2de3f287ab
standardizing the timeouts to easier monitor any timeouts
2019-08-13 12:21:27 -07:00
6e17d36d76
typos
2019-08-13 12:16:23 -07:00
22c60fedad
cosmetics
2019-08-13 12:11:04 -07:00
a3dfc3ef0a
consistency
2019-08-13 11:58:58 -07:00
c29f282560
improved the flow for checking if the task is active
2019-08-13 11:52:56 -07:00
4d728738ee
handling celery tasks without any arguments
2019-08-13 11:42:43 -07:00
07a9c56fb8
making lint happy
2019-08-13 09:35:57 -07:00
bf47f87c21
preventing celery duplicate tasks
2019-08-12 13:52:01 -07:00
5d4413e45c
Merge branch 'master' into ultradnsPlugin
2019-08-09 08:48:24 -07:00
83159c2417
Merge branch 'master' into multi-profile-digicert-plugin
2019-08-09 07:32:33 -07:00
da9c91afb4
fixing metric bug
2019-08-08 17:56:22 -07:00
3b9b94623f
cleaning up
2019-08-07 18:06:59 -07:00
8340e0653b
making lint happy
2019-08-07 18:04:28 -07:00
d1519343d1
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
2019-08-07 17:54:10 -07:00
9a02230d63
adding soft time outs for celery
2019-08-07 17:48:06 -07:00
d9aef2da3e
Changed dummy nameserver value
2019-08-07 14:38:18 -07:00
a97283f0a4
Fixed indentation
2019-08-07 14:23:09 -07:00
a6bf081bec
Remove unused import
2019-08-07 14:08:27 -07:00
43f5c8b34e
Fixed indentation
2019-08-07 14:08:06 -07:00
cadf372f7b
Removed hardcoded value from function call
2019-08-07 14:02:10 -07:00
b4f4e4dc24
Added extra check for return value to test_create_txt_record
2019-08-07 13:55:02 -07:00
fa7f71d859
Modified paginate response to dummy values
2019-08-07 13:53:10 -07:00
3ff56fc595
Blank line removed
2019-08-07 13:42:11 -07:00
894502644c
test_wait_for_dns_change fixed!
2019-08-07 13:39:20 -07:00
37a1b55b08
test_delete_txt_record changed to mock get_zone_name and return the value directly instead of executing the function.
2019-08-07 13:27:21 -07:00
31c2d207a2
test_delete_txt_record fixed. Function call was missing earlier
2019-08-07 13:23:05 -07:00
785c1ca73e
test_create_txt_record modified - get_zone_name mocked to return the zone name directly, instead of actually running the function.
2019-08-07 13:20:24 -07:00
f2cbddf9e2
Unit tests for get_zone_name, get_zones
2019-08-07 13:17:16 -07:00
6e84e1fd59
Unit Tests for create_txt_record, delete_txt_record, wait_for_dns_change
2019-08-07 13:04:38 -07:00
ff1f73f985
fixing the plugin test to include authority
2019-08-07 12:05:36 -07:00
bbda9b1d6f
making sure to handle when no config file provided, though we do a check for that
2019-08-07 12:05:13 -07:00
e2ea2ca4d1
providing sample config
2019-08-07 11:05:07 -07:00
b885cdf9d0
adding multi profile name support with DigiCert plug.
...
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.
DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}
Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
2019-08-07 10:24:38 -07:00
a7c2b970b0
Unit testing Part 1
2019-08-05 14:00:22 -07:00
ad6c38960a
Merge branch 'master' into ultradnsPlugin
2019-07-31 16:05:36 -07:00
2903799b85
Changed string formatting from "{}".format() to f"{}" for consistency
2019-07-31 14:19:49 -07:00
e8e4f826ea
updating logging format
2019-07-31 13:09:31 -07:00
5a401b2d87
Added the Zone class and Record class to ultradns.py and removed the respective files
2019-07-31 12:04:42 -07:00
fe075dc9f5
Changed function comments to doc strings.
