072ca4da4f
Adding some additional output to rotation command. ( #627 )
2016-12-21 13:34:14 -08:00
8c5c30dfd4
Adding some additional output to expiration command. ( #626 )
2016-12-21 11:01:21 -08:00
74723d1a1f
Adding ability to modify ELBv2 endpoints. ( #624 )
2016-12-21 08:23:14 -08:00
cdcae4efb0
Closes #594 ( #621 )
2016-12-20 14:26:39 -08:00
f7c795c7f6
Closes #577 . ( #622 )
2016-12-20 14:26:29 -08:00
beba2ba092
Adding additional reporting and refactoring existing setup. ( #620 )
2016-12-20 12:48:14 -08:00
9ac10a97ce
Fix acme tests ( #619 )
...
* Ensures that in-active users are not allowed to login.
* Ensuring acme issuer loads correctly.
2016-12-19 22:59:23 -08:00
2f5f82d797
Ensures that in-active users are not allowed to login. ( #618 )
2016-12-19 22:58:57 -08:00
c7fdb2acd7
adding required variables ( #611 )
2016-12-18 18:21:22 -08:00
51c7216b70
Fixing configuration value. ( #610 )
...
* Fixing and configuration value.
* Pinning fake factory.
2016-12-18 18:21:12 -08:00
0f3ffaade0
Fall back to CN for CA name when organization is not available ( #607 )
...
In-house CAs may not have the organization field filled out.
2016-12-16 16:27:25 -08:00
156b98f7f0
Ensuring that rotation only happens for certificates with endpoints to rotate. ( #606 )
2016-12-15 15:20:21 -08:00
a09faac9a7
Endpoint sync fixes ( #604 )
2016-12-15 10:26:59 -08:00
d20c552248
Fixing issues with rotation. ( #603 )
...
* Fixing issues with rotation.
* Fixing tests
2016-12-14 17:30:13 -08:00
b327963925
Plugin base classes: update method signatures & fix raise ( #598 )
...
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.
Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"
Also fixed exception handling in sources.service.clean().
2016-12-14 13:42:29 -08:00
1eb3d563c6
Fix error reporting for certs without private key ( #599 )
2016-12-14 13:25:56 -08:00
02991c70a9
Allow Lemur "start" to use the global config. ( #596 )
...
* allowing our runserver to use the config specified by -c
* Maintaining config for gunicorn
2016-12-14 13:23:50 -08:00
71ddbb409c
Minor documentation fixes/tweaks ( #597 )
...
Mostly typos, grammar errors and inconsistent indentation in code
examples.
Some errors detected using Topy (https://github.com/intgr/topy ), all
changes verified by hand.
2016-12-14 09:29:04 -08:00
565c9ae98d
adding missing init ( #587 )
2016-12-13 09:21:31 -08:00
03d5a6cfe1
Refactors how notifications are generated. ( #584 )
2016-12-12 11:22:49 -08:00
1c3ac21291
Ensuring the digicert session is handled correctly ( #579 )
2016-12-11 08:38:59 -08:00
968dd52f6f
Fixes ( #576 )
...
* Fixing email notification
* Adding endpoint expiration
* Fixing endpoint type for ELBs
* Allowing verisign to include additional SANs
2016-12-08 15:52:27 -08:00
a4b32b0d31
Fixing up notification testing ( #575 )
2016-12-08 11:33:40 -08:00
be1415fbd4
Ensuring new cli is available ( #574 )
2016-12-08 09:11:19 -08:00
b5901a1570
adding needed migration files ( #573 )
2016-12-07 17:31:59 -08:00
bdc6dc8683
Fixing a bug were extensions got a default value ( #572 )
2016-12-07 17:28:18 -08:00
5087fa67dc
skipping a few tests that aren't ready yet ( #571 )
2016-12-07 16:52:00 -08:00
fc205713c8
Certificate rotation enhancements ( #570 )
2016-12-07 16:24:59 -08:00
9adc5ad59e
Adding last updated time ( #569 )
2016-12-07 15:43:57 -08:00
f63ccd033d
Ensuring that endpoints without output_schema work as expected ( #568 )
2016-12-07 15:40:29 -08:00
00da52f32e
Ensuring that CSRs are correctly validated under python3 ( #565 )
2016-12-06 12:25:43 -08:00
e94cf6ddc9
Ensuring that certificates returned from digicert are in the proper format ( #564 )
2016-12-06 12:05:18 -08:00
81272a2f7a
Moving validation to server start. ( #563 )
2016-12-05 16:43:38 -08:00
e622a49b72
Adding better error handling around certificate rotation ( #562 )
2016-12-05 15:12:55 -08:00
9030aed8a4
Ensuring that our syncing process can find duplicate certifcates that do no need to be sync'd ( #560 )
2016-12-05 11:08:29 -08:00
344abbda66
fixing signature ( #556 )
2016-12-02 13:48:50 -08:00
834814f867
adding additional status code metrics ( #555 )
2016-12-02 13:02:59 -08:00
7f823a04cd
Ensuring that acme and cryptography respect different key types ( #554 )
2016-12-02 10:54:18 -08:00
0f5e925a1a
Ensuring that default-issuer is set ( #553 )
2016-12-02 09:54:16 -08:00
a40bc65fd4
Default authority. ( #549 )
...
