Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,719 Commits 4 Branches 45 Tags 7.5 MiB
aa8d5f097e
Commit Graph

726 Commits

Author SHA1 Message Date
Hossein Shafagh
add0960579 more meaningful variable naming 2020-10-30 18:18:37 -07:00
Hossein Shafagh
e1ff89eb2d better return arguments 2020-10-30 18:18:14 -07:00
Hossein Shafagh
ba8eb7a3f5 better logging and metrics 2020-10-30 18:17:02 -07:00
Hossein Shafagh
c5769378cf
making lint happy 2020-10-30 15:21:22 -07:00
Hossein Shafagh
f90041353c
Merge branch 'master' into expanding-S3-plugin 2020-10-30 15:19:26 -07:00
csine-nflx
a4178ca113 fixing floating comma in CNAME PR 2020-10-29 18:52:22 -07:00
csine-nflx
ccecb26816 Merge branch 'cname_01' of github.com:Netflix/lemur into cname_01 2020-10-29 14:43:14 -07:00
csine-nflx
ca465e3c9e updating debug string with target_domain 2020-10-29 14:42:51 -07:00
Hossein Shafagh
15a7921bf4
Merge branch 'master' into cname_01 2020-10-29 14:09:48 -07:00
Chad S
14348a1f95
Merge branch 'master' into cname_01 2020-10-29 14:01:14 -07:00
Hossein Shafagh
28c6f8583a
Merge branch 'master' into ses-arn-override 2020-10-29 13:52:51 -07:00
csine-nflx
a1f99c29c0 Merge branch 'cname_01' of github.com:Netflix/lemur into cname_01 2020-10-29 13:51:58 -07:00
csine-nflx
2b91077d92 updating variables based on feedback 2020-10-29 13:51:22 -07:00
Jasmine Schladen
28686fcf5d Merge branch 'ses-arn-override' of github.com:jtschladen/lemur into ses-arn-override 2020-10-29 13:48:55 -07:00
Jasmine Schladen
45cc9528d2 Cleaner syntax for default region 2020-10-29 13:48:43 -07:00
Jasmine Schladen
78afc060ae Add subject for SNS messages and correct date format 2020-10-29 13:41:47 -07:00
Hossein Shafagh
e967f2c676
Merge branch 'master' into ses-arn-override 2020-10-29 11:11:30 -07:00
Hossein Shafagh
2cea33cb11
Merge branch 'master' into expanding-S3-plugin 2020-10-29 11:09:00 -07:00
Chad S
af348b1012
Merge branch 'master' into cname_01 2020-10-28 22:41:23 -07:00
csine-nflx
33a006bbeb fixing delete with optional validation 2020-10-28 22:24:37 -07:00
csine-nflx
b47667b73e cname redirection working 2020-10-28 20:51:35 -07:00
Jasmine Schladen
3e492e6310 Add ability to override SES region 2020-10-28 17:09:54 -07:00
Jasmine Schladen
5e696f36bf Add ability to override SourceArnn for SES 2020-10-28 16:34:31 -07:00
csine-nflx
d27f2a53af Merge branch 'master' of github.com:Netflix/lemur into cname_01 2020-10-28 14:03:23 -07:00
Hossein Shafagh
84d30b5d50
Merge branch 'master' into issuer-retry 2020-10-28 13:21:10 -07:00
Mathias Petermann
23e1700fad flake8 2020-10-28 13:47:57 +01:00
Hossein Shafagh
c6a8034890
language 2020-10-27 16:13:05 -07:00
Jasmine Schladen
20b8c2fd93 PR feedback 2020-10-27 08:56:43 -07:00
Mathias Petermann
ccf87986c0 Add store_account to AcmeDnsIssuer 2020-10-27 12:15:07 +01:00
Mathias Petermann
96fbcdaf70 Fix test_finalize_authorizations, dont reuse cleanup_dns_challenges in finalize_authorizations 2020-10-27 11:27:44 +01:00
Mathias Petermann
103e107668 Fix patches for test_create_certificate 2020-10-27 11:16:29 +01:00
Mathias Petermann
82bf8e2ac6 Remove unnecessary code from dnsChallenge, Fix patches in dns tests 2020-10-27 11:09:30 +01:00
Mathias Petermann
2d98e71977 Replace deprecated assertRaisesRegexp with assertRaisesRegex 2020-10-27 10:44:04 +01:00
Mathias Petermann
30c10b93f8 Fix patches for acme_handler tests 2020-10-27 10:37:30 +01:00
