sirferl
01678a714f
added required vars check
2020-09-14 09:50:55 +02:00
Hossein Shafagh
8adca442e1
Merge branch 'master' into entrust-plugin
2020-09-11 17:11:57 -07:00
sayali
09a2a8fc76
Log message change
...
PR comments
2020-09-11 15:53:34 -07:00
Hossein Shafagh
806aeddd87
Merge branch 'master' into validity
2020-09-11 10:09:01 -07:00
Hossein Shafagh
6e588f9c7b
Merge branch 'master' into validity
2020-09-11 09:06:11 -07:00
sirferl
1c9c377751
Lint errors
2020-09-11 12:31:15 +02:00
sirferl
fd52438d61
yet lint errors
2020-09-11 12:30:53 +02:00
sirferl
de9ad82011
Fixed Lint complaints
2020-09-11 12:24:33 +02:00
sirferl
a99a84b0b2
entrust plugin inital edit
2020-09-10 16:04:31 +02:00
sirferl
f47f108f43
ientrust plgin - first version
2020-09-10 16:03:29 +02:00
Hossein Shafagh
a7be8b6dce
adding support for different types of CSR encodings
2020-09-09 19:54:53 -07:00
Hossein Shafagh
4923157dc2
expanding key_type to with EC support
2020-09-09 19:54:20 -07:00
Hossein Shafagh
aff7ad7ea2
testing
2020-09-09 19:53:59 -07:00
Hossein Shafagh
60fd2134ca
removing duplicate curves, and marking them in existing mapping
2020-09-09 19:53:35 -07:00
Hossein Shafagh
5ab9626cbd
overwriting cn and key_type values from CSR, as they take precedence
2020-09-09 19:52:59 -07:00
Hossein Shafagh
6fa15c4cb3
methods to extract cn and key_type from csr
2020-09-09 19:48:21 -07:00
Hossein Shafagh
de0c38e9ba
mapping of curve name to key_type
2020-09-09 19:47:51 -07:00
sayali
8ad4448c85
Match date format for comparison + expected new lines
2020-09-01 12:44:49 -07:00
sayali
db4f68f0ed
Logs during cert validity truncate for digicert
2020-08-31 18:20:32 -07:00
sayali
9c4fb85dc3
Calculate dates from defaultDays in js
2020-08-31 18:19:32 -07:00
Hossein Shafagh
d478def98c
removing the custom key Type and doing the conversion in the backend
2020-08-31 16:35:47 -07:00
Hossein Shafagh
9a7a632489
using a standard curve for testing
2020-08-28 09:48:35 -07:00
Hossein Shafagh
9671b34485
adding support for all type of ECC curves which existing CA plugins might support
2020-08-27 14:15:14 -07:00
sayali
1fc2e29ab8
Remove 397 days validation as it causes error in API calls
...
More to come in future
2020-08-27 14:15:14 -07:00
sirferl
ab4cda2298
Extended ADCS_TEMPLATE_ Variable
...
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-27 14:15:14 -07:00
sayali
7a9500eee0
Lint error fix
2020-08-27 14:15:14 -07:00
sayali
5ed109e998
Max end date as per start date + default validity 3 years
2020-08-27 14:15:14 -07:00
sayali
7011a4df8b
max date on UI as per max validity configs
2020-08-27 14:15:14 -07:00
sayali
4d7c6844e5
Make Organizational Unit optional
2020-08-27 14:15:14 -07:00
sayali
2645c4a82d
mention 397 for digicert plugin
2020-08-27 14:15:14 -07:00
sayali
3cb386cc0f
maximum 1 year validity for digicert
2020-08-27 14:15:14 -07:00
sayali
e06dea106f
Modify unit test test_determine_end_date to match new config
2020-08-27 14:15:14 -07:00
sayali
d7d483fa9b
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-27 14:15:14 -07:00
sayali
25125f3257
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-27 14:15:14 -07:00
sayali
404d213e8f
Modified cert description to have cert id being cloned
2020-08-27 14:15:14 -07:00
sayali
e75e472a1a
Do not inherit replacement info during cert clone
2020-08-27 14:15:14 -07:00
sayali
69b64c63ea
Honor selected algorithm during certificate cloning
2020-08-27 14:15:14 -07:00
Hossein Shafagh
f4bcd1cf30
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-08-27 14:15:14 -07:00
Hossein Shafagh
5a6e4e5b43
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-08-27 14:15:14 -07:00
Hossein Shafagh
c169ad291e
adding the correct signing algorithm, and a missing key Type
2020-08-27 13:29:56 -07:00
sayali
3242fc1e13
Validity with radio buttons
2020-08-26 19:30:12 -07:00
sayali
6aedd3b0d8
Datepicker enhancements
2020-08-25 18:40:36 -07:00
sayali
3efe14c43f
Remove 397 days validation as it causes error in API calls
...
More to come in future
2020-08-25 16:26:20 -07:00
sirferl
4f148f3bc3
Merge branch 'master' into master
2020-08-20 11:33:18 +02:00
sirferl
1b73b1d080
Merge branch 'master' into master
2020-08-19 12:29:02 +02:00
sirferl
c2116df652
Extended ADCS_TEMPLATE_ Variable
...