* Enabling the specification of a default authority, if no default is found then the first available authority is selected
* PEP8
* Skipping tests relying on keytool
2016-12-01 15:42:03 -08:00
81bf98c746
Enabling RSA2048 and RSA4096 as available key types ( #551 )
...
* Enabling RSA2048 and RSA4096 as available key types
* Fixing re-issuance
2016-12-01 15:41:53 -08:00
e1bbf9d80c
Improving endpoint rotation logic ( #545 )
2016-11-30 15:11:17 -08:00
abb91fbb65
fixing a few minor issue with cloning ( #544 )
2016-11-30 10:54:53 -08:00
f9b16a2110
csr as string ( #542 )
2016-11-29 18:50:20 -08:00
588ac1d6a6
Digicert cis fixes ( #540 )
2016-11-29 17:15:39 -08:00
058d2938fb
migrating off of openssl ( #539 )
2016-11-29 11:30:44 -08:00
3db3214cbe
installing the digicert CIS plugin ( #537 )
2016-11-29 10:02:40 -08:00
bfc80f982c
minor fixes and downgrading requests ( #535 )
2016-11-28 16:50:26 -08:00
727bc87ede
Log fixes ( #534 )
...
* tying up some loose ends with event logging
* Ensuring creators can access
2016-11-28 14:13:16 -08:00
e2143d3ee8
tweaking the way data is returned ( #532 )
2016-11-28 12:29:03 -08:00
b46ff4158a
Initial workon the digicert high issuance api. ( #531 )
2016-11-28 10:50:58 -08:00
250558baf3
Ensuring that authority owners can access certificates issued by that… ( #526 )
...
* Ensuring that authority owners can access certificates issued by that authority
2016-11-25 20:35:07 -08:00
8e5323e2d7
migrating flask imports ( #525 )
2016-11-22 21:11:20 -08:00
d5d036b412
adding a work around for new gunicorn ( #523 )
2016-11-22 16:47:29 -08:00
9d03e75d9b
tweaking a few things to support the new marshmallow ( #522 )
2016-11-22 15:14:19 -08:00
06a3f3ea0d
version bump ( #520 )
2016-11-21 15:29:31 -08:00
12ae0a587d
teaking the way exceptions are handled ( #519 )
2016-11-21 15:26:17 -08:00
b3aa057d58
Upgrade deps. ( #517 )
2016-11-21 14:29:20 -08:00
dd6d332166
Removing python2 compatibility. ( #518 )
2016-11-21 14:03:04 -08:00
6eca2eb147
Re-working the way audit logs work.
...
* Adding more checks.
2016-11-21 11:28:11 -08:00
744e204817
Initial work on #74 . ( #514 )
...
* Initial work on #74 .
* Fixing tests.
* Adding migration script.
* Excluding migrations from coverage report.
2016-11-21 09:19:14 -08:00
d45e7d6b85
[WIP] - 422 elb rotate ( #493 )
...
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
2016-11-18 11:27:46 -08:00
6fd47edbe3
Adds the ability to clone existing certificates. ( #513 )
2016-11-17 16:19:52 -08:00
a616310eb7
Fixing an issue were aws certificates plugins might not have a chain. ( #512 )
2016-11-17 14:47:10 -08:00
2130029f90
Adding new notification templates. ( #511 )
2016-11-17 14:16:59 -08:00
d11f254476
Closes : #469 ( #510 )
2016-11-17 12:16:30 -08:00
a9361fe428
Endpoints should be visible to all. ( #508 )
2016-11-17 10:45:26 -08:00
5345170a4f
Ensuring that the passed in configuration has precedence over the environment config. ( #507 )
2016-11-17 09:31:37 -08:00
520404c215
fix string -> byte conversion on python2 ( #472 )
2016-11-16 16:03:38 -08:00
9ac1756011
removing new 'active' logic for the time being ( #505 )
2016-11-16 15:56:24 -08:00
851d74da3d
Ensuring that private key is in string format before it gets stored ( #504 )
...
* Ensuring that private key is in string format before it gets stored
* Fixing failing test.
2016-11-16 15:05:25 -08:00
3f2691c5d4
Minor fixes. ( #502 )
2016-11-16 13:23:35 -08:00
eaf34b1c8b
Disabling the protect active flag ( #498 )
2016-11-16 09:31:02 -08:00
e9219adfb5
Ensuring model's have a basic __repr__. ( #499 )
2016-11-16 09:30:54 -08:00
9eddaf66cb
adding human readable string ( #500 )
2016-11-16 09:30:46 -08:00
0a29a3fa2a
Adding release notes. ( #459 )
2016-11-15 16:44:40 -08:00
9bb0787410
Ensuring that duplicates are migrated correctly. ( #496 )
...
* Ensuring that duplicates are migrated correctly.
* fixing typo
2016-11-15 16:43:45 -08:00
dd14fd202d
clean out ADMINS references ( #495 )
...