Mathias Petermann
3b20a47603 Fix patches for acme_http tests, apparently isinstance is considered evil in python 2020-10-27 10:37:30 +01:00
Mathias Petermann
4464c5890d Flake8 2020-10-27 10:37:30 +01:00
Mathias Petermann
812e1dee92 Refactor Acme plugin into AcmeChallenge objects, dns01 2020-10-27 10:37:27 +01:00
Mathias Petermann
b91cebf245 Refactor Acme plugin into AcmeChallenge objects, http01 2020-10-27 10:36:06 +01:00
Mathias Petermann
6c1be02bfa Remove destination_list from AcmeHttpIssuer 2020-10-27 10:28:34 +01:00
Mathias Petermann
ef0fce2661 Set timeout for finalize to 90s 2020-10-27 10:28:34 +01:00
Mathias Petermann
235653b558 Refactor destination selection for acme-http authorities, to load destinations dynamically 2020-10-27 10:28:34 +01:00
Mathias Petermann
81b078604c Implement revoke certificate for ACME 2020-10-27 10:28:34 +01:00
Mathias Petermann
215070b327 Fix create_certificate tests 2020-10-27 10:28:34 +01:00
Mathias Petermann
41ea59d7e3 Remove unneeded polling 2020-10-27 10:28:33 +01:00
Mathias Petermann
d24fae0bac Fix permissions on acme token upload, dont append well-known automatically 2020-10-27 10:28:33 +01:00
Mathias Petermann
66cab6abd3 Make http-01 challenge work for SAN certificates 2020-10-27 10:28:33 +01:00
Mathias Petermann
e3e5ef7d66 Refactor AcmeHandler, Move DNS stuff into AcmeDnsHandler 2020-10-27 10:28:33 +01:00
Mathias Petermann
76dcfbd528 Add more tests 2020-10-27 10:28:33 +01:00
Mathias Petermann
d6719b729c Implement some test for AcmeHttpIssuerPlugin 2020-10-27 10:28:33 +01:00
Mathias Petermann
b2de986652 Split tests into handler, and dns specifics 2020-10-27 10:28:30 +01:00
Mathias Petermann
b93d271f31 Fix flake8 2020-10-27 10:25:31 +01:00
Mathias Petermann
e06bdcf2a3 Implement create_certificate for HTTP-01 challenge 2020-10-27 10:25:31 +01:00
Mathias Petermann
3012995c76 Improve naming, make it possible to create directories recursively with SFTP 2020-10-27 10:25:31 +01:00
Mathias Petermann
348d8477dd Refactor destination plugin, to allow upload of ACME http-challenge tokens 2020-10-27 10:25:31 +01:00
Mathias Petermann
d00dd9d295 Initial structure for ACME http challenge 2020-10-27 10:25:31 +01:00
csine-nflx
749aa772ba First change to get CNAME redirection working 2020-10-26 11:57:33 -07:00
Hossein Shafagh
f6554a9a1e typo, fixing abstract class complaints 2020-10-23 18:03:55 -07:00
Hossein Shafagh
0e02abbb37 Entrust just looks into CSR for RSA/EC key type 2020-10-23 18:03:27 -07:00
Hossein Shafagh
9957120a7f adding missing import 2020-10-23 18:03:07 -07:00
Hossein Shafagh
7e573d6d51 fixing typo 2020-10-23 18:02:54 -07:00
Hossein Shafagh
6891077501 readability 2020-10-23 18:02:35 -07:00
Hossein Shafagh
75bc3a5b20 refactoring and adding retry 2020-10-23 18:02:05 -07:00
Hossein Shafagh
d233490c8a simple retry 2020-10-23 18:01:14 -07:00
Hossein Shafagh
2c1e7b19a2 10x 10s delay might be too long for the load balancer request 2020-10-23 17:59:58 -07:00
Hossein Shafagh
3d83db6f8f
Merge branch 'master' into expanding-S3-plugin 2020-10-23 14:13:30 -07:00
Hossein Shafagh
01bd357b1c
Merge branch 'master' into sns 2020-10-23 11:38:35 -07:00
Hossein Shafagh
1495fb3595 now fixing the month to minute bug 2020-10-23 10:18:24 -07:00
Hossein Shafagh
bc6fb02fc2 fixing testing 2020-10-23 10:16:38 -07:00
Hossein Shafagh