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-19 12:25:52 +02:00
sayali
5b96b3a032
Lint error fix
2020-08-18 20:03:15 -07:00
sayali
240f0b99c8
Max end date as per start date + default validity 3 years
2020-08-18 19:34:59 -07:00
sayali
bc5579e9bf
max date on UI as per max validity configs
2020-08-18 14:50:42 -07:00
sayali
5b3f40467b
Make Organizational Unit optional
2020-08-18 14:50:42 -07:00
sayali
6ff8910f87
mention 397 for digicert plugin
2020-08-11 18:53:19 -07:00
sayali
d7ca1570be
maximum 1 year validity for digicert
2020-08-11 18:02:42 -07:00
sayali
bde2829e72
Modify unit test test_determine_end_date to match new config
2020-08-11 17:10:29 -07:00
sayali
18a3514974
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-10 18:06:45 -07:00
sayali
7a83799bcd
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-10 17:30:34 -07:00
Hossein Shafagh
9bcfcebb3a
Merge branch 'master' into bootswatch-fix
2020-08-04 14:09:33 -07:00
sayali
817a4c3d90
Modified cert description to have cert id being cloned
2020-08-03 19:24:06 -07:00
sayali
c3d8501401
Do not inherit replacement info during cert clone
2020-08-03 19:23:24 -07:00
sayali
c15a2c62d1
Honor selected algorithm during certificate cloning
2020-08-03 19:22:13 -07:00
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA
2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae
Fix intermediate CA creation on cryptography plugin
2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
Hossein Shafagh
e0c2f4274e
Merge branch 'master' into patch-1
2020-07-02 10:16:02 -07:00
Javier Ramos
aa11088944
Remove f from non-f string
2020-07-02 16:48:41 +02:00
Javier Ramos
1f598e3752
Fix unmatched field in Authorization
...
The field in the formatted string was not matching the args
2020-07-02 16:41:19 +02:00
Javier Ramos
7a5a5531cc
Raise ValidationError if CSR contains invalid CN
...
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:
Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com
The empty L= causes a ValueError which needs to be captured.
2020-07-01 15:44:06 +02:00
Hossein Shafagh
4985744bd8
fixing UnboundLocalError bug
2020-06-11 16:47:37 -07:00
csine-nflx
a7a309136f
fixing whitespace and imports
2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a
moving ultradns tests to separate file
2020-06-11 14:04:17 -07:00
Hossein Shafagh
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-06-09 14:20:31 -07:00
Hossein Shafagh
fd3ea2cf46
Merge branch 'master' into json-logging-rotate
2020-06-09 10:58:53 -07:00
Hossein Shafagh
099ebee409
Merge branch 'master' into check-revoke-revised
2020-06-09 10:47:24 -07:00
Hossein Shafagh
62469e518f
Merge branch 'master' into json-logging-rotate
2020-06-09 10:45:57 -07:00
Hossein Shafagh
c3b36d697f
clarification
2020-06-08 15:17:45 -07:00
Hossein Shafagh
5215a71a6d
Merge branch 'master' into check-revoke-revised
2020-06-04 15:51:48 -07:00
Hossein Shafagh
704e61dd53
Merge branch 'master' into json-logging-rotate
2020-06-04 15:51:24 -07:00
Hossein Shafagh
e06c3ea192
Merge branch 'master' into improve-expiry-email
2020-06-04 15:51:17 -07:00
alwaysjolley
1bcc9d5d0d
allowing for _ in domains
2020-06-03 13:20:23 -04:00
alwaysjolley
1b8507636b
fixing quotes, no escape characters in tests, fixed anchors
2020-06-03 12:49:55 -04:00
alwaysjolley
3ce7cd6c50
fixing escaped string on domain test
2020-06-03 11:34:14 -04:00
alwaysjolley
8658ac531e
fixing unittests and allowing for single character domains
2020-06-03 08:08:49 -04:00
alwaysjolley
2a1751ec30
fixing domain validation to account for 2-63 character length and correct character set
2020-06-03 04:56:38 -04:00
Hossein Shafagh
50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-27 15:29:47 -07:00
Hossein Shafagh
d8948a12d3
Merge branch 'master' into check-revoke-revised
2020-05-27 15:29:19 -07:00
Hossein Shafagh
86c3771044
Merge branch 'master' into json-logging-rotate
2020-05-27 15:28:48 -07:00
Hossein Shafagh
904bc9d8b6
Merge branch 'master' into improve-expiry-email
2020-05-27 15:28:41 -07:00
Hossein Shafagh
d95f02d234
Merge branch 'master' into master
2020-05-27 14:25:07 -07:00
Hossein Shafagh
8861cc70cb
rewordin
2020-05-26 17:12:47 -07:00
Hossein Shafagh
34e3f7c049
improved messaging
2020-05-26 16:38:12 -07:00
Hossein Shafagh
4eeab91d73
making lint happy
2020-05-22 18:36:39 -07:00
Hossein Shafagh
10dfedee36
making lint happy
2020-05-22 18:33:43 -07:00
Hossein Shafagh
86310ff02d
Merge branch 'master' into check-revoke-revised
2020-05-22 18:25:00 -07:00
Hossein Shafagh
87a53557cd
Merge branch 'master' into json-logging-rotate
2020-05-22 18:24:53 -07:00
Hossein Shafagh
8f16688b0a
Merge branch 'master' into check-revoke-revised
2020-05-22 17:45:50 -07:00
Hossein Shafagh
49a8b80df2
better exception handling when OCSP or CRL or not implemented
2020-05-22 17:36:34 -07:00
Hossein Shafagh
c9767b3172
adding logging for revoked certs
2020-05-22 17:32:44 -07:00
Hossein Shafagh
49c4a9c3b2
making the revocation to be scoped based on the authority plugin name
2020-05-22 17:29:30 -07:00
Hossein Shafagh
4923bbf8a7
adding json formatted logging
2020-05-22 16:22:12 -07:00
Hossein Shafagh
09016fd2ee
cleaning up the code after more local testing
2020-05-22 16:04:39 -07:00
e11it
f83e3f764e
always assign csr_sans to name
2020-05-22 21:52:43 +03:00
Hossein Shafagh
97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-22 10:29:28 -07:00
Hossein Shafagh
cc4fc66c93
Merge branch 'master' into master
2020-05-22 09:57:46 -07:00
Hossein Shafagh
748268ecd5
Merge branch 'master' into cert-rotation-region-by-region
2020-05-22 09:57:06 -07:00
Hossein Shafagh
2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-21 15:39:58 -07:00
Hossein Shafagh
fd444403bb
improved logging.
