Commit Graph

1803 Commits

Author SHA1 Message Date
sayali
4d5e712e85 Remove option reset from test 2020-10-14 15:40:23 -07:00
sayali
ee1d07000a Test subject details in reissue with cab_compliant option 2020-10-14 14:49:53 -07:00
sayali
90839b4d4b Unit test for cab_compliant = true 2020-10-14 14:49:53 -07:00
sayali
62d099b500 Unit tests to check cab_compliant option 2020-10-14 12:41:56 -07:00
Hossein Shafagh
409e12a9d6
Update models.py
lint
2020-10-14 10:03:44 -07:00
Hossein Shafagh
894e35b4e2
Update schemas.py
minor language
2020-10-14 09:48:40 -07:00
Hossein Shafagh
97cf54433b
Update models.py
language
2020-10-14 09:45:13 -07:00
sayali
82dd663942 Moving default key_type to getDefaults 2020-10-13 19:40:32 -07:00
sayali
28381737dc Removed OU from digicert plugin 2020-10-13 19:40:15 -07:00
sayali
b677e6e325 Copy subject details for non-CAB-compliant authorities 2020-10-13 19:40:01 -07:00
Hossein Shafagh
5db1d31668
Merge branch 'master' into removing-outdated-language 2020-10-12 10:22:53 -07:00
Mathias Petermann
817fc3f0fe
Merge branch 'master' into feature/store-acme-account-details 2020-10-11 14:37:31 +02:00
Hossein Shafagh
4c7b429001
Merge branch 'master' into ui_changes 2020-10-09 18:05:33 -07:00
Hossein Shafagh
770339f94c cleaning up outdated phrases 2020-10-09 18:04:16 -07:00
sayali
fb4df8865b Formatting changes and typo 2020-10-09 17:58:03 -07:00
Hossein Shafagh
0fc050e17b
Merge branch 'master' into dymanic-digicert-ICAs 2020-10-09 17:53:54 -07:00
Hossein Shafagh
475833e8e1
Merge branch 'master' into ui_changes 2020-10-09 17:53:43 -07:00
Hossein Shafagh
198e20ce4f
Merge branch 'master' into dymanic-digicert-ICAs 2020-10-09 17:49:33 -07:00
Hossein Shafagh
d4819440af
Merge branch 'master' into entrust-plugin 2020-10-09 17:47:01 -07:00
sayali
d52e0d4e09 Certificate edit: update role and notification with owner change 2020-10-09 16:55:30 -07:00
Hossein Shafagh
42e9b8b627 removing the intermediary from being optional 2020-10-09 15:40:25 -07:00
sirferl
e67fc09bc8 Merge branch 'entrust-plugin' of github.com:sirferl/lemur into entrust-plugin 2020-10-09 12:11:41 +02:00
sirferl
5a968ffe63 Lint errors 2020-10-09 12:05:57 +02:00
sirferl
cc02a0adb0
Merge branch 'master' into entrust-plugin 2020-10-09 11:56:47 +02:00
sirferl
d43e240a2a dded ELIF at determine_end_date, becuase of error. 2020-10-09 11:41:44 +02:00
sirferl
a6a4f458e0 added Tests and removed problems in test-setup 2020-10-09 11:35:04 +02:00
sayali
d5ce38bf71 lint error fix - remove whitespace 2020-10-08 12:50:30 -07:00
sayali
8928e04385 Fix disable notify 2020-10-08 11:38:52 -07:00
Hossein Shafagh
1a270cd315 switching from static DigiCert ICAs to dynamic ones to support:
https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html
2020-10-07 20:06:20 -07:00
Hossein Shafagh
4f696abb5d adding util method to convert PKCS7 to pem 2020-10-07 20:03:46 -07:00
sayali
b7d0e62844 Make location optional
Remove form validation and default value in input schema
2020-10-07 13:31:23 -07:00
Mathias Petermann
57534d86cd Disable account saving by default 2020-10-07 12:28:22 +02:00
Mathias Petermann
8353396940 Improve tests 2020-10-07 12:28:22 +02:00
Mathias Petermann
9abd3e97e7 Add test loading acme account from authority 2020-10-07 12:28:22 +02:00
Mathias Petermann
bf66de0bfd Add Test for saving the accound details 2020-10-07 12:28:22 +02:00
Mathias Petermann
e0708410d0 Add store_account value to options in test_setup_acme_client_success 2020-10-07 12:28:22 +02:00
Mathias Petermann
7e6fb740b3 Fix flake8/linting errors 2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab Implement storage of acme account 2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661 Add store_account option to acme plugin 2020-10-07 12:28:22 +02:00
Mathias Petermann
e64e2a41d5 Add update_options to authorities service 2020-10-07 12:28:22 +02:00
sayali
c72661a87f Removing hardcoded name 2020-10-06 18:50:37 -07:00
sayali
6b96aefa21 Authority create: Email added to subject DN for cloudCA 2020-10-06 18:35:28 -07:00
sayali
ea513f465f Remove bit length check from last query 2020-09-29 16:33:10 -07:00
sayali
b9100dbf29 Merge branch 'master' of github.com:Netflix/lemur into key_type_column 2020-09-29 10:25:54 -07:00
Mathias Petermann
d7fc84f6e9 Fix dns-providers type missing from schema 2020-09-29 14:36:31 +02:00
sayali
aaff0f7581 Fixing UT for key_type on upload schema 2020-09-28 19:03:21 -07:00
sayali
7a226241db Add key_type to CertificateUploadInputSchema
Parse cert body to determine algo
2020-09-28 18:13:00 -07:00
