080a9527c adding PowerDNS get_zones functionality and unit tests 2020-01-17 18:29:37 -08:00
Hossein Shafagh
cb7507156c
Merge branch 'master' into vault-k8s-auth 2020-01-17 17:17:53 -08:00
Hossein Shafagh
d6f41b6a99 improving string formatting to avoid dangling white spaces and new lines 2020-01-16 13:45:13 -08:00
Hossein Shafagh
1ed6ae539d # possibility to default to a SIGNING_ALGORITHM for a given profile 2020-01-15 16:19:48 -08:00
jenkins-x-bot
cd7d9aee55 fixed lint error 2020-01-13 23:09:58 +02:00
jenkins-x-bot
8d957f22af changed file handling 2020-01-13 22:46:34 +02:00
jenkins-x-bot
cad56c813e fixed lint error 2020-01-12 01:51:48 +02:00
jenkins-x-bot
409b499217 added kubernetes auth for vault 2020-01-12 01:25:22 +02:00
Hossein Shafagh
348682d5ea
Merge branch 'master' into cfssl-key-fix 2020-01-09 10:44:02 -08:00
jenkins-x-bot
8be8c95b17 handled cfssl-key type error 2020-01-09 15:16:19 +02:00
Hossein Shafagh
1537d591a8 Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal. 2020-01-08 14:42:16 -08:00
pmelse
45c1207d07
Merge branch 'master' into master 2019-12-27 13:30:56 -05:00
pmelse
9fb4be1273
remove trailing whitespace 2019-12-27 13:25:03 -05:00
Jay Zarfoss
113c9dd657 atlas redis plugin typo cleanup and better exception handling 2019-11-06 10:42:59 -08:00
Jay Zarfoss
f803fab413 add plugin to send atlas metric via redis 2019-11-06 10:14:49 -08:00
Hossein Shafagh
f077b19126
Merge branch 'master' into master 2019-10-18 11:32:21 -07:00
Hossein Shafagh
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash 2019-10-18 11:08:51 -07:00
Hossein Shafagh
9037f88430 just in case the path varies 2019-10-18 11:02:41 -07:00
Hossein Shafagh
1768aad9e2 capturing no such entity exception. 2019-10-18 10:17:58 -07:00
Hossein Shafagh
8aea257e6a optimizing the call to describe cert to only the few certs with the naming issue 2019-10-18 09:24:49 -07:00
Hossein Shafagh
d43e859c34 describing the cert for each endpoint, for better cert search 2019-10-18 08:46:01 -07:00
Hossein Shafagh
b5ab87877b adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors 2019-10-17 10:16:33 -07:00
pmelse
f0652ca6a9
bug fix for overwriting certificates 2019-10-10 15:49:31 -04:00
Hossein Shafagh
477db836f4 lint 2019-09-23 12:52:17 -07:00
Hossein Shafagh
86f661a8af With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed 2019-09-23 12:36:08 -07:00
Hossein Shafagh
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019 2019-09-20 15:19:25 -07:00
Hossein Shafagh
a13c45e9cc updating dependencies, and fixing the deprecated arrow.replaces to shift 2019-09-20 13:49:38 -07:00
Curtis Castrapel
1c6fee7292 Allow better DNS autodetection for domains that directly match a DNS hosted zone 2019-08-15 10:52:26 -07:00
Hossein Shafagh
5d4413e45c
Merge branch 'master' into ultradnsPlugin 2019-08-09 08:48:24 -07:00
Kush Bavishi
d9aef2da3e Changed dummy nameserver value 2019-08-07 14:38:18 -07:00
Kush Bavishi
a97283f0a4 Fixed indentation 2019-08-07 14:23:09 -07:00
Kush Bavishi
a6bf081bec Remove unused import 2019-08-07 14:08:27 -07:00
Kush Bavishi
43f5c8b34e Fixed indentation 2019-08-07 14:08:06 -07:00
Kush Bavishi
cadf372f7b Removed hardcoded value from function call 2019-08-07 14:02:10 -07:00
Kush Bavishi
b4f4e4dc24 Added extra check for return value to test_create_txt_record 2019-08-07 13:55:02 -07:00