...
- adding destination name, fixing broken metric.
2020-05-21 15:32:38 -07:00
Hossein Shafagh
70985f4ff5
revised system arch
2020-05-14 22:37:30 -07:00
Hossein Shafagh
cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region
2020-05-08 15:32:49 -07:00
Hossein Shafagh
529ee04ae7
removing duplicate line
2020-05-08 09:16:46 -07:00
Hossein Shafagh
f68900d2b3
improving logging and the possibility of defining which Authorities qualify for auto-rotation
2020-05-07 18:28:01 -07:00
Hossein Shafagh
843ffad60e
removing testing comments
2020-05-07 17:10:50 -07:00
Hossein Shafagh
1b6907a404
Certificate rotation region by region
...
example scheudule:
CELERYBEAT_SCHEDULE = {
'certificate_rotate': {
'task': 'lemur.common.celery.certificate_rotate',
'options': {
'expires': 180
},
'schedule': crontab(minute="*"),
'kwargs': {'region': 'us-east-1'}
}
}
2020-05-07 16:28:01 -07:00
Curtis Castrapel
7e97d885df
Address comments
2020-04-28 13:16:27 -07:00
Curtis Castrapel
863af7a3e5
Making CLI command ; Running black
2020-04-28 12:16:46 -07:00
Curtis Castrapel
273c3e2793
Celery task to enable autorotate for all certificates attached to endpoints without it enabled
2020-04-28 11:52:43 -07:00
Hossein Shafagh
8d0007b9c0
fixing the private DNS zone issue.
...
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure they are not added to the dns_provider table.
2020-04-24 15:48:06 -07:00
csine-nflx
cee81bd693
updated requirements, fixed unittests, pytest, and distinguidedName ordering
2020-04-09 18:17:05 -07:00
Curtis
213b13d3c9
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:56:51 -04:00
Curtis
2c8dc24fda
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:51:06 -04:00
Curtis Castrapel
1360d846fd
Improve error logging for a couple of use cases
2020-04-08 11:50:42 -07:00
Hossein Shafagh
3b3cec6f8b
Merge branch 'master' into oauth2
2020-04-08 10:12:04 -07:00
Hossein Shafagh
eaeec5d757
Merge branch 'master' into imporved-metrics-sources
2020-04-08 09:23:27 -07:00
Curtis Castrapel
11b15e7e23
Clean up docstrings
2020-04-08 08:41:48 -07:00
Curtis Castrapel
eb138fc960
Add default celery metrics and logging using celery signals
2020-04-08 08:38:40 -07:00
Hossein Shafagh
45c98a21b3
Merge branch 'master' into imporved-metrics-sources
2020-04-06 16:02:25 -07:00
csine-nflx
46e0d1953b
Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02
2020-04-05 21:47:24 -07:00
csine-nflx
f82ec24dfa
updating _get_txt_records return values and docstrings
2020-04-05 21:46:33 -07:00
David Stipp
5c2a2f8ff2
OAUTH2 fixes
...
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
2020-04-04 11:32:23 -04:00
Hossein Shafagh
5add647148
# emitting the count of certificates on the source
2020-04-03 16:51:24 -07:00
Curtis
efb7a33d3e
Merge branch 'master' into castrapel-patch-3
2020-04-01 14:03:17 -04:00
Curtis
b4025e6820
Merge branch 'master' into castrapel-patch-3
2020-04-01 13:55:14 -04:00
Curtis
9a939e8281
Merge branch 'master' into castrapel-patch-2
2020-04-01 13:54:39 -04:00
Curtis
d825616ea6
No need to retry 25 times on DeleteConflict errors
2020-04-01 10:53:17 -07:00
Curtis
e25f97fce7
Bump time limit for clean_source Celery job
...
For larger accounts, I've hit SoftTimeLimit exceptions before completion of this celery job. Bumping up the time limit on this job.
2020-04-01 10:50:24 -07:00
Curtis
67d24caef5
Remove equivalent destinations when cleaning certificates
...
Remove equivalent destinations when cleaning certificates. This will prevent Lemur from attempting to re-upload a certificate after it has been cleaned.