Hossein Shafagh
96eada297f
lint 2020-09-28 14:40:56 -07:00
Hossein Shafagh
0fa136e7a4
Merge branch 'master' into remove-test-secrets 2020-09-25 17:19:39 -07:00
Hossein Shafagh
8f1c966079
Merge branch 'master' into remove-test-secrets 2020-09-25 12:48:28 -07:00
Hossein Shafagh
d49edd886b
language 2020-09-25 12:32:33 -07:00
Hossein Shafagh
e871c5eb18
Update conf.py 2020-09-25 12:30:37 -07:00
sayali
57457bfe78 Merge branch 'master' of github.com:Netflix/lemur into key_type_column 2020-09-23 15:23:45 -07:00
sayali
cd13832377 Use key_type column for cert get/rotate/reissue/display
Added unit tests
2020-09-23 15:16:19 -07:00
Hossein Shafagh
4e4a7e9cab
Merge branch 'master' into entrust-revised 2020-09-23 13:33:24 -07:00
Hossein Shafagh
e5961146b9 session hook complains about metadata
+ consistent language.
2020-09-23 14:22:58 -06:00
sayali
12af0ecb45 UT get_key_type_from_certificate 2020-09-23 11:46:38 -07:00
sayali
710290f590 Formatting changes 2020-09-23 11:45:36 -07:00
Hossein Shafagh
19b693f636
Update c301c59688d2_.py
language
2020-09-23 10:21:23 -07:00
Hossein Shafagh
e3fa072608
Update c301c59688d2_.py
language
2020-09-23 10:17:30 -07:00
sayali
921e8d8236 Add error message to the logs 2020-09-22 18:46:15 -07:00
sayali
9211178e77 Added date-time and modified log file name 2020-09-22 18:31:38 -07:00
sayali
8de9842092 Backfill the key_type column: DB Upgrade 2020-09-22 18:22:45 -07:00
Hossein Shafagh
1632b4b078 making lint happy, running make test-python doesn't run lint 2020-09-18 21:58:53 -07:00
Hossein Shafagh
21e9a4508d TypeError: 'float' object cannot be interpreted as an integer 2020-09-18 17:42:28 -07:00
Hossein Shafagh
c892cd5ae1 removing anything that remotely looks like a secret in code to set a good example 2020-09-18 17:38:52 -07:00
Hossein Shafagh
cc855e2758 modern python style 2020-09-18 17:16:07 -07:00
Hossein Shafagh
edab32d9a1 setting the required entrust configs 2020-09-18 17:03:22 -07:00
Hossein Shafagh
416f39222a testing 2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255 entrrust plugin revised 2020-09-18 11:09:32 -07:00
sayali
51549ae795 Adding comment for the property to be removed 2020-09-15 17:37:58 -07:00
sayali
d8cca855e8 Merge branch 'master' of github.com:Netflix/lemur into key_type_column 2020-09-15 15:16:13 -07:00
sayali
5ae65c2c4d Remove unused import 2020-09-15 14:55:04 -07:00
sayali
676562ffde Match column type to db schema
No functional change
2020-09-14 18:13:35 -07:00
sayali
02d711282d New column key_type
commenting conflicting property for now
2020-09-14 18:12:33 -07:00
sirferl
02c7a5ca7c another round of lint errors 2020-09-14 16:34:56 +02:00
sirferl
e011cc9251 added several enhancements following advice from peer 2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25 fixed lint errors 2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4 lint errors and removed _path from the API-Cert variables 2020-09-14 15:42:36 +02:00
sirferl
84496b0f55 fixed a few problems 2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f added revoke functionality 2020-09-14 14:20:11 +02:00
sirferl
b337b27146 added response handler 2020-09-14 12:23:58 +02:00
sirferl
01678a714f added required vars check 2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin 2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76 Log message change
PR comments
2020-09-11 15:53:34 -07:00
Hossein Shafagh
806aeddd87
Merge branch 'master' into validity 2020-09-11 10:09:01 -07:00
Hossein Shafagh
6e588f9c7b
Merge branch 'master' into validity 2020-09-11 09:06:11 -07:00
sirferl
1c9c377751
Lint errors 2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors 2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints 2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2 entrust plugin inital edit 2020-09-10 16:04:31 +02:00
sirferl
f47f108f43 ientrust plgin - first version 2020-09-10 16:03:29 +02:00
Hossein Shafagh
a7be8b6dce adding support for different types of CSR encodings 2020-09-09 19:54:53 -07:00
Hossein Shafagh
4923157dc2 expanding key_type to with EC support 2020-09-09 19:54:20 -07:00
Hossein Shafagh
aff7ad7ea2 testing 2020-09-09 19:53:59 -07:00
Hossein Shafagh
60fd2134ca removing duplicate curves, and marking them in existing mapping 2020-09-09 19:53:35 -07:00
Hossein Shafagh
5ab9626cbd overwriting cn and key_type values from CSR, as they take precedence 2020-09-09 19:52:59 -07:00
Hossein Shafagh
6fa15c4cb3 methods to extract cn and key_type from csr 2020-09-09 19:48:21 -07:00
Hossein Shafagh