Kush Bavishi
fa7f71d859 Modified paginate response to dummy values 2019-08-07 13:53:10 -07:00
Kush Bavishi
3ff56fc595 Blank line removed 2019-08-07 13:42:11 -07:00
Kush Bavishi
894502644c test_wait_for_dns_change fixed! 2019-08-07 13:39:20 -07:00
Kush Bavishi
37a1b55b08 test_delete_txt_record changed to mock get_zone_name and return the value directly instead of executing the function. 2019-08-07 13:27:21 -07:00
Kush Bavishi
31c2d207a2 test_delete_txt_record fixed. Function call was missing earlier 2019-08-07 13:23:05 -07:00
Kush Bavishi
785c1ca73e test_create_txt_record modified - get_zone_name mocked to return the zone name directly, instead of actually running the function. 2019-08-07 13:20:24 -07:00
Kush Bavishi
f2cbddf9e2 Unit tests for get_zone_name, get_zones 2019-08-07 13:17:16 -07:00
Kush Bavishi
6e84e1fd59 Unit Tests for create_txt_record, delete_txt_record, wait_for_dns_change 2019-08-07 13:04:38 -07:00
Hossein Shafagh
ff1f73f985 fixing the plugin test to include authority 2019-08-07 12:05:36 -07:00
Hossein Shafagh
bbda9b1d6f making sure to handle when no config file provided, though we do a check for that 2019-08-07 12:05:13 -07:00
Hossein Shafagh
b885cdf9d0 adding multi profile name support with DigiCert plug. 
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.

DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}

Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
 2019-08-07 10:24:38 -07:00
Kush Bavishi
a7c2b970b0 Unit testing Part 1 2019-08-05 14:00:22 -07:00
Kush Bavishi
2903799b85 Changed string formatting from "{}".format() to f"{}" for consistency 2019-07-31 14:19:49 -07:00
Kush Bavishi
5a401b2d87 Added the Zone class and Record class to ultradns.py and removed the respective files 2019-07-31 12:04:42 -07:00
Kush Bavishi
fe075dc9f5 Changed function comments to doc strings. 2019-07-31 12:00:31 -07:00
Kush Bavishi
503df999fa Updated metrics.send to send function named, followed by status, separated by a period 2019-07-31 11:32:04 -07:00
Kush Bavishi
11cd095131 Reduced the number of calls to get_public_authoritative_nameserver by using a variable 2019-07-31 11:12:28 -07:00
Kush Bavishi
3ba7fdbd49 Updated logger to log a dictionary instead of a string 2019-07-31 11:11:39 -07:00
Hossein Shafagh
6bf920e66c
Merge branch 'master' into ultradnsPlugin 2019-07-30 14:13:45 -07:00
Kush Bavishi
44bc562e8b
Update ultradns.py 
Minor logging changes in wait_for_dns_change
 2019-07-30 13:08:16 -07:00
Kush Bavishi
3d48b422b5 Removed TODO 2019-07-30 11:39:35 -07:00
Kush Bavishi
3ad791e1ec Dynamically obtain the authoritative nameserver for the domain 2019-07-29 18:01:28 -07:00
Kush Bavishi
e993194b4f Check ultraDNS authoritative server first. Upon success, check Googles DNS server. 2019-07-29 14:59:28 -07:00
Hossein Shafagh
adabe18c90 metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation 2019-07-25 18:56:28 -07:00
Kush Bavishi
252410c6e9 Updated TTL from 300 to 5 2019-07-22 16:00:20 -07:00
Kush Bavishi
51f3b7dde0 Added the Record class for UltraDNS 2019-07-22 14:23:40 -07:00
Kush Bavishi
0b52aa8c59 Added Zone class to handle ultradns zones 2019-07-22 11:47:48 -07:00
Kush Bavishi
e37a7c775e Initial commit for the UltraDNS plugin to support Lets Encrypt 2019-07-18 14:29:54 -07:00