2020-04-01 10:31:12 -07:00
csine-nflx
6f3ba23fa0
updating sinlge line of comments
2020-03-30 13:34:24 -07:00
csine-nflx
9d9bf9d7ba
Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02
2020-03-30 09:02:56 -07:00
csine-nflx
d6cc8a8a9a
fixing whitespace
2020-03-30 09:01:28 -07:00
Hossein Shafagh
66183e6bdd
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:45:15 -07:00
Chad S
2b7e60399c
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:27:33 -07:00
csine-nflx
0e314d0028
adding documentation and final cleanup
2020-03-27 10:18:38 -07:00
csine-nflx
0149f8b0d3
add support for wildcard and naked domains to PowerDNS module
2020-03-26 22:15:10 -07:00
Hossein Shafagh
2a2499a929
simplifying code
2020-03-26 20:45:00 -07:00
Hossein Shafagh
5206997468
expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
2020-03-26 19:01:07 -07:00
Hossein Shafagh
88c40aa93c
Merge branch 'master' into master
2020-03-23 20:31:16 -07:00
Hossein Shafagh
697215f8bc
better handling of destination plugin errors, and also checking cert expiration before upload
2020-03-21 20:05:35 -07:00
Ilya Makarov
7bd5173da4
Merge with Netflix/lemur master
2020-03-20 20:52:33 +03:00
Hossein Shafagh
1d4da0e3d8
another polish
2020-03-17 16:59:09 -07:00
Hossein Shafagh
ecca003ab4
improving the documentation and method naming
2020-03-17 16:55:36 -07:00
csine-nflx
9de89ec96a
Merge branch 'master' into new_clean_cert_cli
2020-03-17 13:38:32 -07:00
csine-nflx
07dc31bed7
cleaning up whitespace changes
2020-03-16 11:41:05 -07:00
csine-nflx
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
Hossein Shafagh
34d23503de
fixing the data bug
2020-03-14 20:41:03 -07:00
Hossein Shafagh
b28b4f9a28
adding to new cli commands for cleaning certificates from source:
...
a) either about to expire in X days and not attached to an endpoint
a) or issued since X days but still not attached to an endpoint
2020-03-14 20:19:26 -07:00
Hossein Shafagh
c96695c966
refactor
2020-03-14 20:18:07 -07:00
Hossein Shafagh
593c35776c
adding new methods for getting pending clean
2020-03-14 20:17:05 -07:00
csine-nflx
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
Ilya Makarov
be722fb1b3
Fix lint
2020-03-11 20:51:10 +03:00
Ilya Makarov
92a8942727
Fix lint
2020-03-11 15:37:11 +03:00
Ilya Makarov
a6c3b85fe1
Fix lint
2020-03-11 15:15:56 +03:00
Ilya Makarov
ba8e315eed
Fix typo
2020-03-11 14:22:04 +03:00
Ilya Makarov
729ed3843d
Fix bug wth get_options and slash in name
2020-03-11 14:16:29 +03:00
Ilya Makarov
d3cb0b517a
Add format support
2020-03-11 02:27:31 +03:00
Ilya Makarov
ad86cf1fd9
Merge remote-tracking branch 'upstream/master'
2020-03-11 00:29:07 +03:00
csine-nflx
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01
2020-03-05 15:25:40 -08:00
csine-nflx
771e72187a
updates based on feedback
2020-03-05 15:24:56 -08:00
csine-nflx
5dfb6acb17
adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation
2020-03-05 14:59:21 -08:00
csine-nflx
c0004e506e
removing 2 year option from Lemur certificate request form
2020-03-04 14:50:44 -08:00
Hossein Shafagh
4a4b3b932e
Merge branch 'master' into master
2020-03-04 10:32:10 -08:00
csine-nflx
1e81d47793
Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01
2020-03-03 17:28:58 -08:00
csine-nflx
fdc1e20c23
updating config_mock defaults
2020-03-03 17:27:15 -08:00
csine-nflx
38b7d6e5e3
Merge branch 'master' into renewal_validity_01
2020-03-03 14:44:33 -08:00
csine-nflx
6c46481ffd
simplifying return statement for validity years
2020-03-03 14:40:50 -08:00
csine-nflx
318292704d
fixing default/max DigiCert validity values
2020-03-03 14:29:17 -08:00
e11it
27a86f5c18
Fix: San values #2921
...
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
e11it
fe67ff2146
Update plugin.py
...
Fix lint
2020-03-02 09:18:02 +03:00
Ilya Makarov
a8c0adaa4d
Merge remote-tracking branch 'upstream/master'
2020-02-27 17:08:35 +03:00
Ilya Makarov
9612d291ed
Add path suffix options
2020-02-18 19:16:27 +03:00
Hossein Shafagh
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl
2020-02-17 10:30:58 -08:00
sirferl
e75df1ddc9
Update plugin.py
2020-02-17 19:04:20 +01:00
Hossein Shafagh
d29edabefe
Merge branch 'master' into le_Log_orderurl
2020-02-17 09:24:51 -08:00
sirferl
ed3472d029
Update plugin.py
2020-02-17 15:21:29 +01:00
sirferl
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
...
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>"""
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
sirferl
1815c89970
Made the change more elegant
...
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
sirferl
a70a49e4e9
Update plugin.py
2020-02-15 16:11:58 +01:00
sirferl
3693bc2d8b
removed whitespaces inserted by online editor
2020-02-15 16:09:25 +01:00
sirferl
bfa953270d
Fixed whitespace error
2020-02-15 16:04:44 +01:00
sirferl
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
...
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
csine-nflx
a8e8924e2a
Merge branch 'master' into le_Log_orderurl
2020-02-14 17:10:38 -08:00
sirferl
8e3cc93d6a
Whitespaces in empty line 113 removed
2020-02-14 07:50:18 +01:00
csine-nflx
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
csine-nflx
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
Hossein Shafagh
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-13 16:05:46 -08:00
Hossein Shafagh
2b849a6520
Update plugin.py
...
making lint happy
2020-02-13 15:58:07 -08:00
Hossein Shafagh
9db1ea3307
Merge branch 'master' into master
2020-02-13 12:47:06 -08:00
sirferl
571c8bf42d
Error when validity_end date is empty #2905
...
this lines of code (114ff) in threw an error, when the validity_end date was empty:
if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)
Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
sirferl
6c7bb5f9b7
Fixed TLS secret format ( #2913 )
...