de0c38e9ba mapping of curve name to key_type 2020-09-09 19:47:51 -07:00
sayali
8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sayali
9c4fb85dc3 Calculate dates from defaultDays in js 2020-08-31 18:19:32 -07:00
Hossein Shafagh
d478def98c removing the custom key Type and doing the conversion in the backend 2020-08-31 16:35:47 -07:00
Hossein Shafagh
9a7a632489 using a standard curve for testing 2020-08-28 09:48:35 -07:00
Hossein Shafagh
9671b34485 adding support for all type of ECC curves which existing CA plugins might support 2020-08-27 14:15:14 -07:00
sayali
1fc2e29ab8 Remove 397 days validation as it causes error in API calls
More to come in future
2020-08-27 14:15:14 -07:00
sirferl
ab4cda2298 Extended ADCS_TEMPLATE_ Variable
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-27 14:15:14 -07:00
sayali
7a9500eee0 Lint error fix 2020-08-27 14:15:14 -07:00
sayali
5ed109e998 Max end date as per start date + default validity 3 years 2020-08-27 14:15:14 -07:00
sayali
7011a4df8b max date on UI as per max validity configs 2020-08-27 14:15:14 -07:00
sayali
4d7c6844e5 Make Organizational Unit optional 2020-08-27 14:15:14 -07:00
sayali
2645c4a82d mention 397 for digicert plugin 2020-08-27 14:15:14 -07:00
sayali
3cb386cc0f maximum 1 year validity for digicert 2020-08-27 14:15:14 -07:00
sayali
e06dea106f Modify unit test test_determine_end_date to match new config 2020-08-27 14:15:14 -07:00
sayali
d7d483fa9b Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES 2020-08-27 14:15:14 -07:00
sayali
25125f3257 Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-27 14:15:14 -07:00
sayali
404d213e8f Modified cert description to have cert id being cloned 2020-08-27 14:15:14 -07:00
sayali
e75e472a1a Do not inherit replacement info during cert clone 2020-08-27 14:15:14 -07:00
sayali
69b64c63ea Honor selected algorithm during certificate cloning 2020-08-27 14:15:14 -07:00
Hossein Shafagh
f4bcd1cf30 lack of an empty config file was resulting into this error
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-08-27 14:15:14 -07:00
Hossein Shafagh
5a6e4e5b43 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-08-27 14:15:14 -07:00
Hossein Shafagh
c169ad291e adding the correct signing algorithm, and a missing key Type 2020-08-27 13:29:56 -07:00
sayali
3242fc1e13 Validity with radio buttons 2020-08-26 19:30:12 -07:00
sayali
6aedd3b0d8 Datepicker enhancements 2020-08-25 18:40:36 -07:00
sayali
3efe14c43f Remove 397 days validation as it causes error in API calls
More to come in future
2020-08-25 16:26:20 -07:00
sirferl
4f148f3bc3
Merge branch 'master' into master 2020-08-20 11:33:18 +02:00
sirferl
1b73b1d080
Merge branch 'master' into master 2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-19 12:25:52 +02:00
sayali
5b96b3a032 Lint error fix 2020-08-18 20:03:15 -07:00
sayali
240f0b99c8 Max end date as per start date + default validity 3 years 2020-08-18 19:34:59 -07:00
sayali
bc5579e9bf max date on UI as per max validity configs 2020-08-18 14:50:42 -07:00
sayali
5b3f40467b Make Organizational Unit optional 2020-08-18 14:50:42 -07:00
sayali
6ff8910f87 mention 397 for digicert plugin 2020-08-11 18:53:19 -07:00
sayali
d7ca1570be maximum 1 year validity for digicert 2020-08-11 18:02:42 -07:00
sayali
bde2829e72 Modify unit test test_determine_end_date to match new config 2020-08-11 17:10:29 -07:00
sayali
18a3514974 Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES 2020-08-10 18:06:45 -07:00
sayali
7a83799bcd Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-10 17:30:34 -07:00
Hossein Shafagh
9bcfcebb3a
Merge branch 'master' into bootswatch-fix 2020-08-04 14:09:33 -07:00
sayali
817a4c3d90 Modified cert description to have cert id being cloned 2020-08-03 19:24:06 -07:00
sayali
c3d8501401 Do not inherit replacement info during cert clone 2020-08-03 19:23:24 -07:00
sayali
c15a2c62d1 Honor selected algorithm during certificate cloning 2020-08-03 19:22:13 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
Hossein Shafagh
e0c2f4274e
Merge branch 'master' into patch-1 2020-07-02 10:16:02 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
Javier Ramos
1f598e3752
Fix unmatched field in Authorization
The field in the formatted string was not matching the args
2020-07-02 16:41:19 +02:00
Javier Ramos
7a5a5531cc
Raise ValidationError if CSR contains invalid CN
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:

    Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com

The empty L= causes a ValueError which needs to be captured.