2019-07-31 12:00:31 -07:00
503df999fa
Updated metrics.send to send function named, followed by status, separated by a period
2019-07-31 11:32:04 -07:00
11cd095131
Reduced the number of calls to get_public_authoritative_nameserver by using a variable
2019-07-31 11:12:28 -07:00
3ba7fdbd49
Updated logger to log a dictionary instead of a string
2019-07-31 11:11:39 -07:00
0f591e9a3d
Merge branch 'master' into moving-cronjobs-to-celery-v2
2019-07-30 14:13:59 -07:00
6bf920e66c
Merge branch 'master' into ultradnsPlugin
2019-07-30 14:13:45 -07:00
7810095796
Merge branch 'master' into better-error-handling-dyn
2019-07-30 13:27:43 -07:00
44bc562e8b
Update ultradns.py
...
Minor logging changes in wait_for_dns_change
2019-07-30 13:08:16 -07:00
3d48b422b5
Removed TODO
2019-07-30 11:39:35 -07:00
a89cbe9332
moving all cron jobs to become celery jobs
2019-07-30 09:57:15 -07:00
3ad791e1ec
Dynamically obtain the authoritative nameserver for the domain
2019-07-29 18:01:28 -07:00
e993194b4f
Check ultraDNS authoritative server first. Upon success, check Googles DNS server.
2019-07-29 14:59:28 -07:00
adabe18c90
metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation
2019-07-25 18:56:28 -07:00
429e6a967c
better error handling for redis
2019-07-25 18:49:19 -07:00
252410c6e9
Updated TTL from 300 to 5
2019-07-22 16:00:20 -07:00
51f3b7dde0
Added the Record class for UltraDNS
2019-07-22 14:23:40 -07:00
0b52aa8c59
Added Zone class to handle ultradns zones
2019-07-22 11:47:48 -07:00
36ebba6491
source is not dict
2019-07-18 15:16:01 -07:00
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
09c0fa0f94
updating the function declaration
2019-07-16 17:21:01 -07:00
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
1b1bdbb261
spacing
2019-07-12 10:25:37 -07:00
97d74bfa1d
fixing the app context issue. we will create an app if no current_app available
2019-07-12 08:47:39 -07:00
2628ed1a82
better alerting
2019-07-11 23:00:35 -07:00
8eb639e366
Initial LetsEncrypt / Celery docs
2019-07-09 11:13:11 -07:00
0c5a8f2039
Relax celery time limit for source syncing; Ensure metric tags are string
2019-07-01 08:35:04 -07:00
0e037973b2
Revert "Faster permalink"
2019-06-26 10:31:58 -07:00
850620c2a2
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:41:08 -07:00
5df06501f6
Merge pull request #2814 from intgr/expose-cert-hasprivaatekey
...
Expose new certificate field hasPrivateKey
2019-06-25 09:40:27 -07:00
8fbff00850
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:29:06 -07:00
404b7a25bc
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:27:08 -07:00
86a1fb41ac
lint fix
2019-06-25 06:56:37 -04:00
55a96ba790
type none
2019-06-24 15:10:10 -04:00
6699833297
fixing empty chain
2019-06-24 13:10:08 -04:00
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
4565bd7dc6
Update SAN text
2019-06-21 13:33:55 -07:00
960064d5c6
Color change for Show Expired button
2019-06-21 11:32:16 -07:00
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
39d65db7fd
Merge branch 'master' into generalizing-api
2019-06-20 16:13:04 -07:00
162a300e53
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-20 16:12:55 -07:00
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
de0462e54f
Added missing semi-colon and changed double quotes to single quotes
2019-06-20 15:41:32 -07:00
68815b8f44
UI changes - Button to show / hide expired certs.
2019-06-20 15:05:26 -07:00
bbf50cf0b0
updated dest as well as src
2019-06-20 08:26:32 -04:00
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
3a1da72419
nt
2019-04-29 13:57:04 -07:00
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
2459234147
removing lines
2019-04-11 14:34:26 -07:00
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
a1cb8ee266
fixing lint
2019-03-05 07:37:04 -05:00
880eaad6cb
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-05 07:22:18 -05:00
4a027797e0
fixing linting issues
2019-03-05 07:19:22 -05:00
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
c9bcd29082
Merge branch 'master' into lemur_vault_plugin
2019-03-04 17:55:00 -08:00
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
20518bc377
Merge branch 'master' into lemur_vault_plugin
2019-03-01 09:58:43 -05:00
5d2f603c84
renamed vault destination plugin to avoid conflict with vault pki plugin
2019-03-01 09:49:52 -05:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc
2019-02-26 09:28:48 -08:00
53301728fa
Moved url to config file instead of plugin option. One one url can be supported
...
unless both the token and url are moved to the plugin options.