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
2020-02-13 07:35:35 +01:00
csine-nflx
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
Hossein Shafagh
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:23:21 -08:00
Hossein Shafagh
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:14:26 -08:00
Hossein Shafagh
b23ae60847
Merge branch 'master' into vault-k8s-auth
2020-02-10 11:12:52 -08:00
csine-nflx
bcdb3173bd
ensuring that "3" is set as an integer instead of a string
2020-02-04 18:23:17 -08:00
csine-nflx
8ea54d7db2
removing exception if domain zone not found. Logging the issue instead
2020-02-04 14:50:56 -08:00
csine-nflx
48bccd6f68
moving _check_config() lower in file, near other private methods
2020-02-03 19:08:28 -08:00
csine-nflx
c38e651eb0
Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01
2020-02-03 19:04:05 -08:00
csine-nflx
53f81fb09f
updating based on suggestions in 2911
2020-02-03 18:58:31 -08:00
Ilya Labun
5e8599540e
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-03 20:32:41 +01:00
csine-nflx
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
csine-nflx
fecb5b6252
Merge branch 'master' into powerdnsplugin_01
2020-01-31 16:37:57 -08:00
csine-nflx
fb6d369130
removed unnecessary imports in test_dns_providers.py
2020-01-31 16:18:22 -08:00
csine-nflx
be7736d350
adding dns tests and assorted exception handling
2020-01-31 13:16:37 -08:00
csine-nflx
969a7107fe
fixed PowerDNS Tests
2020-01-29 13:12:09 -08:00
csine-nflx
b885244aa7
fixing issue where set_domains() is still called when get_all_zones() throws an exception
2020-01-29 11:26:53 -08:00
csine-nflx
ef115ef2b1
moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES
2020-01-29 11:20:39 -08:00
csine-nflx
b91899fe99
created CLI options for testin ACME over dns. Examle: acme dnstest -d _acme-chall.foo.com -t token1
2020-01-28 19:13:28 -08:00
Hossein Shafagh
192ecb3ce0
DNS provider: adding more logging
2020-01-28 16:24:50 -08:00
sirferl
620f972635
Fixed an error
...
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
2020-01-27 11:04:49 +01:00
Ilya Labun
5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-24 11:28:55 +01:00
csine-nflx
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
rajatsharma94
9984470b58
fix fatal error in schema validator
2020-01-23 15:27:02 +01:00
csine-nflx
bddae6e428
adding PowerDNS delete_txt_record with associated tests
2020-01-22 16:18:52 -08:00
csine-nflx
52c7686d58
adding wait_for_dns_change() and tests for PowerDNS ACME plugin
2020-01-21 18:47:21 -08:00
csine-nflx
915ec0ba63
added PowerDNS support for create_txt_record and associated tests
2020-01-21 17:08:59 -08:00
Gutttlt
71f43dfcc1
Fixing "'Role' object has no attribute 'set_third_party'" error.
2020-01-21 08:40:54 +01:00
Hossein Shafagh
acf531ece3
Merge branch 'master' into vault-k8s-auth
2020-01-20 15:18:29 -08:00
Hossein Shafagh
6ee856e26d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-20 15:15:25 -08:00
csine-nflx
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
Hossein Shafagh
7f119b8914
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-17 17:18:06 -08:00
Hossein Shafagh
cb7507156c
Merge branch 'master' into vault-k8s-auth
2020-01-17 17:17:53 -08:00
Hossein Shafagh
d6f41b6a99
improving string formatting to avoid dangling white spaces and new lines
2020-01-16 13:45:13 -08:00
Hossein Shafagh
1ed6ae539d
# possibility to default to a SIGNING_ALGORITHM for a given profile
2020-01-15 16:19:48 -08:00
jenkins-x-bot
cd7d9aee55
fixed lint error
2020-01-13 23:09:58 +02:00
jenkins-x-bot
8d957f22af
changed file handling
2020-01-13 22:46:34 +02:00
Ilya Labun
bc1a2cf69c
Optimize certificates SQL query
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
Ilya Labun
cc0b2d5439
Added new lowercase indexes for certificates cn, name and domains name
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:40:22 +01:00
jenkins-x-bot
cad56c813e
fixed lint error
2020-01-12 01:51:48 +02:00
jenkins-x-bot
409b499217
added kubernetes auth for vault
2020-01-12 01:25:22 +02:00
Hossein Shafagh
348682d5ea
Merge branch 'master' into cfssl-key-fix
2020-01-09 10:44:02 -08:00
jenkins-x-bot
8be8c95b17
handled cfssl-key type error
2020-01-09 15:16:19 +02:00
Hossein Shafagh
1537d591a8
Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal.
2020-01-08 14:42:16 -08:00
Hossein Shafagh
9b9662d470
Merge branch 'master' into master
2020-01-03 13:15:58 -08:00
pmelse
45c1207d07
Merge branch 'master' into master
2019-12-27 13:30:56 -05:00
pmelse
9fb4be1273
remove trailing whitespace
2019-12-27 13:25:03 -05:00
Ilya Labun
189e8b2725
Eliminate subqueries when showing certificates list
2019-12-20 10:37:47 +01:00
Jay Zarfoss
00a0a27826
used fixedName variable to transport db lookup optimization
2019-11-20 09:44:31 -08:00
Jay Zarfoss
113c9dd657
atlas redis plugin typo cleanup and better exception handling
2019-11-06 10:42:59 -08:00
Jay Zarfoss
f803fab413
add plugin to send atlas metric via redis
2019-11-06 10:14:49 -08:00
Hossein Shafagh
0d983bd2b5
missed edge case
2019-10-18 15:39:36 -07:00
Hossein Shafagh
f077b19126
Merge branch 'master' into master
2019-10-18 11:32:21 -07:00
Hossein Shafagh
06f4aed693
keeping track of certs found by hash
2019-10-18 11:21:29 -07:00
Hossein Shafagh
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash
2019-10-18 11:08:51 -07:00
Hossein Shafagh
14e13b512e
providing a count for conflicts
2019-10-18 11:03:28 -07:00
Hossein Shafagh
9037f88430
just in case the path varies
2019-10-18 11:02:41 -07:00
Hossein Shafagh
1768aad9e2
capturing no such entity exception.