2020-07-01 15:44:06 +02:00
Hossein Shafagh
4985744bd8 fixing UnboundLocalError bug 2020-06-11 16:47:37 -07:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-06-09 14:20:31 -07:00
Hossein Shafagh
fd3ea2cf46
Merge branch 'master' into json-logging-rotate 2020-06-09 10:58:53 -07:00
Hossein Shafagh
099ebee409
Merge branch 'master' into check-revoke-revised 2020-06-09 10:47:24 -07:00
Hossein Shafagh
62469e518f
Merge branch 'master' into json-logging-rotate 2020-06-09 10:45:57 -07:00
Hossein Shafagh
c3b36d697f clarification 2020-06-08 15:17:45 -07:00
Hossein Shafagh
5215a71a6d
Merge branch 'master' into check-revoke-revised 2020-06-04 15:51:48 -07:00
Hossein Shafagh
704e61dd53
Merge branch 'master' into json-logging-rotate 2020-06-04 15:51:24 -07:00
Hossein Shafagh
e06c3ea192
Merge branch 'master' into improve-expiry-email 2020-06-04 15:51:17 -07:00
alwaysjolley
1bcc9d5d0d allowing for _ in domains 2020-06-03 13:20:23 -04:00
alwaysjolley
1b8507636b fixing quotes, no escape characters in tests, fixed anchors 2020-06-03 12:49:55 -04:00
alwaysjolley
3ce7cd6c50 fixing escaped string on domain test 2020-06-03 11:34:14 -04:00
alwaysjolley
8658ac531e fixing unittests and allowing for single character domains 2020-06-03 08:08:49 -04:00
alwaysjolley
2a1751ec30 fixing domain validation to account for 2-63 character length and correct character set 2020-06-03 04:56:38 -04:00
Hossein Shafagh
50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-27 15:29:47 -07:00
Hossein Shafagh
d8948a12d3
Merge branch 'master' into check-revoke-revised 2020-05-27 15:29:19 -07:00
Hossein Shafagh
86c3771044
Merge branch 'master' into json-logging-rotate 2020-05-27 15:28:48 -07:00
Hossein Shafagh
904bc9d8b6
Merge branch 'master' into improve-expiry-email 2020-05-27 15:28:41 -07:00
Hossein Shafagh
d95f02d234
Merge branch 'master' into master 2020-05-27 14:25:07 -07:00
Hossein Shafagh
8861cc70cb rewordin 2020-05-26 17:12:47 -07:00
Hossein Shafagh
34e3f7c049 improved messaging 2020-05-26 16:38:12 -07:00
Hossein Shafagh
4eeab91d73 making lint happy 2020-05-22 18:36:39 -07:00
Hossein Shafagh
10dfedee36 making lint happy 2020-05-22 18:33:43 -07:00
Hossein Shafagh
86310ff02d
Merge branch 'master' into check-revoke-revised 2020-05-22 18:25:00 -07:00
Hossein Shafagh
87a53557cd
Merge branch 'master' into json-logging-rotate 2020-05-22 18:24:53 -07:00
Hossein Shafagh
8f16688b0a
Merge branch 'master' into check-revoke-revised 2020-05-22 17:45:50 -07:00
Hossein Shafagh
49a8b80df2 better exception handling when OCSP or CRL or not implemented 2020-05-22 17:36:34 -07:00
Hossein Shafagh
c9767b3172 adding logging for revoked certs 2020-05-22 17:32:44 -07:00
Hossein Shafagh
49c4a9c3b2 making the revocation to be scoped based on the authority plugin name 2020-05-22 17:29:30 -07:00
Hossein Shafagh
4923bbf8a7 adding json formatted logging 2020-05-22 16:22:12 -07:00
Hossein Shafagh
09016fd2ee cleaning up the code after more local testing 2020-05-22 16:04:39 -07:00
e11it
f83e3f764e
always assign csr_sans to name 2020-05-22 21:52:43 +03:00
Hossein Shafagh
97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-22 10:29:28 -07:00
Hossein Shafagh
cc4fc66c93
Merge branch 'master' into master 2020-05-22 09:57:46 -07:00
Hossein Shafagh
748268ecd5
Merge branch 'master' into cert-rotation-region-by-region 2020-05-22 09:57:06 -07:00
Hossein Shafagh
2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-21 15:39:58 -07:00
Hossein Shafagh
fd444403bb improved logging.