2019-02-26 09:15:12 -05:00
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
cd65a36437
- support multiple bundle configuration, nginx, apache, cert only
...
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
2019-02-25 09:42:07 -05:00
ef0c08dfd9
Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'.
...
This fix sets it to the common name instead.
2019-02-21 16:33:43 +01:00
eaa73998a0
adding lemur_vault destination plugin
2019-02-19 15:03:15 -05:00
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register
2019-02-05 12:41:26 -08:00
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
2107d58050
Merge branch 'master' into get_by_attributes
2019-02-05 10:31:35 -08:00
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-05 10:29:20 -08:00
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
f249a82d71
renaming destination to source.
2019-02-04 16:10:48 -08:00
44a060b159
adding support for creating a source while creating a new dst, while the destination is from AWS
2019-02-04 15:36:39 -08:00
c1cf8d7a92
Merge branch 'master' into ADCS-plugin
2019-02-02 19:21:22 +01:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
6705a0e030
Merge branch 'master' into ADCS-plugin
2019-02-01 16:38:39 -08:00
36ab1c0bec
Merge branch 'master' into ADCS-plugin
2019-02-01 19:10:46 +01:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e475d90e2e
Merge branch 'master' into master
2019-01-30 07:20:44 -08:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
7f4f4ffded
Merge branch 'master' into master
2019-01-29 16:30:15 -08:00
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
1e708bf1c7
Merge branch 'master' into password_noninteractive
2019-01-29 15:21:34 -08:00
d2317acfc5
allowing create_user with noninteractive PW;updating reqs
2019-01-29 15:17:40 -08:00
29638c7f3b
Merge branch 'master' into master
2019-01-29 14:59:55 -08:00
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name
2019-01-29 14:56:31 -08:00
c68a9cf80a
fixing linting issues
2019-01-29 11:10:56 -05:00
254a3079f2
fix whitespace
2019-01-29 11:01:55 -05:00
b4d1b80e04
Adding support for cfssl auth mode signing
2019-01-29 10:13:44 -05:00
c77ccdf46e
Merge branch 'master' into ADCS-plugin
2019-01-28 17:57:46 +01:00
c47fa0f9a2
adjusting the tests to reflect on the new full year convert limit!
2019-01-24 17:52:22 -08:00
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
cb35f19d6c
Add 'delete_cert' to enum log_type in logs table
2019-01-21 10:22:03 +01:00
0336d68ee2
Merge remote-tracking branch 'upstream/master'
2019-01-17 14:56:12 -08:00
7f88c24e83
Fix LetsEncrypt Dyn flow for duplicate CN/SAN
2019-01-17 14:56:04 -08:00
d3284a4006
adjusting the query to filter authorities based on matching CN
2019-01-14 17:52:06 -08:00
3567a768d5
Compare certificate hashes to determine if Lemur already has a synced certificate
2019-01-14 13:35:55 -08:00
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
638a8450a3
Merge branch 'master' into more_retries
2019-01-11 11:25:00 -08:00
0e02e6da79
Be more forgiving to throttling
2019-01-11 11:13:43 -08:00
a1ca61d813
changed a too long comment
2019-01-09 09:50:26 +01:00
a43476bc87
minor errors after lint fix
2019-01-07 11:04:27 +01:00
054685fc38
Merge branch 'master' into ADCS-plugin
2019-01-07 10:23:18 +01:00
c62bcd1456
repaired several lint errors
2019-01-07 10:02:37 +01:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
6a31856d0d
Update plugin.py
2018-12-21 12:33:47 -08:00
b5d6abb01f
Merge branch 'master' into kubernetes-improvment
2018-12-21 12:06:09 -08:00
b7332957e7
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:59:20 -08:00
70381c4c89
Merge branch 'master' into kubernetes-fix
2018-12-21 07:44:11 -08:00
a14fe08a63
Merge branch 'master' into kubernetes-improvment
2018-12-21 07:42:13 -08:00
fb7605e34b
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:41:08 -08:00
72f6fdb17d
Properly handle Unicode in issuer name sanitization
...