* add variables to the documentation forwq oauth2
* remove old reference to ADMINS to get rid of any confusion
2016-11-15 16:43:28 -08:00
114deba06e
Adding the ability to silence notifications on creation. ( #490 )
2016-11-12 09:29:42 -08:00
0334f1094d
fixing documentation typo ( #489 )
2016-11-11 13:35:24 -08:00
7af68c3cc0
Adding additional metric gathering for failed sync operations. ( #488 )
2016-11-11 13:28:01 -08:00
953d3a08e7
Adding example request to documentation. ( #487 )
2016-11-11 12:54:12 -08:00
94d619cfa6
Minor errors. ( #484 )
2016-11-10 14:34:45 -08:00
89470a0ce0
Adding default validity and retry logic. ( #483 )
2016-11-10 11:23:37 -08:00
e6b291d034
Time ( #482 )
...
* adding python 3.5 as a target
* adding env flag
* Aligning on arrow dates.
2016-11-09 10:56:22 -08:00
25a6c722b6
Adding digicert documentation. ( #480 )
2016-11-08 14:56:05 -08:00
67a5993926
fixing type in ciphers ( #479 )
2016-11-08 12:23:21 -08:00
aa979e31fd
Digicert plugin ( #478 )
...
* Initial work on digicert plugin.
* Adding certificate pickup, to digicert plugin.
* Removing and rotating test api key.
2016-11-07 14:40:00 -08:00
b74df2b3e4
Minor changes for python3. ( #477 )
2016-11-07 14:33:07 -08:00
4afedaf537
Fixes ( #476 )
...
* Ensures that Vault can accept bytes and strings.
* Make restricted domains optional.
* Fixing notify flag.
2016-11-04 09:16:41 -07:00
2b79474060
Trying this to fix defaulting org to Netflix ( #475 )
2016-11-02 09:12:47 -07:00
a6360ebfe5
Adding pending certificate metric. ( #473 )
2016-11-01 14:24:45 -07:00
d99681904e
Fixing test to take python3 into account. ( #460 )
...
* Fixing test to take python3 into account.
2016-10-31 17:02:08 -07:00
1ac1a44e83
San alt name ( #468 )
2016-10-31 11:00:15 -07:00
490d5b6e6c
python2.x .base64url_decode has a single parameter and incoming data is utf-8.. need to convert so string ( #463 )
2016-10-26 00:50:00 -07:00
4b7fc8551c
fix(web): send JSON for all errors ( #464 )
...
Configure werkzeug to output JSON error messages for the benefit of
downstream clients. This also allows for metrics collection in all cases
where werkzeug is outputting an exception.
2016-10-26 00:46:43 -07:00
cd9c112218
Implement a CFSSL issuer plugin ( #452 )
...
* Implement CFSSL issuer plugin
Implement a Lemur plugin for generating certificates from the open
source certificate authority CFSSL
(https://github.com/cloudflare/cfssl ). The plugin interacts with CFSSL
through the CFSSL REST API. The CFSSL configuration is defined in the
lemur.conf.py property file using property names prefixed with "CFSSL_".
* Update documentation to include CFSSL plugin
2016-10-22 00:52:18 -07:00
a8f44944b1
Closes #415
2016-10-17 23:23:14 -07:00
d31c9b19ce
Closes #412 . Allows 'name' be a valid attribute to specify a role. ( #457 )
2016-10-16 03:56:13 -07:00
fb178866f4
Fixes an issue with the source tests failing. ( #456 )
2016-10-16 03:55:37 -07:00
f921b67fff
Removing the ability to use spaces in custom names. ( #455 )
2016-10-15 04:56:25 -07:00
c367e4f73f
Prevents the silencing of notifications that are actively deployed. ( #454 )
...
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.
* Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
dcb18a57c4
Adds option to restrict certificate expiration dates to weekdays. ( #453 )
...
* Adding ability to restrict certificate creation to weekdays.
* Ensuring that we test for weekends.
2016-10-15 00:04:35 -07:00
10d833e598
Added Symantec plugin error checking for invalid domain suffix ( #449 )
2016-10-13 15:23:56 -07:00
708d85abeb
Fixes a bug where certificates discovered by lemur's source plugins were not given the appropriate default notifications. ( #447 )
2016-10-11 21:08:13 -07:00
ee028382df
Show only roles that the user is a member of, in list view, for other views show all roles such that certificates and authorities can be shared across teams/groups. ( #446 )
2016-10-11 17:56:38 -07:00
c05a49f8c9
Fixes an issuer where a member of a role is not able to add new users to said role. ( #445 )
2016-10-11 17:24:15 -07:00
f179e74a4a
Fix Java export default password generator ( #441 )
...
When exporting a certificate, the password is an optional parameter.
When a password is not supplied by the caller, a default password is
generated by the method. The generation library creates the random
password as a bytes object. The bytes object raises an error in the
'keytool' command used to export the certificate. The keytool is
expecting the password to be a str object.
The fix is to decode the generated password from a bytes object to a str
object.
The associated Java plugin tests have been updated to verify the export
method returns the password as a str object. In addition, the tests have
been updated to correctly test the export methods response object. The
original tests treated the response as a single object. The current
export methods return a tuple of data (type, password, data).
In order to make the tests compatible with both Python2 and Python3, the
'six' library was used to test the password is in fact a string.
2016-10-10 22:43:23 -07:00
9065aa3750
Update the private key regex validation ( #435 )
...