- adding destination name, fixing broken metric.
2020-05-21 15:32:38 -07:00
Hossein Shafagh
70985f4ff5 revised system arch 2020-05-14 22:37:30 -07:00
Hossein Shafagh
cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region 2020-05-08 15:32:49 -07:00
Hossein Shafagh
529ee04ae7 removing duplicate line 2020-05-08 09:16:46 -07:00
Hossein Shafagh
f68900d2b3 improving logging and the possibility of defining which Authorities qualify for auto-rotation 2020-05-07 18:28:01 -07:00
Hossein Shafagh
843ffad60e removing testing comments 2020-05-07 17:10:50 -07:00
Hossein Shafagh
1b6907a404 Certificate rotation region by region
example scheudule:
CELERYBEAT_SCHEDULE = {
    'certificate_rotate': {
        'task': 'lemur.common.celery.certificate_rotate',
        'options': {
            'expires': 180
        },
        'schedule': crontab(minute="*"),
        'kwargs': {'region': 'us-east-1'}
    }
}
2020-05-07 16:28:01 -07:00
Curtis Castrapel
7e97d885df Address comments 2020-04-28 13:16:27 -07:00
Curtis Castrapel
863af7a3e5 Making CLI command ; Running black 2020-04-28 12:16:46 -07:00
Curtis Castrapel
273c3e2793 Celery task to enable autorotate for all certificates attached to endpoints without it enabled 2020-04-28 11:52:43 -07:00
Hossein Shafagh
8d0007b9c0 fixing the private DNS zone issue.
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure  they are not added to the  dns_provider table.
2020-04-24 15:48:06 -07:00
csine-nflx
cee81bd693 updated requirements, fixed unittests, pytest, and distinguidedName ordering 2020-04-09 18:17:05 -07:00
Curtis
213b13d3c9
Merge branch 'master' into enhanced_error_loggin 2020-04-08 14:56:51 -04:00
Curtis
2c8dc24fda
Merge branch 'master' into enhanced_error_loggin 2020-04-08 14:51:06 -04:00
Curtis Castrapel
1360d846fd Improve error logging for a couple of use cases 2020-04-08 11:50:42 -07:00
Hossein Shafagh
3b3cec6f8b
Merge branch 'master' into oauth2 2020-04-08 10:12:04 -07:00
Hossein Shafagh
eaeec5d757
Merge branch 'master' into imporved-metrics-sources 2020-04-08 09:23:27 -07:00
Curtis Castrapel
11b15e7e23 Clean up docstrings 2020-04-08 08:41:48 -07:00
Curtis Castrapel
eb138fc960 Add default celery metrics and logging using celery signals 2020-04-08 08:38:40 -07:00
Hossein Shafagh
45c98a21b3
Merge branch 'master' into imporved-metrics-sources 2020-04-06 16:02:25 -07:00
csine-nflx
46e0d1953b Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02 2020-04-05 21:47:24 -07:00
csine-nflx
f82ec24dfa updating _get_txt_records return values and docstrings 2020-04-05 21:46:33 -07:00
David Stipp
5c2a2f8ff2 OAUTH2 fixes
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
2020-04-04 11:32:23 -04:00
Hossein Shafagh
5add647148 # emitting the count of certificates on the source 2020-04-03 16:51:24 -07:00
Curtis
efb7a33d3e
Merge branch 'master' into castrapel-patch-3 2020-04-01 14:03:17 -04:00
Curtis
b4025e6820
Merge branch 'master' into castrapel-patch-3 2020-04-01 13:55:14 -04:00
Curtis
9a939e8281
Merge branch 'master' into castrapel-patch-2 2020-04-01 13:54:39 -04:00
Curtis
d825616ea6
No need to retry 25 times on DeleteConflict errors 2020-04-01 10:53:17 -07:00
Curtis
e25f97fce7
Bump time limit for clean_source Celery job
For larger accounts, I've hit SoftTimeLimit exceptions before completion of this celery job. Bumping up the time limit on this job.
2020-04-01 10:50:24 -07:00
Curtis
67d24caef5
Remove equivalent destinations when cleaning certificates
Remove equivalent destinations when cleaning certificates. This will prevent Lemur from attempting to re-upload a certificate after it has been cleaned.