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.
We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
0f2e30cdae
Deduplicate rows before notification associations unique constraint migration
2018-12-21 12:11:33 +02:00
f02178c154
added ADCS issuer and source plugin
2018-12-20 11:54:47 +01:00
fbf48316b1
Minor changes for code review suggestions.
2018-12-18 22:43:32 -05:00
073d05ae21
Merge branch 'kubernetes-fix' into kubernetes-improvment
2018-12-18 22:26:03 -05:00
e7313da03e
Minor changes for code review suggestions.
2018-12-18 22:24:48 -05:00
425a07e988
Merge branch 'master' into destination-tpl-fix
2018-12-18 12:27:35 -08:00
513e876e2e
Merge branch 'master' into master
2018-12-18 12:18:38 -08:00
bc621c1468
Improve the Kubernetes Destination plugin
...
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.
The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.
The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.
Debug level logging has been added.
2018-12-12 13:25:36 -08:00
a50d80992c
updated query to ignore empty parameters
2018-12-12 12:45:48 +01:00
060c78fd91
Fix Kubernetes Destination Plugin
...
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.
The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
437d918cf7
Fix textarea and validation on destination page
...
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
dcf5ce0eec
Merge branch 'master' into master
2018-12-07 13:57:59 +01:00
c32e20b6fc
Fix notifications - Ensure that notifcation e-mails are sent appropriately
2018-12-06 12:25:43 -08:00
e0ac749734
When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable")
2018-12-06 16:47:53 +01:00
2a235fb0e2
Prefer DNS provider with longest matching zone
2018-11-30 12:44:52 -08:00
a90154e0ae
LetsEncrypt Celery Flow
2018-11-29 09:29:05 -08:00
39b76d18dc
add countdown to async call
2018-11-28 14:41:56 -08:00
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
2381d0a4bb
Add async call to create pending cert when needed
2018-11-28 11:32:52 -08:00
da10913045
Only search nested group memberships when LDAP_IS_ACTIVE_DIRECTORY is True
2018-11-20 10:37:36 +01:00
61839f4aca
Add support for nested group membership in ldap authenticator
2018-11-19 13:42:42 +01:00
3ce8abe46e
Left outer join on domains tables to avoid missing results
2018-11-13 14:33:17 -08:00
92a771f5ed
More accurate db count functionality
2018-11-13 09:14:21 -08:00
29be647911
Merge branch 'master' into no_csr_reissue
2018-11-12 09:54:47 -08:00
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
6f0005c78e
Avoid colliding LetsEncrypt jobs
2018-11-09 10:31:27 -08:00
1643650685
Changing essential part of query
2018-11-07 16:02:04 -08:00
08a2a2b0e5
Optimize certificate filtering by name
2018-11-07 15:34:25 -08:00
a3f96b96ee
Add fixture to failing function
2018-11-05 15:16:09 -08:00
75183ef2f2
Unpin most dependencies, and fix moto
2018-11-05 14:37:52 -08:00
61738dde9e
Run query on DB
2018-11-05 13:15:53 -08:00
52e773230d
Add new gin index to optimize ILIKE queries
2018-11-05 10:29:11 -08:00
0277e4dc05
get_or_increase_name fix for pendingcertificates
2018-10-29 13:53:30 -07:00
50761d9d3b
safer reissue, fix celery sync job
2018-10-29 13:22:50 -07:00
56ed416cb7
Celery task for sync job
2018-10-29 09:10:43 -07:00
a8b357965e
Merge branch 'master' into get_by_attributes
2018-10-29 08:15:42 -07:00
2138930102
Merge branch 'master' into get_by_attributes