* Update the private key regex validation
Private keys provided by the Let's Encrypt certificate authority as part
of their certificate bundle fail the import/upload certificate private
key validation. The validation is looking for a specific character
sequence at the begin of the certificate. In order to support valid
Let's Encrypt private keys, the regex has been updated to check for both
the existing sequence and the Let's Encrypt character sequence.
Example Let's Encrypt private key:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvsiwV8A5+r0tQ
QzUAJO0DfoEb9tMWvoFi0DLs9tx88IwMqItPPl9+RNzQnv9qqZR1h4W97sxP8aWY
...
AeS667IJO/2DMKaGiEldaVZtgqdUhCL8Rm4XUFVb1GjLa03E4VRU6W7eQ4hgT2a7
cHDAR8MiovNyfT0fm8Xz3ac=
-----END PRIVATE KEY-----
* Add private key regex for footer
Update the import/upload private key validation regex to verify both the
header and footer are matching.
2016-10-10 22:42:09 -07:00
96e42c793e
Refactors the default notification option. Also ensures that notifications and destinations are easier to test. ( #437 )
2016-10-09 00:06:53 -07:00
72a390c563
Ensure the openssl and cryptography work under python3. ( #438 )
2016-10-09 00:06:15 -07:00
a19c918c68
Closes #411 ( #439 )
2016-10-09 00:06:03 -07:00
5cbf5365c5
Active S3 destination plugin ( #433 )
...
* Activate the AWS S3 destination plugin
Add the AWS S3 destination plugin to the list of available Lemur
plugins.
Update the S3 destination plugin's "accountNumber" option to be of type
'str' to handle account numbers starting with zeros.
Update Lemur's utils for parsing certificates to correctly encode the
X509 certificates before loading for python3.
* Add S3 destination plugin test
Added simple test to verify S3 destination plugin is available.
2016-10-08 17:06:20 -07:00
3ad7a37f95
Fix import certificate private key encoding ( #434 )
...
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.
The fix in both cases is to correctly encode the private key as a bytes
object.
2016-10-08 17:04:54 -07:00
6cac2838e3
Fix for missing profile pic. ( #429 )
2016-09-27 13:02:01 -07:00
fbbf7f90f6
Fix test certificates module hanging issue ( #427 )
...
* Fix test certificates module hanging issue
When executing the lemur/tests/test_certificates.py module's tests, all
tests are executed, but the test process appears to hang and never
completes with the display of the results for the tests.
The hanging issue is traced to the two test methods:
test_import(logged_in_user) and test_upload(logged_in_user). The issue
has to do with the test methods' using the logged_in_user(app) fixture from
the conftest.py module as the method parameter.
The test methods at issue require the session, db, and app fixtures to
be initialized for the tests to complete successfully. The
logged_in_user() fixture only initializes the app fixture. Updating the
test_import() and test_upload() methods parameters to be the "session"
fixture fixes the hanging issue and the tests complete successfully.
This is the command being used to execute the tests...
$ py.test -s -v lemur/tests/test_certificates.py
* Update fix for test certificates hanging issue
Based on feedback from the original pull request for this fix, added the
session fixture to the logged_in_user fixture and reverted the
test_import() and test_upload() methods to use the logged_in_user
(instead of the session fixture).
2016-09-27 13:01:37 -07:00
1ea75a5d2d
fix(certificates): import re module ( #428 )
2016-09-21 22:54:46 -07:00
39645a1a84
feat(certificates): add support for restricted domains ( #424 )
...
Lemur's documentation already mentions LEMUR_RESTRICTED_DOMAINS, a list
of regular expressions matching domains only administrators can issue
certificates for. An option to mark domains as sensitive existed in the
API, however the configuration option was not implemented.
Now both ways of sensitivity are checked in the same place.
2016-09-12 16:59:14 -07:00
a60e372c5a
Ensuring that password hashes are compared correctly under python3
2016-09-07 13:25:51 -07:00
76cece7b90
Ensuring that private keys are retrieved correctly under python3. ( #422 )
2016-09-07 12:34:50 -07:00
ca2944d566
Ensuring the inactive certificates are not alerted on. ( #418 )
2016-08-29 15:46:35 -07:00
53d0636574
Python3 ( #417 )
...
* Fixing tests.
* Fixing issue where decrypted credentials were not returning valid strings.
* Fixing issues with python3 authentication.
2016-08-29 08:58:53 -07:00
7e6278684c
Python3 ( #416 )
...
* Fixing issue where decrypted credentials were not returning valid strings.
2016-08-26 16:02:23 -07:00
2d7a6ccf3c
Owner email ( #414 )
...
* Ensuring python2 works with unicode strings.
* adding in owner DN
* fixing tests
* Upgrading requests.
* Fixing tests.
2016-08-25 10:09:46 -07:00
18b99c0de4
Fixing an issue where openssl can't find the certificates to create PKCS12 files ( #408 )
2016-08-17 10:33:59 -07:00
29a330b1f4
Orphaned certificates ( #406 )
...
* Fixing whitespace.
* Fixing syncing.
* Fixing tests
2016-07-28 13:08:24 -07:00
a644f45625
Adding some simplified reporting. ( #403 )
...
* Adding issuance report.
* Fixing whitespace.
2016-07-27 12:41:32 -07:00
3db669b24d
Ensuring that the temporary certificate is created correctly ( #400 )
2016-07-12 18:07:11 -07:00
f38868a97f
Fixing various problems with the syncing of endpoints, throttling sta… ( #398 )
...