2020-04-01 10:31:12 -07:00
csine-nflx
6f3ba23fa0 updating sinlge line of comments 2020-03-30 13:34:24 -07:00
csine-nflx
9d9bf9d7ba Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02 2020-03-30 09:02:56 -07:00
csine-nflx
d6cc8a8a9a fixing whitespace 2020-03-30 09:01:28 -07:00
Hossein Shafagh
66183e6bdd
Merge branch 'master' into powerdnsplugin_02 2020-03-27 10:45:15 -07:00
Chad S
2b7e60399c
Merge branch 'master' into powerdnsplugin_02 2020-03-27 10:27:33 -07:00
csine-nflx
0e314d0028 adding documentation and final cleanup 2020-03-27 10:18:38 -07:00
csine-nflx
0149f8b0d3 add support for wildcard and naked domains to PowerDNS module 2020-03-26 22:15:10 -07:00
Hossein Shafagh
2a2499a929 simplifying code 2020-03-26 20:45:00 -07:00
Hossein Shafagh
5206997468 expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc 2020-03-26 19:01:07 -07:00
Hossein Shafagh
88c40aa93c
Merge branch 'master' into master 2020-03-23 20:31:16 -07:00
Hossein Shafagh
697215f8bc better handling of destination plugin errors, and also checking cert expiration before upload 2020-03-21 20:05:35 -07:00
Ilya Makarov
7bd5173da4 Merge with Netflix/lemur master 2020-03-20 20:52:33 +03:00
Hossein Shafagh
1d4da0e3d8 another polish 2020-03-17 16:59:09 -07:00
Hossein Shafagh
ecca003ab4 improving the documentation and method naming 2020-03-17 16:55:36 -07:00
csine-nflx
9de89ec96a
Merge branch 'master' into new_clean_cert_cli 2020-03-17 13:38:32 -07:00
csine-nflx
07dc31bed7 cleaning up whitespace changes 2020-03-16 11:41:05 -07:00
csine-nflx
1a19e250bb updating and cleaning up tests 2020-03-16 11:24:17 -07:00
Hossein Shafagh
34d23503de fixing the data bug 2020-03-14 20:41:03 -07:00
Hossein Shafagh
b28b4f9a28 adding to new cli commands for cleaning certificates from source:
a) either about to expire in X days and not attached to an endpoint
a) or issued since X days but still not attached to an endpoint
2020-03-14 20:19:26 -07:00
Hossein Shafagh
c96695c966 refactor 2020-03-14 20:18:07 -07:00
Hossein Shafagh
593c35776c adding new methods for getting pending clean 2020-03-14 20:17:05 -07:00
csine-nflx
921d52b360 fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations 2020-03-13 00:03:31 -07:00
Ilya Makarov
be722fb1b3 Fix lint 2020-03-11 20:51:10 +03:00
Ilya Makarov
92a8942727 Fix lint 2020-03-11 15:37:11 +03:00
Ilya Makarov
a6c3b85fe1 Fix lint 2020-03-11 15:15:56 +03:00
Ilya Makarov
ba8e315eed Fix typo 2020-03-11 14:22:04 +03:00
Ilya Makarov
729ed3843d Fix bug wth get_options and slash in name 2020-03-11 14:16:29 +03:00
Ilya Makarov
d3cb0b517a Add format support 2020-03-11 02:27:31 +03:00
Ilya Makarov
ad86cf1fd9 Merge remote-tracking branch 'upstream/master' 2020-03-11 00:29:07 +03:00
csine-nflx
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01 2020-03-05 15:25:40 -08:00
csine-nflx
771e72187a updates based on feedback 2020-03-05 15:24:56 -08:00
csine-nflx
5dfb6acb17 adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation 2020-03-05 14:59:21 -08:00
csine-nflx
c0004e506e removing 2 year option from Lemur certificate request form 2020-03-04 14:50:44 -08:00
Hossein Shafagh
4a4b3b932e
Merge branch 'master' into master 2020-03-04 10:32:10 -08:00
csine-nflx
1e81d47793 Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01 2020-03-03 17:28:58 -08:00
csine-nflx
fdc1e20c23 updating config_mock defaults 2020-03-03 17:27:15 -08:00
csine-nflx
38b7d6e5e3
Merge branch 'master' into renewal_validity_01 2020-03-03 14:44:33 -08:00
csine-nflx
6c46481ffd simplifying return statement for validity years 2020-03-03 14:40:50 -08:00
csine-nflx
318292704d fixing default/max DigiCert validity values 2020-03-03 14:29:17 -08:00
e11it
27a86f5c18
Fix: San values
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
e11it
fe67ff2146
Update plugin.py
Fix lint
2020-03-02 09:18:02 +03:00
Ilya Makarov
a8c0adaa4d Merge remote-tracking branch 'upstream/master' 2020-02-27 17:08:35 +03:00
Ilya Makarov
9612d291ed Add path suffix options 2020-02-18 19:16:27 +03:00
Hossein Shafagh
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl 2020-02-17 10:30:58 -08:00
sirferl
e75df1ddc9
Update plugin.py 2020-02-17 19:04:20 +01:00
Hossein Shafagh
d29edabefe
Merge branch 'master' into le_Log_orderurl 2020-02-17 09:24:51 -08:00
sirferl
ed3472d029
Update plugin.py 2020-02-17 15:21:29 +01:00
sirferl
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>""" 