2019-10-18 10:17:58 -07:00
Hossein Shafagh
8aea257e6a
optimizing the call to describe cert to only the few certs with the naming issue
2019-10-18 09:24:49 -07:00
Hossein Shafagh
f075c5af3d
in case no cert match via name-search, search via the cert itself (serial number, hash comparison)
2019-10-18 08:48:11 -07:00
Hossein Shafagh
d43e859c34
describing the cert for each endpoint, for better cert search
2019-10-18 08:46:01 -07:00
Hossein Shafagh
10b600424e
refactoring searching for cert
2019-10-18 08:45:32 -07:00
Hossein Shafagh
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
pmelse
f0652ca6a9
bug fix for overwriting certificates
2019-10-10 15:49:31 -04:00
Hossein Shafagh
477db836f4
lint
2019-09-23 12:52:17 -07:00
Hossein Shafagh
86f661a8af
With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed
2019-09-23 12:36:08 -07:00
Hossein Shafagh
96b2149433
removing unintended commit
2019-09-20 15:22:45 -07:00
Hossein Shafagh
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019
2019-09-20 15:19:25 -07:00
Hossein Shafagh
a13c45e9cc
updating dependencies, and fixing the deprecated arrow.replaces to shift
2019-09-20 13:49:38 -07:00
Hossein Shafagh
c669cd23f0
Merge branch 'master' into check-revoke-revised
2019-09-20 10:22:04 -07:00
Hossein Shafagh
972051a61e
removing 3 and 4 years from validity range options
2019-09-20 10:16:23 -07:00
Hossein Shafagh
d0e8666267
Merge branch 'master' into better-metrics-endpoints
2019-08-21 10:01:00 -07:00
Hossein Shafagh
db91e48395
adding account number for better logging, since the endpoint is not available in Lemur DB
2019-08-21 09:54:18 -07:00
Javier Ramos
e5e395f0d9
Show number of found items in pager
...
This commit does not involve any additional query as the data is already in API calls' responses
2019-08-20 09:29:58 +02:00
Hossein Shafagh
9b04d901c4
metric for missing certificate from an endpoint
2019-08-15 19:14:08 -07:00
Hossein Shafagh
f09643f350
Merge branch 'master' into check-revoke-revised
2019-08-15 11:15:24 -07:00
Curtis Castrapel
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
Hossein Shafagh
68abf11be8
Merge branch 'master' into check-revoke-revised
2019-08-13 20:09:27 -07:00
Hossein Shafagh
296a315a3e
Merge branch 'master' into soft_time_outs
2019-08-13 19:42:22 -07:00
Hossein Shafagh
ceb2d3d796
Merge branch 'master' into check-revoke-revised
2019-08-13 14:07:57 -07:00
Hossein Shafagh
2de3f287ab
standardizing the timeouts to easier monitor any timeouts
2019-08-13 12:21:27 -07:00
Hossein Shafagh
6e17d36d76
typos
2019-08-13 12:16:23 -07:00
Hossein Shafagh
22c60fedad
cosmetics
2019-08-13 12:11:04 -07:00
Hossein Shafagh
a3dfc3ef0a
consistency
2019-08-13 11:58:58 -07:00
Hossein Shafagh
c29f282560
improved the flow for checking if the task is active
2019-08-13 11:52:56 -07:00
Hossein Shafagh
4d728738ee
handling celery tasks without any arguments
2019-08-13 11:42:43 -07:00
Hossein Shafagh
07a9c56fb8
making lint happy
2019-08-13 09:35:57 -07:00
Hossein Shafagh
bf47f87c21
preventing celery duplicate tasks
2019-08-12 13:52:01 -07:00
Hossein Shafagh
5d4413e45c
Merge branch 'master' into ultradnsPlugin
2019-08-09 08:48:24 -07:00
Hossein Shafagh
83159c2417
Merge branch 'master' into multi-profile-digicert-plugin
2019-08-09 07:32:33 -07:00
Hossein Shafagh
da9c91afb4
fixing metric bug
2019-08-08 17:56:22 -07:00
Hossein Shafagh
3b9b94623f
cleaning up
2019-08-07 18:06:59 -07:00
Hossein Shafagh
8340e0653b
making lint happy
2019-08-07 18:04:28 -07:00
Hossein Shafagh
d1519343d1
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
2019-08-07 17:54:10 -07:00
Hossein Shafagh
9a02230d63
adding soft time outs for celery
2019-08-07 17:48:06 -07:00
Kush Bavishi
d9aef2da3e
Changed dummy nameserver value
2019-08-07 14:38:18 -07:00
Kush Bavishi
a97283f0a4
Fixed indentation
2019-08-07 14:23:09 -07:00
Kush Bavishi
a6bf081bec
Remove unused import
2019-08-07 14:08:27 -07:00
Kush Bavishi
43f5c8b34e
Fixed indentation
2019-08-07 14:08:06 -07:00
Kush Bavishi
cadf372f7b
Removed hardcoded value from function call
2019-08-07 14:02:10 -07:00
Kush Bavishi
b4f4e4dc24
Added extra check for return value to test_create_txt_record
2019-08-07 13:55:02 -07:00
Kush Bavishi
fa7f71d859
Modified paginate response to dummy values
2019-08-07 13:53:10 -07:00
Kush Bavishi
3ff56fc595
Blank line removed
2019-08-07 13:42:11 -07:00
Kush Bavishi
894502644c
test_wait_for_dns_change fixed!