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
2016-07-12 08:40:49 -07:00
4f3dc5422c
Allowing the role-user associated to be updated. ( #396 )
...
* Allowing the role-user associated to be updated.
* Fixing tests
* Fixing tests, for real.
2016-07-07 13:03:10 -07:00
1ba7181067
Fixed an issue were default notifications were added even when updati… ( #395 )
...
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.
* Ensuring imported certificates get the same treatment.
2016-07-07 11:44:11 -07:00
74bf54cb8f
Slack spruce up ( #394 )
...
* Formatting slack message.
* Tweaking tests.
2016-07-06 10:27:13 -07:00
d4732d3ab0
Closes #335 . ( #392 )
2016-07-04 16:08:16 -07:00
cb9631b122
Closes #356 . ( #391 )
2016-07-04 15:38:51 -07:00
4077893d08
Ensuring that destinations require private keys by default. ( #390 )
...
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
4ee1c21144
Closes #372 ( #389 )
...
* Closes #372
2016-07-04 14:32:46 -07:00
c8eca56690
Closes #366 ( #387 )
2016-07-04 13:03:46 -07:00
300e2d0b7d
Adding plugin tests. ( #385 )
...
* Adding plugin tests.
* Fixing some python 2/3 incompatibilities.
2016-07-01 11:32:19 -07:00
e34de921b6
Target Individuals for Certificates ( #384 )
...
* Allowing individual users to be targeted for a role.
* Ensuring that even new users get a per user-role
2016-07-01 09:04:39 -07:00
9aec899bfd
Fixing a few errors.
...
* Fixing organizational_unit and common name
* FIxing organization name and allow creaters to view CA.
2016-06-29 16:16:37 -07:00
54b888bb08
Adding a toy certificate authority. ( #378 )
2016-06-29 09:05:39 -07:00
eefff8497a
Adding a new default issuer.
2016-06-28 17:46:26 -07:00
ecbab64c35
Adding endpoint migration script. ( #376 )
2016-06-28 16:12:56 -07:00
c8447dea3d
Fixing a few issues with startup. ( #374 )
2016-06-28 14:28:05 -07:00
5021e8ba91
Adding ACME Support ( #178 )
2016-06-27 15:57:53 -07:00
f846d78778
S3 destination ( #371 )
2016-06-27 15:11:46 -07:00
fe9703dd94
Closes #284 ( #336 )
2016-06-27 14:40:46 -07:00
b44a7c73d8
Kubernetes desination plugin ( #357 )
...
* Kubernetes desination plugin
* fixing build warnings
* fixing build warnings
2016-06-27 14:40:01 -07:00
19b928d663
Fixes #367
2016-06-23 13:29:59 -07:00
daea8f6ae4
Bug fixes ( #355 )
...
* we should not require password to update users
* Fixing an issue were roles would not be added.
2016-06-13 17:22:45 -07:00
41d1fe9191
Using UTC time in JWT token creation ( #354 )
...
As stated in PyJWT's documentation [1] and JWT specification [2][3], UTC
times must be used. This commit fixes JWT decoding in servers not using
UTC time.
[1] https://pypi.python.org/pypi/PyJWT/1.4.0
[2] https://tools.ietf.org/html/rfc7519#section-4.1.6
[3] https://tools.ietf.org/html/rfc7519#section-2
2016-06-13 11:18:07 -07:00
9a653403ae
Fix for Issue #352 .
2016-06-08 16:41:31 -07:00
77f13c9edb
Fixing issue were, after a user changes their mind validity years wil… ( #349 )
2016-06-06 12:11:40 -07:00
d9cc4980e8
Fixing destination upload. ( #347 )
...
* Fixing an issue where uploaded certificates would have a name of 'None'
* Clarifying comment.
* Improving order.
2016-06-03 18:45:58 -07:00
5e987fa8b6
Adding additional data migrations. ( #346 )
2016-06-03 17:56:32 -07:00
42001be9ec
Fixing the way filters were toggled. ( #345 )
2016-06-03 09:24:17 -07:00
dc198fec8c
Docs ( #344 )
...
* Adding release info.
* adding some fields
* Adding Source Plugin change.
* Updating docs
2016-06-03 08:28:09 -07:00
acd47d5ec9
Fixing an issue were authorities were not related to their roles ( #342 )
2016-06-02 09:07:17 -07:00
72e3fb5bfe
Fixing several small issues. ( #341 )
...
* Fixing several small issues.
* Fixing tests.
2016-06-01 11:18:00 -07:00
b2539b843b
Fixing and error causing duplicate roles to be created. ( #339 )
...
* Fixing and error causing duplicate roles to be created.
* Fixing python3
* Fixing python2 and python3
2016-05-31 15:44:54 -07:00
be5dff8472
Adding a visualization for authorities. ( #338 )
...
* Adding a visualization for authorities.
* Fixing some lint.
* Fixing some lint.
2016-05-30 21:52:34 -07:00
76037e8b3a
Fixing certificate names. ( #337 )
2016-05-27 12:00:10 -07:00
11f4bd503b
Fixes ( #332 )
...
* Ensuring domains are returned correctly.