Curtis Castrapel
0c5a8f2039 Relax celery time limit for source syncing; Ensure metric tags are string 2019-07-01 08:35:04 -07:00
alwaysjolley
86a1fb41ac lint fix 2019-06-25 06:56:37 -04:00
alwaysjolley
55a96ba790 type none 2019-06-24 15:10:10 -04:00
alwaysjolley
6699833297 fixing empty chain 2019-06-24 13:10:08 -04:00
alwaysjolley
bbf50cf0b0 updated dest as well as src 2019-06-20 08:26:32 -04:00
alwaysjolley
02719a1de7 Merge branch 'master' into vault_regex 
fixed conflicts:
	lemur/plugins/lemur_vault_dest/plugin.py
 2019-06-19 09:53:08 -04:00
alwaysjolley
56917614a2 fixing regex to be more flexable 2019-06-19 09:46:44 -04:00
Ryan DeShone
09c7076e79 Handle double data field in API v2 2019-05-22 17:12:10 -04:00
Curtis Castrapel
1423ac0d98 More metrics 2019-05-21 12:55:33 -07:00
Curtis Castrapel
34c7e5230b Set a limit on number of retries 2019-05-21 12:52:41 -07:00
Curtis Castrapel
68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis Castrapel
e3c5490d25 Expose exact response from digicert as error 2019-05-15 13:36:40 -07:00
Curtis Castrapel
7e92edc70a Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion 2019-05-15 11:43:59 -07:00
Curtis Castrapel
565142f985 Add soft timeouts to celery jobs; Check for PEM in LE order 2019-05-14 12:52:30 -07:00
Curtis
e65154b48e
Merge branch 'master' into develop 2019-05-07 07:36:51 -07:00
alwaysjolley
ef7a8587fe Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source 2019-05-07 10:06:09 -04:00
alwaysjolley
b0c8901b0a lint cleanup 2019-05-07 10:05:01 -04:00
alwaysjolley
36ce1cc7ef
Merge branch 'master' into lemur_vault_source 2019-05-07 09:41:50 -04:00
alwaysjolley
fb3f0bd72a adding Vault Source plugin 2019-05-07 09:37:30 -04:00
Daniel Iancu
a7af3cf8d2 Fix Cloudflare DNS 2019-05-07 03:05:24 +03:00
Curtis Castrapel
3a1da72419 nt 2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff Updated requirements ; Revert change and require DNS validation by provider 2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884 Move ACME host validation logic prior to R53 host modification 2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname 2019-04-26 15:45:04 -07:00
Curtis Castrapel
1a3ba46873 More retry changes 2019-04-26 10:18:54 -07:00
Curtis Castrapel
1e64851d79 Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries 2019-04-26 10:16:18 -07:00
Curtis
8eef95b58e
Merge branch 'master' into expose_verisign_exception 2019-04-25 19:15:55 -07:00
Curtis Castrapel
dcdfb32883 Expose verisign exceptions 2019-04-25 19:14:15 -07:00
Curtis Castrapel
39584f214b Process DNS Challenges appropriately (1 challenge -> 1 domain) 2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9 Better metrics and error reporting 2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a Better exception handling, logging, and metrics for ACME flow 2019-04-24 15:26:23 -07:00
alwaysjolley
a801112cf6
Merge branch 'master' into lemur_vault_plugin 2019-04-23 07:07:39 -04:00
alwaysjolley
85efb6a99e cleanup tmp files 2019-04-23 07:06:52 -04:00
alwaysjolley
f9dadb2670 fixing validation 2019-04-22 09:38:44 -04:00
alwaysjolley
8dccaaf544 simpler validation 2019-04-22 07:58:01 -04:00
alwaysjolley
1667c05742 removed unused functions 2019-04-18 13:57:10 -04:00
alwaysjolley