2019-08-07 13:39:20 -07:00
Kush Bavishi
37a1b55b08
test_delete_txt_record changed to mock get_zone_name and return the value directly instead of executing the function.
2019-08-07 13:27:21 -07:00
Kush Bavishi
31c2d207a2
test_delete_txt_record fixed. Function call was missing earlier
2019-08-07 13:23:05 -07:00
Kush Bavishi
785c1ca73e
test_create_txt_record modified - get_zone_name mocked to return the zone name directly, instead of actually running the function.
2019-08-07 13:20:24 -07:00
Kush Bavishi
f2cbddf9e2
Unit tests for get_zone_name, get_zones
2019-08-07 13:17:16 -07:00
Kush Bavishi
6e84e1fd59
Unit Tests for create_txt_record, delete_txt_record, wait_for_dns_change
2019-08-07 13:04:38 -07:00
Hossein Shafagh
ff1f73f985
fixing the plugin test to include authority
2019-08-07 12:05:36 -07:00
Hossein Shafagh
bbda9b1d6f
making sure to handle when no config file provided, though we do a check for that
2019-08-07 12:05:13 -07:00
Hossein Shafagh
e2ea2ca4d1
providing sample config
2019-08-07 11:05:07 -07:00
Hossein Shafagh
b885cdf9d0
adding multi profile name support with DigiCert plug.
...
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.
DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}
Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
2019-08-07 10:24:38 -07:00
Kush Bavishi
a7c2b970b0
Unit testing Part 1
2019-08-05 14:00:22 -07:00
Hossein Shafagh
ad6c38960a
Merge branch 'master' into ultradnsPlugin
2019-07-31 16:05:36 -07:00
Kush Bavishi
2903799b85
Changed string formatting from "{}".format() to f"{}" for consistency
2019-07-31 14:19:49 -07:00
Hossein Shafagh
e8e4f826ea
updating logging format
2019-07-31 13:09:31 -07:00
Kush Bavishi
5a401b2d87
Added the Zone class and Record class to ultradns.py and removed the respective files
2019-07-31 12:04:42 -07:00
Kush Bavishi
fe075dc9f5
Changed function comments to doc strings.
2019-07-31 12:00:31 -07:00
Kush Bavishi
503df999fa
Updated metrics.send to send function named, followed by status, separated by a period
2019-07-31 11:32:04 -07:00
Kush Bavishi
11cd095131
Reduced the number of calls to get_public_authoritative_nameserver by using a variable
2019-07-31 11:12:28 -07:00
Kush Bavishi
3ba7fdbd49
Updated logger to log a dictionary instead of a string
2019-07-31 11:11:39 -07:00
Hossein Shafagh
0f591e9a3d
Merge branch 'master' into moving-cronjobs-to-celery-v2
2019-07-30 14:13:59 -07:00
Hossein Shafagh
6bf920e66c
Merge branch 'master' into ultradnsPlugin
2019-07-30 14:13:45 -07:00
Hossein Shafagh
7810095796
Merge branch 'master' into better-error-handling-dyn
2019-07-30 13:27:43 -07:00
Kush Bavishi
44bc562e8b
Update ultradns.py
...
Minor logging changes in wait_for_dns_change
2019-07-30 13:08:16 -07:00
Kush Bavishi
3d48b422b5
Removed TODO
2019-07-30 11:39:35 -07:00
Hossein Shafagh
a89cbe9332
moving all cron jobs to become celery jobs
2019-07-30 09:57:15 -07:00
Kush Bavishi
3ad791e1ec
Dynamically obtain the authoritative nameserver for the domain
2019-07-29 18:01:28 -07:00
Kush Bavishi
e993194b4f
Check ultraDNS authoritative server first. Upon success, check Googles DNS server.
2019-07-29 14:59:28 -07:00
Hossein Shafagh
adabe18c90
metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation
2019-07-25 18:56:28 -07:00
Hossein Shafagh
429e6a967c
better error handling for redis
2019-07-25 18:49:19 -07:00
Kush Bavishi
252410c6e9
Updated TTL from 300 to 5
2019-07-22 16:00:20 -07:00
Kush Bavishi
51f3b7dde0
Added the Record class for UltraDNS
2019-07-22 14:23:40 -07:00
Kush Bavishi
0b52aa8c59
Added Zone class to handle ultradns zones
2019-07-22 11:47:48 -07:00
Hossein Shafagh
36ebba6491
source is not dict
2019-07-18 15:16:01 -07:00
Kush Bavishi
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
Hossein Shafagh
09c0fa0f94
updating the function declaration
2019-07-16 17:21:01 -07:00
Hossein Shafagh
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
Hossein Shafagh
1b1bdbb261
spacing
2019-07-12 10:25:37 -07:00
Hossein Shafagh
97d74bfa1d
fixing the app context issue. we will create an app if no current_app available
2019-07-12 08:47:39 -07:00
Hossein Shafagh
2628ed1a82
better alerting
2019-07-11 23:00:35 -07:00
Curtis Castrapel
8eb639e366
Initial LetsEncrypt / Celery docs
2019-07-09 11:13:11 -07:00
Curtis Castrapel
0c5a8f2039
Relax celery time limit for source syncing; Ensure metric tags are string
2019-07-01 08:35:04 -07:00
Hossein Shafagh
0e037973b2
Revert "Faster permalink"
2019-06-26 10:31:58 -07:00
Curtis
850620c2a2
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:41:08 -07:00
Curtis
5df06501f6
Merge pull request #2814 from intgr/expose-cert-hasprivaatekey
...