* Ensuring certificates receive owner role
2016-05-24 17:10:19 -07:00
6688b279e7
Fixing some bad renaming. ( #331 )
2016-05-24 10:43:40 -07:00
1ca38015bc
Fixes ( #329 )
...
* Modifying the way roles are assigned.
* Adding migration scripts.
* Adding endpoints field for future use.
* Fixing dropdowns.
2016-05-23 18:38:04 -07:00
656269ff17
Closes #147 ( #328 )
...
* Closes #147
* Fixing tests
* Ensuring we can validate max dates.
2016-05-23 11:28:25 -07:00
bd727b825d
Making roles more apparent for certificates and authorities. ( #327 )
2016-05-20 12:48:12 -07:00
e04c1e7dc9
Fixing a few things, adding tests. ( #326 )
2016-05-20 09:03:34 -07:00
615df76dd5
Closes 262 ( #324 )
...
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
2016-05-19 13:37:05 -07:00
112c6252d6
Adding password reset command to the cli. ( #325 )
2016-05-19 10:07:15 -07:00
b13370bf0d
Making dropdowns look a bit better. ( #322 )
...
* Making dropdowns look a bit better.
* Pleasing Lint.
2016-05-19 09:04:50 -07:00
88aa5d3fdb
Making nested notifications less verbose ( #321 )
2016-05-19 08:48:55 -07:00
b187d8f836
Adding a better comparison. ( #320 )
2016-05-16 19:03:10 -07:00
1763a1a717
254 duplication certificate name ( #319 )
2016-05-16 15:59:40 -07:00
62b61ed980
Fixing various issues. ( #318 )
...
* Fixing various issues.
* Fixing tests
2016-05-16 11:09:50 -07:00
c11034b9bc
Fixes various issues. ( #317 )
2016-05-16 09:23:48 -07:00
58e8fe0bd0
Fixes various issues. ( #316 )
2016-05-13 14:35:38 -07:00
a0c8765588
Various bug fixes. ( #314 )
2016-05-12 12:38:44 -07:00
9022059dc6
Marshmallowing roles ( #313 )
2016-05-10 14:22:22 -07:00
7f790be1e4
Marsmallowing users ( #312 )
2016-05-10 14:19:24 -07:00
93791c999d
Marsmallowing destinations ( #311 )
2016-05-10 13:43:26 -07:00
5e9f1437ad
Marsmallowing sources ( #310 )
2016-05-10 13:16:33 -07:00
f9655213b3
Marshmallowing notifications. ( #308 )
2016-05-10 11:27:57 -07:00
008d608ec4
Fixing error in notifications. ( #307 )
2016-05-09 17:35:18 -07:00
78c8d12ad8
Cleaning up the way authorities are selected and upgrading uib dependencies.
2016-05-09 17:17:00 -07:00
df0ad4d875
Authorities marshmallow addition ( #303 )
2016-05-09 11:00:16 -07:00
776e0fcd11
Slack plugin for notifications ( #305 )
2016-05-08 09:07:16 -07:00
6ec3bad49a
Closes #278 ( #298 )
...
* Closes #278
2016-05-05 15:28:17 -07:00
52f44c3ea6
Closes #278 and #199 , Starting transition to marshmallow ( #299 )
...
* Closes #278 and #199 , Starting transition to marshmallow
2016-05-05 12:52:08 -07:00
db8243b4b4
Closes #301
2016-05-04 16:56:05 -07:00
8e1b7c0036
Removing validation because regex is hard
2016-04-25 16:13:33 -07:00
9b0e0fa9c2
removing validtion from openssl
2016-04-25 16:11:37 -07:00
b9fe359d23
Fixes #285 Renames sync_sources function to sync to align documentation.
2016-04-25 11:21:25 -07:00
dbd1279226
Fixes #289 and #275
2016-04-21 16:22:19 -07:00
82b4f5125d
Fixes an issue where custom OIDs would clear out san extensions
2016-04-11 11:17:18 -07:00
3f89d6d009
Merge pull request #271 from kevgliss/195
...
Closes #195
2016-04-08 12:01:10 -07:00
c2387dc120
Fixes an issue where custom OIDs would clear out san extensions
2016-04-07 10:29:08 -07:00
dbc4964e94
Fixing an issue were metrics would not be sent
2016-04-05 10:23:33 -07:00
62d03b0d41
Closes #216
2016-04-01 16:54:33 -07:00
b5a4b293a9
Merge pull request #270 from kevgliss/248
...
Closes #248
2016-04-01 14:28:52 -07:00
bfcfdb83a7
Closes #195
2016-04-01 14:27:57 -07:00
4ccbfa8164
Closes #248
2016-04-01 13:29:08 -07:00
2cde7336dc
Closes #263
2016-04-01 13:01:56 -07:00
3ceb297276
Merge pull request #267 from kevgliss/261
...
Closes #261
2016-04-01 10:12:10 -07:00
5958bac2a2
Merge pull request #265 from kevgliss/257
...
Closes #257
2016-04-01 10:11:32 -07:00
47891d2953
Closes #261
2016-04-01 09:58:19 -07:00
939194158a
Closes #257
2016-04-01 09:49:44 -07:00
576265e09c
Closes #246
2016-04-01 09:19:36 -07:00
ba666ddbfa
Removed deprecated auth api endpoint.