b39e2e3f66 Merge branch 'master' into lemur_vault_plugin 2019-04-18 13:55:45 -04:00
alwaysjolley
fb3b0e8cd7 adding regex filtering 2019-04-18 13:52:40 -04:00
Hossein Shafagh
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-12 09:38:50 -07:00
alwaysjolley
9ecc19c481 adding san filter 2019-04-12 09:53:06 -04:00
Hossein Shafagh
d7abf2ec18 adding a new util method for setting options 2019-04-11 17:13:47 -07:00
Hossein Shafagh
60edab9f6d cleaning up 2019-04-11 14:12:31 -07:00
Hossein Shafagh
f185df4f1e bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug 2019-04-11 13:28:58 -07:00
Hossein Shafagh
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-04-10 09:47:06 -07:00
Hossein Shafagh
f3d0536800 removing hardcoded rules, to give more flexibility into defining new source-destinations 2019-04-09 20:49:07 -07:00
Hossein Shafagh
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-09 08:28:05 -07:00
Marti Raudsepp
dbf34a4d48 Rewrite Java Keystore/Truststore support based on pyjks library 2019-04-06 20:24:46 +03:00
Ryan DeShone
e10007ef7b Add support for Vault KV API v2 
This adds the ability to target KV API v1 or v2.
 2019-03-29 10:32:49 -04:00
Hossein Shafagh
d2e969b836 better synching of source and destinations 2019-03-26 18:20:14 -07:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors 2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs 2019-03-25 08:28:23 -07:00
alwaysjolley
fa4a5122bc fixing file read to trim line endings and cleanup 2019-03-20 14:59:04 -04:00
alwaysjolley
f99b11d50e refactor url and token to support muiltiple instances of vault 2019-03-20 13:51:06 -04:00
alwaysjolley
f1c09a6f8f fixed comments 2019-03-07 15:58:34 -05:00
alwaysjolley
752c9a086b fixing error handling and better data formating 2019-03-07 15:41:29 -05:00
alwaysjolley
a1cb8ee266 fixing lint 2019-03-05 07:37:04 -05:00
alwaysjolley
880eaad6cb Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin 2019-03-05 07:22:18 -05:00
alwaysjolley
4a027797e0 fixing linting issues 2019-03-05 07:19:22 -05:00
alwaysjolley
20518bc377
Merge branch 'master' into lemur_vault_plugin 2019-03-01 09:58:43 -05:00
alwaysjolley
5d2f603c84 renamed vault destination plugin to avoid conflict with vault pki plugin 2019-03-01 09:49:52 -05:00
alwaysjolley
53301728fa Moved url to config file instead of plugin option. One one url can be supported 
unless both the token and url are moved to the plugin options.
 2019-02-26 09:15:12 -05:00
alwaysjolley
cd65a36437 - support multiple bundle configuration, nginx, apache, cert only 
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
 2019-02-25 09:42:07 -05:00
Ronald Moesbergen
ef0c08dfd9 Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'. 
This fix sets it to the common name instead.
 2019-02-21 16:33:43 +01:00
alwaysjolley
eaa73998a0 adding lemur_vault destination plugin 2019-02-19 15:03:15 -05:00
Hossein Shafagh
6705a0e030
Merge branch 'master' into ADCS-plugin 2019-02-01 16:38:39 -08:00
sirferl
36ab1c0bec
Merge branch 'master' into ADCS-plugin 2019-02-01 19:10:46 +01:00
Marti Raudsepp
e24a94d798 Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes 
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
 2019-01-30 18:11:24 +02:00
Hossein Shafagh
7f4f4ffded
Merge branch 'master' into master 2019-01-29 16:30:15 -08:00