Expose new certificate field hasPrivateKey
2019-06-25 09:40:27 -07:00
Curtis
8fbff00850
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:29:06 -07:00
Hossein Shafagh
404b7a25bc
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:27:08 -07:00
alwaysjolley
86a1fb41ac
lint fix
2019-06-25 06:56:37 -04:00
alwaysjolley
55a96ba790
type none
2019-06-24 15:10:10 -04:00
alwaysjolley
6699833297
fixing empty chain
2019-06-24 13:10:08 -04:00
Marti Raudsepp
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
Danny Thomas
4565bd7dc6
Update SAN text
2019-06-21 13:33:55 -07:00
Kush Bavishi
960064d5c6
Color change for Show Expired button
2019-06-21 11:32:16 -07:00
Hossein Shafagh
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
Hossein Shafagh
39d65db7fd
Merge branch 'master' into generalizing-api
2019-06-20 16:13:04 -07:00
Hossein Shafagh
162a300e53
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-20 16:12:55 -07:00
Hossein Shafagh
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
Kush Bavishi
de0462e54f
Added missing semi-colon and changed double quotes to single quotes
2019-06-20 15:41:32 -07:00
Kush Bavishi
68815b8f44
UI changes - Button to show / hide expired certs.
2019-06-20 15:05:26 -07:00
alwaysjolley
bbf50cf0b0
updated dest as well as src
2019-06-20 08:26:32 -04:00
alwaysjolley
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
alwaysjolley
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
Marti Raudsepp
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
Kush Bavishi
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
Kush Bavishi
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
Kush Bavishi
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
Kush Bavishi
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
Curtis
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
Hossein Shafagh
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
Hossein Shafagh
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
Kush Bavishi
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
Curtis
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
Curtis Castrapel
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
Hossein Shafagh
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
Hossein Shafagh
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
Hossein Shafagh
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
Curtis
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
Curtis
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
Curtis Castrapel
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
Curtis Castrapel
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
Curtis Castrapel
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
Ryan DeShone
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
Curtis Castrapel
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
Curtis Castrapel
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
Curtis Castrapel
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
Curtis Castrapel
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
Curtis Castrapel
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
Curtis Castrapel
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
Curtis Castrapel
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
Curtis Castrapel
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
Curtis
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
Curtis Castrapel
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
Curtis Castrapel
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
Hossein Shafagh
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
Curtis Castrapel
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
Curtis Castrapel
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
Curtis
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
Curtis Castrapel
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
Curtis
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
Curtis Castrapel
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
Jose Plana
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
Hossein Shafagh
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
Hossein Shafagh
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
Hossein Shafagh
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
Curtis
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
Curtis
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
alwaysjolley
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
alwaysjolley
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
alwaysjolley
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
alwaysjolley
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
Daniel Iancu
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
Jose Plana
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
Jose Plana
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
Jose Plana
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
Curtis Castrapel
3a1da72419
nt
2019-04-29 13:57:04 -07:00
Curtis Castrapel
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
Curtis Castrapel
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
Curtis Castrapel
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
Curtis Castrapel
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
Curtis Castrapel
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
Curtis
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
Curtis Castrapel
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
Curtis Castrapel
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
Curtis Castrapel
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
Curtis Castrapel
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
Curtis
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
alwaysjolley
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
alwaysjolley
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
Hossein Shafagh
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
alwaysjolley
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
alwaysjolley
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
alwaysjolley
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
alwaysjolley
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
alwaysjolley
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
Jose Plana
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
Curtis
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
Hossein Shafagh
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
Curtis
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
Javier Ramos
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
Jose Plana
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
Jose Plana
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
Hossein Shafagh
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
Hossein Shafagh
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
Jose Plana
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
Jose Plana
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
Jose Plana
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
Hossein Shafagh
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
Hossein Shafagh
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
alwaysjolley
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
Hossein Shafagh
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
Hossein Shafagh
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
Hossein Shafagh
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
Hossein Shafagh
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
Hossein Shafagh
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
Hossein Shafagh
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
Hossein Shafagh
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
Hossein Shafagh
2459234147
removing lines
2019-04-11 14:34:26 -07:00
Hossein Shafagh
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
Hossein Shafagh
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
Hossein Shafagh
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
Hossein Shafagh
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
Hossein Shafagh
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
Curtis Castrapel
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
Hossein Shafagh
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
Hossein Shafagh
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
Hossein Shafagh
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
Javier Ramos
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
Hossein Shafagh
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
Marti Raudsepp
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
Javier Ramos
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
Ryan DeShone
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
Javier Ramos
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
Hossein Shafagh
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
Curtis
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
Curtis Castrapel
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
Curtis
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
alwaysjolley
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
alwaysjolley
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
Javier Ramos
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
Javier Ramos
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
alwaysjolley
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
Curtis
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
Curtis
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
Curtis
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
Curtis
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
Curtis Castrapel
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
alwaysjolley
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
alwaysjolley
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
Hossein Shafagh
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
alwaysjolley
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
alwaysjolley
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
Hossein Shafagh
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
Hossein Shafagh
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
Hossein Shafagh
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00