e01863097b fixing the time bug, sub-second to second, and month to minute! 2020-10-23 10:16:23 -07:00
Jasmine Schladen
233f9768e8 Fix error handling 2020-10-23 09:35:46 -07:00
Jasmine Schladen
98962ae5f5
Merge branch 'master' into sns 2020-10-23 08:50:26 -07:00
Hossein Shafagh
2b274f723a
Merge branch 'master' into improved-logging 2020-10-23 07:59:30 -07:00
Hossein Shafagh
8610af8b83
more precise language 2020-10-22 17:54:46 -07:00
Hossein Shafagh
820106e333
Merge branch 'master' into expanding-S3-plugin 2020-10-22 17:35:20 -07:00
Hossein Shafagh
9ce0010bf1 handle_respone can also handle the no data response 2020-10-22 17:33:39 -07:00
Hossein Shafagh
97f80b79dc adjusting digicert test to support seconds 2020-10-22 17:23:33 -07:00
Hossein Shafagh
9acd974b74 fixing the test to support seconds 2020-10-22 17:20:47 -07:00
Hossein Shafagh
ae1e9d120b consistent messaging 2020-10-22 17:13:58 -07:00
Hossein Shafagh
2e7652962c refactoring of the error handling 2020-10-22 17:11:02 -07:00
Hossein Shafagh
1c96ea9ab1 better messaging of exceptions 2020-10-22 17:10:32 -07:00
Hossein Shafagh
02c040865d more meaningful message 2020-10-22 16:05:29 -07:00
Hossein Shafagh
8fa90a2ce5 digicert expects also seconds, though not yet honoring it 2020-10-22 16:01:09 -07:00
Hossein Shafagh
c60645bec4 improved logging for all responses 2020-10-22 16:00:26 -07:00
Hossein Shafagh
c2fe2b5e03 improved logging for all responses 2020-10-22 15:59:59 -07:00
Hossein Shafagh
906b3b2337 better handling of status code 2020-10-21 19:52:25 -07:00
Jasmine Schladen
4f552cb636 Code cleanup 2020-10-20 12:02:36 -07:00
Jasmine Schladen
d6075ebc11 Merge 2020-10-20 11:48:54 -07:00
Jasmine Schladen
669a4273c2 Merge branch 'master' of github.com:jtschladen/lemur into sns 2020-10-19 16:29:33 -07:00
Jasmine Schladen
e90b08b363 Correct typo and enable Slack notification test 2020-10-16 17:08:44 -07:00
Jasmine Schladen
60bb0037f0 Miscellaneous notification fixes and tests 2020-10-16 15:13:12 -07:00
Jasmine Schladen
a04cce6044 Initial implementation 2020-10-16 10:40:11 -07:00
Hossein Shafagh
503530e935 the test requires region param for sts 2020-10-16 10:32:10 -07:00
Hossein Shafagh
11ce540246 formatting 2020-10-16 10:31:19 -07:00
Hossein Shafagh
9c04a888d8 adjusting the S3 test 2020-10-16 09:52:04 -07:00
Hossein Shafagh
17e528b5dd adding testing for acme_upload method 2020-10-16 09:50:35 -07:00
Hossein Shafagh
d705e3ae3b expanding the S3 destination plugin to support the acme token upload inteface 2020-10-16 09:49:56 -07:00
Hossein Shafagh
7d8eb1c61e improving test 2020-10-16 09:49:26 -07:00
Hossein Shafagh
6aad37e1f9 cleaning up code 2020-10-16 09:49:00 -07:00
Hossein Shafagh
d73db59d23 revsering removing region 2020-10-16 09:48:47 -07:00
Hossein Shafagh
bfe89e131e adding delete and put interfaces for the S3 plugin 2020-10-15 18:13:50 -07:00
sayali
28381737dc Removed OU from digicert plugin 2020-10-13 19:40:15 -07:00
Mathias Petermann
817fc3f0fe
Merge branch 'master' into feature/store-acme-account-details 2020-10-11 14:37:31 +02:00
Hossein Shafagh
0fc050e17b
Merge branch 'master' into dymanic-digicert-ICAs 2020-10-09 17:53:54 -07:00
Hossein Shafagh
42e9b8b627 removing the intermediary from being optional 2020-10-09 15:40:25 -07:00
sirferl
5a968ffe63 Lint errors 2020-10-09 12:05:57 +02:00
sirferl
d43e240a2a dded ELIF at determine_end_date, becuase of error. 2020-10-09 11:41:44 +02:00