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
sirferl
1815c89970
Made the change more elegant
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
sirferl
a70a49e4e9
Update plugin.py 2020-02-15 16:11:58 +01:00
sirferl
3693bc2d8b
removed whitespaces inserted by online editor 2020-02-15 16:09:25 +01:00
sirferl
bfa953270d
Fixed whitespace error 2020-02-15 16:04:44 +01:00
sirferl
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
csine-nflx
a8e8924e2a
Merge branch 'master' into le_Log_orderurl 2020-02-14 17:10:38 -08:00
sirferl
8e3cc93d6a
Whitespaces in empty line 113 removed 2020-02-14 07:50:18 +01:00
csine-nflx
b521aaf579
Merge branch 'master' into le_Log_orderurl 2020-02-13 16:41:14 -08:00
csine-nflx
af21225918 adding logging on sucess and metric submission of URL for certificate issuance 2020-02-13 16:38:33 -08:00
Hossein Shafagh
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-02-13 16:05:46 -08:00
Hossein Shafagh
2b849a6520
Update plugin.py
making lint happy
2020-02-13 15:58:07 -08:00
Hossein Shafagh
9db1ea3307
Merge branch 'master' into master 2020-02-13 12:47:06 -08:00
sirferl
571c8bf42d
Error when validity_end date is empty
this lines of code (114ff) in threw an error, when the validity_end date was empty:

if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)

Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
sirferl
6c7bb5f9b7
Fixed TLS secret format ( )
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate 
2020-02-13 07:35:35 +01:00
csine-nflx
ca8e73286f fixed get_domains() to remove duplicate entries, updated usage and tests 2020-02-12 15:10:24 -08:00
Hossein Shafagh
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-02-10 11:23:21 -08:00
Hossein Shafagh
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-02-10 11:14:26 -08:00
Hossein Shafagh
b23ae60847
Merge branch 'master' into vault-k8s-auth 2020-02-10 11:12:52 -08:00
csine-nflx
bcdb3173bd ensuring that "3" is set as an integer instead of a string 2020-02-04 18:23:17 -08:00
csine-nflx
8ea54d7db2 removing exception if domain zone not found. Logging the issue instead 2020-02-04 14:50:56 -08:00
csine-nflx
48bccd6f68 moving _check_config() lower in file, near other private methods 2020-02-03 19:08:28 -08:00
csine-nflx
c38e651eb0 Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01 2020-02-03 19:04:05 -08:00
csine-nflx
53f81fb09f updating based on suggestions in 2911 2020-02-03 18:58:31 -08:00
Ilya Labun
5e8599540e
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-02-03 20:32:41 +01:00
csine-nflx
ac0282529e adding basic logging on success 2020-02-03 11:05:20 -08:00
csine-nflx
fecb5b6252
Merge branch 'master' into powerdnsplugin_01 2020-01-31 16:37:57 -08:00
csine-nflx
fb6d369130 removed unnecessary imports in test_dns_providers.py 2020-01-31 16:18:22 -08:00
csine-nflx
be7736d350 adding dns tests and assorted exception handling 2020-01-31 13:16:37 -08:00
csine-nflx
969a7107fe fixed PowerDNS Tests 2020-01-29 13:12:09 -08:00
csine-nflx
b885244aa7 fixing issue where set_domains() is still called when get_all_zones() throws an exception 2020-01-29 11:26:53 -08:00
csine-nflx
ef115ef2b1 moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES 2020-01-29 11:20:39 -08:00
csine-nflx
b91899fe99 created CLI options for testin ACME over dns. Examle: acme dnstest -d _acme-chall.foo.com -t token1 2020-01-28 19:13:28 -08:00
Hossein Shafagh
192ecb3ce0 DNS provider: adding more logging 2020-01-28 16:24:50 -08:00
sirferl
620f972635
Fixed an error
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
2020-01-27 11:04:49 +01:00
Ilya Labun
5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-01-24 11:28:55 +01:00
csine-nflx
c465062673 integrated PowerDNS plugin into dns_providers 2020-01-23 23:53:38 -08:00
rajatsharma94
9984470b58 fix fatal error in schema validator 2020-01-23 15:27:02 +01:00
csine-nflx
bddae6e428 adding PowerDNS delete_txt_record with associated tests 2020-01-22 16:18:52 -08:00
csine-nflx
52c7686d58 adding wait_for_dns_change() and tests for PowerDNS ACME plugin 2020-01-21 18:47:21 -08:00
csine-nflx
915ec0ba63 added PowerDNS support for create_txt_record and associated tests 2020-01-21 17:08:59 -08:00
Gutttlt
71f43dfcc1
Fixing "'Role' object has no attribute 'set_third_party'" error. 2020-01-21 08:40:54 +01:00
Hossein Shafagh