2016-02-16 15:04:53 -08:00
ac1f493338
version bump
2016-02-05 13:12:21 -08:00
e8e7bdf9e0
adding changelog
2016-02-05 13:00:59 -08:00
028d86c0bb
Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True.
2016-01-29 12:45:18 -08:00
f8b6830013
Merge pull request #239 from kevgliss/228-filter-values
...
Fixing documentation for filter format
2016-01-29 11:54:13 -08:00
2ba48995fe
Fixing documentation for filter format
2016-01-29 11:47:16 -08:00
3cc8ade6d8
associating new authorities with the owner roles
2016-01-29 10:59:04 -08:00
39c9a0a299
Merge pull request #237 from kevgliss/218_password_regex
...
relaxing keystore password validation
2016-01-29 10:37:49 -08:00
3ad317fb6d
Merge pull request #236 from kevgliss/migration_script_fixups
...
Removing per 2.0 migration scripts
2016-01-29 10:30:41 -08:00
bd46440d12
relaxing keystore password validation
2016-01-29 10:29:04 -08:00
9f8f64b9ec
removing pre 2.0 migration scripts, and adding documentation for correct path during init
2016-01-29 09:22:12 -08:00
1e524a49c0
making 'replacements' a non-require attribute for importing. Closes #226
2016-01-29 09:02:51 -08:00
b36e72bfcc
Minor spelling fix
...
Using the possessive “Your” rather than “You’re” in “Your passphrase
is:”
2016-01-12 22:04:42 -08:00
48f8b33d7d
Adding a rolling metric count
2016-01-11 15:26:32 -08:00
d87ace8c89
Merge pull request #211 from kevgliss/hotfix
...
fixing an issue were urllib does not like unicode
2016-01-11 10:38:45 -08:00
b1326d4145
fixing an issue were urllib does not like unicode
2016-01-11 10:31:58 -08:00
7c2862c958
Merge pull request #210 from kevgliss/hotfix
...
Fixes an assumption that 'subAltNames' are always passed to the API.
2016-01-11 09:08:38 -08:00
0a4f5ad64d
Fixing an assumption that 'subAltNames' are always passed to the API.
2016-01-10 17:33:19 -08:00
c617a11c55
Merge pull request #209 from kevgliss/migrate_chain
...
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:37:29 -08:00
053167965a
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:20:36 -08:00
a7ac45b937
Merge pull request #206 from kevgliss/syncing
...
Fixing issue where we were seeing AWS API errors due to certificates …
2016-01-08 16:39:51 -08:00
5482bbf4bd
Fixing issue where we were seeing AWS API errors due to certificates not having private keys and could not be uploaded or 'synced'
2016-01-07 13:42:46 -08:00
a1395a5808
Fix how the provider settings are passed to Satellizer
2016-01-05 17:26:09 -08:00
685e2c8b6d
fixing typo
2016-01-05 09:40:53 -08:00
967c7ded8d
Improving documentation layout
2015-12-31 11:12:56 -08:00
d6917155e8
Fixing tests
2015-12-30 15:32:01 -08:00
3f024c1ef4
Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5
2015-12-30 15:11:08 -08:00
9b166fb9a9
version bump
2015-12-30 09:15:11 -08:00
ca82b227b9
0.2.1 release info
2015-12-30 09:11:19 -08:00
8bb9a8c5d1
Define ACTIVE_PROVIDERS in default config
...
The configuration item ACTIVE_PROVIDERS must be initialized
Workaround for this error:
2015-12-30 13:58:48,073 ERROR: Internal Error [in /www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py:299]
Traceback (most recent call last):
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 462, in wrapper
resp = resource(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask/views.py", line 84, in view
return self.dispatch_request(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 572, in dispatch_request
resp = meth(*args, **kwargs)
File "/www/lemur/lemur/auth/views.py", line 276, in get
for provider in current_app.config.get("ACTIVE_PROVIDERS"):
TypeError: 'NoneType' object is not iterable
2015-12-30 14:56:59 +01:00
00cb66484b
Merge pull request #188 from kevgliss/csr
...
Adding the ability to submit a third party CSR
2015-12-29 12:11:11 -08:00
cabe2ae18d
Adding the ability to issue third party created CSRs
2015-12-29 10:49:33 -08:00
3b5d7eaab6
More Linting
2015-12-27 18:08:17 -05:00
aa2358aa03
Fixing linting
2015-12-27 18:02:38 -05:00
a7decc1948
Fixing some issues with dynamically supporting multiple SSO providers
2015-12-27 17:54:11 -05:00
60856cb7b9
Add an endpoint to return active authentication providers
...
This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
2015-12-22 18:03:56 -05:00
350d013043
Add Google SSO
...
This pull request adds Google SSO support. There are two main changes:
1. Add the Google auth view resource
2. Make passwords optional when creating a new user. This allows an admin
to create a user without a password so that they can only login via Google.
