Commit Graph

2988 Commits

Author SHA1 Message Date
Curtis
a14fe08a63
Merge branch 'master' into kubernetes-improvment 2018-12-21 07:42:13 -08:00
Curtis
fb7605e34b
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:41:08 -08:00
Curtis
ae2b227943
Merge pull request #2260 from intgr/deduplicate-before-unique-migration
Deduplicate rows before notification associations unique constraint migration
2018-12-21 07:40:24 -08:00
Marti Raudsepp
72f6fdb17d Properly handle Unicode in issuer name sanitization
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.

We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
Marti Raudsepp
0f2e30cdae Deduplicate rows before notification associations unique constraint migration 2018-12-21 12:11:33 +02:00
sirferl
f02178c154 added ADCS issuer and source plugin 2018-12-20 11:54:47 +01:00
sirferl
194e2a43e7
Merge pull request #1 from Netflix/master
Merge fork with updated master again
2018-12-20 09:10:46 +01:00
Wesley Hartford
fbf48316b1 Minor changes for code review suggestions. 2018-12-18 22:43:32 -05:00
Wesley Hartford
073d05ae21 Merge branch 'kubernetes-fix' into kubernetes-improvment 2018-12-18 22:26:03 -05:00
Wesley Hartford
e7313da03e Minor changes for code review suggestions. 2018-12-18 22:24:48 -05:00
Curtis
0b39d0fa34
Merge pull request #2242 from castrapel/up-reqs-12182018
Update requirements
2018-12-18 12:48:04 -08:00
Curtis
49723d9aed
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:34:41 -08:00
Curtis
9e8804dddb
Merge pull request #2218 from wfhartford/destination-tpl-fix
Fix textarea and validation on destination page
2018-12-18 12:34:26 -08:00
Curtis
d01e9f21f9
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:29:37 -08:00
Curtis Castrapel
b35d494f2d Update requirements 2018-12-18 12:29:12 -08:00
Curtis
425a07e988
Merge branch 'master' into destination-tpl-fix 2018-12-18 12:27:35 -08:00
Curtis
388699be7c
Merge pull request #2204 from rmoesbergen/master
Bugfix: Prevent 'unserializable' error for unknown SAN types
2018-12-18 12:27:15 -08:00
Curtis
513e876e2e
Merge branch 'master' into master 2018-12-18 12:18:38 -08:00
Curtis
04681d9e1e
Merge pull request #2227 from sirferl/cli-repair-query
updated query to ignore empty parameters
2018-12-18 12:18:08 -08:00
Wesley Hartford
bc621c1468 Improve the Kubernetes Destination plugin
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.

The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.

The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.

Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl
a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Wesley Hartford
060c78fd91 Fix Kubernetes Destination Plugin
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.

The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford
437d918cf7 Fix textarea and validation on destination page
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen
dcf5ce0eec
Merge branch 'master' into master 2018-12-07 13:57:59 +01:00
Curtis
afc7512914
Merge pull request #2200 from castrapel/notification_fix
Fix notification emails
2018-12-06 12:50:01 -08:00
Curtis Castrapel
da87135e02 update reqs 2018-12-06 12:29:16 -08:00
Curtis
27fdce3842
Merge branch 'master' into notification_fix 2018-12-06 12:26:51 -08:00
Curtis Castrapel
c32e20b6fc Fix notifications - Ensure that notifcation e-mails are sent appropriately 2018-12-06 12:25:43 -08:00
Ronald Moesbergen
e0ac749734 When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable") 2018-12-06 16:47:53 +01:00
Curtis
f944e6aa32
Merge pull request #2177 from castrapel/multiple_dns_providers
Prefer DNS provider with longest matching zone
2018-11-30 12:53:25 -08:00
Curtis Castrapel
2a235fb0e2 Prefer DNS provider with longest matching zone 2018-11-30 12:44:52 -08:00
Curtis
d36a51fabb
Merge pull request #2171 from castrapel/letsencrypt_fix
LetsEncrypt Celery Flow
2018-11-29 09:42:36 -08:00
Curtis Castrapel
a90154e0ae LetsEncrypt Celery Flow 2018-11-29 09:29:05 -08:00
Curtis
67b476e6d7
Merge pull request #2158 from castrapel/celery_pending
Add async call to create pending cert when needed
2018-11-28 15:22:31 -08:00
Curtis Castrapel
39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Curtis
c66c8f873e
Merge pull request #2127 from rmoesbergen/master
Add support for nested group membership in ldap authenticator
2018-11-26 12:09:37 -08:00
Ronald Moesbergen
5fc5a058b6 Add documentation for the LDAP_IS_ACTIVE_DIRECTORY setting 2018-11-20 10:51:14 +01:00
Ronald Moesbergen
da10913045 Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True 2018-11-20 10:37:36 +01:00
Ronald Moesbergen
61839f4aca Add support for nested group membership in ldap authenticator 2018-11-19 13:42:42 +01:00
Curtis
661bc9cc13
Merge pull request #2101 from castrapel/left_outer_join
Left outer join on domains tables to avoid missing results
2018-11-13 15:08:59 -08:00
Curtis
495b3fd844
Merge branch 'master' into left_outer_join 2018-11-13 14:33:51 -08:00
Curtis Castrapel
3ce8abe46e Left outer join on domains tables to avoid missing results 2018-11-13 14:33:17 -08:00
Curtis
d5bf85b3b0
Merge pull request #2099 from castrapel/count_accurate
More accurate db count functionality
2018-11-13 09:26:14 -08:00
Curtis Castrapel
92a771f5ed More accurate db count functionality 2018-11-13 09:14:21 -08:00
Curtis
9d07b6644f
Merge pull request #2092 from castrapel/no_csr_reissue
No csr reissue
2018-11-12 10:01:57 -08:00
Curtis
29be647911
Merge branch 'master' into no_csr_reissue 2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler 2018-11-12 09:52:11 -08:00
Curtis Castrapel
6f0005c78e Avoid colliding LetsEncrypt jobs 2018-11-09 10:31:27 -08:00