sirferl
a6a4f458e0 added Tests and removed problems in test-setup 2020-10-09 11:35:04 +02:00
Hossein Shafagh
1a270cd315 switching from static DigiCert ICAs to dynamic ones to support: 
https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html
 2020-10-07 20:06:20 -07:00
Mathias Petermann
57534d86cd Disable account saving by default 2020-10-07 12:28:22 +02:00
Mathias Petermann
8353396940 Improve tests 2020-10-07 12:28:22 +02:00
Mathias Petermann
9abd3e97e7 Add test loading acme account from authority 2020-10-07 12:28:22 +02:00
Mathias Petermann
bf66de0bfd Add Test for saving the accound details 2020-10-07 12:28:22 +02:00
Mathias Petermann
e0708410d0 Add store_account value to options in test_setup_acme_client_success 2020-10-07 12:28:22 +02:00
Mathias Petermann
eed628dbab Implement storage of acme account 2020-10-07 12:28:22 +02:00
Mathias Petermann
898b5da661 Add store_account option to acme plugin 2020-10-07 12:28:22 +02:00
Hossein Shafagh
e5961146b9 session hook complains about metadata 
+ consistent language.
 2020-09-23 14:22:58 -06:00
Hossein Shafagh
cc855e2758 modern python style 2020-09-18 17:16:07 -07:00
Hossein Shafagh
416f39222a testing 2020-09-18 17:02:19 -07:00
Hossein Shafagh
fae3793255 entrrust plugin revised 2020-09-18 11:09:32 -07:00
sirferl
02c7a5ca7c another round of lint errors 2020-09-14 16:34:56 +02:00
sirferl
e011cc9251 added several enhancements following advice from peer 2020-09-14 16:24:53 +02:00
sirferl
9778eb7b25 fixed lint errors 2020-09-14 15:56:02 +02:00
sirferl
5bb0143da4 lint errors and removed _path from the API-Cert variables 2020-09-14 15:42:36 +02:00
sirferl
84496b0f55 fixed a few problems 2020-09-14 15:18:46 +02:00
sirferl
b8e3162c5f added revoke functionality 2020-09-14 14:20:11 +02:00
sirferl
b337b27146 added response handler 2020-09-14 12:23:58 +02:00
sirferl
01678a714f added required vars check 2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin 2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76 Log message change 
PR comments
 2020-09-11 15:53:34 -07:00
sirferl
1c9c377751
Lint errors 2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors 2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints 2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2 entrust plugin inital edit 2020-09-10 16:04:31 +02:00
sirferl
f47f108f43 ientrust plgin - first version 2020-09-10 16:03:29 +02:00
sayali
8ad4448c85 Match date format for comparison + expected new lines 2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed Logs during cert validity truncate for digicert 2020-08-31 18:20:32 -07:00
sirferl
1b73b1d080
Merge branch 'master' into master 2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable 
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
 2020-08-19 12:25:52 +02:00
sayali
6ff8910f87 mention 397 for digicert plugin 2020-08-11 18:53:19 -07:00
sayali
d7ca1570be maximum 1 year validity for digicert 2020-08-11 18:02:42 -07:00
sayali
bde2829e72 Modify unit test test_determine_end_date to match new config 2020-08-11 17:10:29 -07:00
sayali
7a83799bcd Cert validity should not exceed 397 days for publicly trusted issuers 2020-08-10 17:30:34 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-07-14 17:35:13 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c3b36d697f clarification 2020-06-08 15:17:45 -07:00