2015-12-22 13:44:30 -05:00
6211b126a9
Fixing py3 syntax error
2015-12-18 11:01:08 -05:00
54c3fcc72a
Adding rotate command
2015-12-17 23:17:27 -05:00
b8c2d42cad
Closes #176
2015-12-17 14:52:20 -08:00
2896ce0dad
Closes #172
2015-12-16 08:18:01 -08:00
29bcde145c
0.2.1 release
2015-12-14 10:42:51 -08:00
6d17e4d538
Fixing templates
2015-12-04 09:51:38 -08:00
de9478a992
Disabling one-time binding
2015-12-03 16:57:37 -08:00
78037dc9ec
Fixing the startup port
2015-12-02 17:13:52 -08:00
041382b02f
Version bump
2015-12-02 14:53:46 -08:00
aa18b88a61
Making the notification email template cleaner
2015-12-01 17:13:43 -08:00
b1e842ae47
Merge pull request #162 from kevgliss/160-startup
...
Closes #160
2015-12-01 10:08:03 -08:00
e2524e43cf
adding exports
2015-12-01 09:44:41 -08:00
6aac2d62be
Closes #160
2015-12-01 09:40:27 -08:00
95e2636f23
Updating docs
2015-12-01 09:15:53 -08:00
11f2d88b16
Adding current migration files.
2015-11-30 15:43:38 -08:00
c3091a7346
Adding missing files.
2015-11-30 14:08:17 -08:00
9cadebcd50
adding example requests
2015-11-30 13:51:27 -08:00
f194e2a1be
Linting
2015-11-30 10:24:53 -08:00
ec896461a7
Adding final touches to #125
2015-11-30 09:47:36 -08:00
8eeed821d3
Adding UI elements
2015-11-27 13:27:14 -08:00
920d595c12
Initial work on #125
2015-11-25 14:54:08 -08:00
1c6e9caa40
Closes #144
2015-11-24 16:07:44 -08:00
d6b3f5af81
Closes #122
2015-11-24 14:53:22 -08:00
e14eefdc31
Added the ability to find an authority even if a user only types the name in and does not select it.
2015-11-23 16:41:31 -08:00
f0324e4755
Merge pull request #148 from kevgliss/120-error-length
...
Closes #120
2015-11-23 15:25:30 -08:00
00f0f957c0
Lint again
2015-11-23 15:13:18 -08:00
9c652d784d
Merge pull request #143 from kevgliss/requirements
...
Updating requirements
2015-11-23 14:59:31 -08:00
eb2fa74661
Fixing test
2015-11-23 14:49:05 -08:00
146c599deb
Lint cleanup
2015-11-23 14:47:34 -08:00
574c4033ab
Closes #120
2015-11-23 14:30:23 -08:00
eb0f6a04d8
Closes #140
2015-11-23 10:43:07 -08:00
df4364714e
Closes #139
2015-11-23 09:53:55 -08:00
2073090628
Use american english for consistency
2015-10-28 19:39:10 -07:00
0453afcb0e
Fixing issuer where roles were not added correctly to user.
2015-10-26 10:59:20 -07:00
4b968a9474
Adding aes - fernet migration
2015-10-23 16:47:17 -07:00
40eb950e94
Use MultiFernet for encryption
...
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.
Fixes #117 and #119 .
2015-10-13 16:58:58 -07:00
2fc6d4cd21
Fix a handful of typos in documentation
...
As I was reading through the docs I made note of grammar issues and
typos I saw. Not a huge deal but might as well fix what I noticed.
2015-10-06 15:05:05 -07:00
a20726a301
Fixing python 3.x syntax error
2015-10-06 13:11:24 -07:00
39727a1c9f
Fixing tests
2015-10-06 13:00:06 -07:00
168f46a436
Adding the ability to track a certificates signing key algorithm
2015-10-06 12:51:59 -07:00
798a6295ee
Fixes destination stat
2015-10-06 09:43:31 -07:00
63b7b71b49
adding clipboard functionality
2015-10-05 16:06:56 -07:00
9965af9ccd
fixing links, and adding zeroclipboard
2015-10-05 09:48:52 -07:00
867be09e29
more double quotes
2015-10-05 09:24:11 -07:00
8362a92898
fixing double quotes
2015-10-05 09:19:14 -07:00
162482dbc4
Adding ui router and perma links to certificates and authorities
2015-10-05 09:00:51 -07:00
2187898494
adding copy and a better profile picture for non-sso users
2015-10-02 15:36:50 -07:00
d4bc6ae7a1
Fixes #105
2015-10-02 13:46:13 -07:00
5cfa9d4bc5
description should be optional
2015-09-29 16:37:32 -07:00
7ebd0bf5d4
making fields required
2015-09-24 08:42:31 -07:00
06a69c09a0
Fixing a bug where notifications associated during certificate creation would not be respected.
2015-09-22 13:01:05 -07:00
be6a5b859e
adding notification example
2015-09-22 09:46:54 -07:00
baef329a4d
Rename SSL to TLS
2015-09-21 18:16:19 -04:00
a3385bd2ac
Rename SSL to TLS
2015-09-21 18:15:25 -04:00
fc0a884d5f
Cleaning up unneed/unused files
2015-09-20 09:49:16 -07:00
kevgliss
Marti Raudsepp
Sakti Dwi Cahyono
JohnTheodore
Neil Schelly
cviecco
Terin Stock
Charles Hendrie
Mike Grima
mik373
Roi Martin
Mike Grima
Harm Weites
Edward Barker
Robert Picard
Matthias Hähnel
Ryan Clough
Eric Mill