acf531ece3
Merge branch 'master' into vault-k8s-auth 2020-01-20 15:18:29 -08:00
Hossein Shafagh
6ee856e26d
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-01-20 15:15:25 -08:00
csine-nflx
3080a9527c adding PowerDNS get_zones functionality and unit tests 2020-01-17 18:29:37 -08:00
Hossein Shafagh
7f119b8914
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-01-17 17:18:06 -08:00
Hossein Shafagh
cb7507156c
Merge branch 'master' into vault-k8s-auth 2020-01-17 17:17:53 -08:00
Hossein Shafagh
d6f41b6a99 improving string formatting to avoid dangling white spaces and new lines 2020-01-16 13:45:13 -08:00
Hossein Shafagh
1ed6ae539d # possibility to default to a SIGNING_ALGORITHM for a given profile 2020-01-15 16:19:48 -08:00
jenkins-x-bot
cd7d9aee55 fixed lint error 2020-01-13 23:09:58 +02:00
jenkins-x-bot
8d957f22af changed file handling 2020-01-13 22:46:34 +02:00
Ilya Labun
bc1a2cf69c Optimize certificates SQL query
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
Ilya Labun
cc0b2d5439 Added new lowercase indexes for certificates cn, name and domains name
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:40:22 +01:00
jenkins-x-bot
cad56c813e fixed lint error 2020-01-12 01:51:48 +02:00
jenkins-x-bot
409b499217 added kubernetes auth for vault 2020-01-12 01:25:22 +02:00
Hossein Shafagh
348682d5ea
Merge branch 'master' into cfssl-key-fix 2020-01-09 10:44:02 -08:00
jenkins-x-bot
8be8c95b17 handled cfssl-key type error 2020-01-09 15:16:19 +02:00
Hossein Shafagh
1537d591a8 Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal. 2020-01-08 14:42:16 -08:00
Hossein Shafagh
9b9662d470
Merge branch 'master' into master 2020-01-03 13:15:58 -08:00
pmelse
45c1207d07
Merge branch 'master' into master 2019-12-27 13:30:56 -05:00
pmelse
9fb4be1273
remove trailing whitespace 2019-12-27 13:25:03 -05:00
Ilya Labun
189e8b2725 Eliminate subqueries when showing certificates list 2019-12-20 10:37:47 +01:00
Jay Zarfoss
00a0a27826 used fixedName variable to transport db lookup optimization 2019-11-20 09:44:31 -08:00
Jay Zarfoss
113c9dd657 atlas redis plugin typo cleanup and better exception handling 2019-11-06 10:42:59 -08:00
Jay Zarfoss
f803fab413 add plugin to send atlas metric via redis 2019-11-06 10:14:49 -08:00
Hossein Shafagh
0d983bd2b5 missed edge case 2019-10-18 15:39:36 -07:00
Hossein Shafagh
f077b19126
Merge branch 'master' into master 2019-10-18 11:32:21 -07:00
Hossein Shafagh
06f4aed693 keeping track of certs found by hash 2019-10-18 11:21:29 -07:00
Hossein Shafagh
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash 2019-10-18 11:08:51 -07:00
Hossein Shafagh
14e13b512e providing a count for conflicts 2019-10-18 11:03:28 -07:00
Hossein Shafagh
9037f88430 just in case the path varies 2019-10-18 11:02:41 -07:00
Hossein Shafagh
1768aad9e2 capturing no such entity exception. 2019-10-18 10:17:58 -07:00
Hossein Shafagh
8aea257e6a optimizing the call to describe cert to only the few certs with the naming issue 2019-10-18 09:24:49 -07:00
Hossein Shafagh
f075c5af3d in case no cert match via name-search, search via the cert itself (serial number, hash comparison) 2019-10-18 08:48:11 -07:00
Hossein Shafagh
d43e859c34 describing the cert for each endpoint, for better cert search 2019-10-18 08:46:01 -07:00
Hossein Shafagh
10b600424e refactoring searching for cert 2019-10-18 08:45:32 -07:00
Hossein Shafagh
b5ab87877b adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors 2019-10-17 10:16:33 -07:00
pmelse
f0652ca6a9
bug fix for overwriting certificates 2019-10-10 15:49:31 -04:00
Hossein Shafagh
477db836f4 lint 2019-09-23 12:52:17 -07:00
Hossein Shafagh
86f661a8af With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed 2019-09-23 12:36:08 -07:00
Hossein Shafagh
96b2149433 removing unintended commit 2019-09-20 15:22:45 -07:00
Hossein Shafagh
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019 2019-09-20 15:19:25 -07:00
Hossein Shafagh
a13c45e9cc updating dependencies, and fixing the deprecated arrow.replaces to shift 2019-09-20 13:49:38 -07:00
Hossein Shafagh
c669cd23f0
Merge branch 'master' into check-revoke-revised 2019-09-20 10:22:04 -07:00
Hossein Shafagh
972051a61e removing 3 and 4 years from validity range options 2019-09-20 10:16:23 -07:00
Hossein Shafagh
d0e8666267
Merge branch 'master' into better-metrics-endpoints 2019-08-21 10:01:00 -07:00