2018-10-24 07:20:46 -07:00
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
b709eed3c3
Only resolve pending cert if not attempted in last 5 min
2018-10-23 13:08:43 -07:00
054cc64ee8
Prevent dashes from appearing at end of cert name in AWS
2018-10-23 12:49:58 -07:00
73ed5164cd
deps
2018-10-22 14:51:13 -07:00
b058508478
Merge branch 'master' into get_by_attributes
2018-10-22 09:09:55 -07:00
e83699b6ae
Add unique constraint to sources table - label column
2018-10-19 15:34:34 -07:00
81d114092e
Merge branch 'github' into get_by_attributes
2018-10-17 12:00:36 -04:00
48017a9d4c
Added get_by_attributes to the certificates service, for fetching certs based on arbitrary attributes. Also associated test and extra tests for other service methods
2018-10-17 11:42:09 -04:00
a912c3488d
python fix to retrigger tests
2018-10-12 07:25:58 -07:00
89a077e54c
minor change to pass stuck github check
2018-10-12 07:14:31 -07:00
13ef965666
nit: comments
2018-10-12 05:56:14 -07:00
6073f9e7b6
datetime ref fix
2018-10-12 05:51:30 -07:00
4b3d458dba
Celery task to delete old pending certs
2018-10-12 05:47:16 -07:00
cc18a68c00
Lemur LetsEncrypt Polling Support
2018-10-11 22:01:05 -07:00
e91d8ec81b
add indexes to domains and certificates tables to optimize load time
2018-10-11 11:36:50 -07:00
79033f42b4
Merge branch 'master' into improved_verify
2018-10-02 09:19:24 -04:00
40f4444099
Flake8 fix in test_verify.py
2018-10-01 22:04:31 -04:00
56282845fa
Enable optional verisign cloud transparency configuration
2018-10-01 09:20:50 -07:00
50919d85a8
Merge remote-tracking branch 'upstream/master' into improved_verify
2018-09-27 11:19:06 -04:00
590fac4aa8
docstring update in verify.py
2018-09-27 10:11:13 -04:00
f19b6382bc
Updated verify tests
2018-09-27 10:10:04 -04:00
11f2210894
Merge branch 'improved_verify' of github.com:explody/lemur into improved_verify
2018-09-27 09:28:45 -04:00
652d7f65dd
flake8 tweak
2018-09-27 09:28:21 -04:00
563f0fb9b2
Celery refactoring, celery beat job in configuration
2018-09-17 10:52:12 -07:00
23382b2777
Celery integration
2018-09-13 10:35:54 -07:00
c09d8ae630
Merge branch 'master' into fix_import_v1
2018-09-10 10:35:31 -07:00
7d42e4ce67
Fix certificate import issues
2018-09-10 10:34:47 -07:00
f6a130b09d
Add more logging to messaging
2018-09-10 09:13:31 -07:00
c9836fbf25
Merge branch 'master' into improved_verify
2018-09-06 07:33:55 -07:00
82e69db0c5
fix error message typo
2018-09-04 10:21:34 -05:00
2815ddf6c8
Moved cert object to be passed to both ocsp/crl methods so we can report in better detail on the certs. Ensured proper returns of False (revoked) True (good) None (unknown) throughout the methods.
2018-08-31 13:34:55 -04:00
34c88494b8
More specific exception catch for cert parsing. line shortening.
2018-08-31 12:19:55 -04:00
7dbca821c3
Reducing the stacked exceptions plus a bit of pep8
2018-08-31 12:01:49 -04:00
d82a615e17
Validate config - fix for issue#1629
2018-08-28 09:15:28 -07:00
453bb43157
recommit https://github.com/Netflix/lemur/pull/1612
2018-08-27 09:50:02 -07:00
1b77dfa47a
Revert "Precommit - Fix linty things"
2018-08-22 13:21:35 -07:00
3e9726d9db
Precommit work
2018-08-22 10:38:09 -07:00
6abf274680
Allow case insensitive role matching for cert permissions
2018-08-20 08:55:04 -07:00
9f64f0523b
Increase timeouts
2018-08-17 15:36:56 -07:00
43ae6c39e3
wait right here
2018-08-17 12:14:02 -07:00
7f9a035802
Fix private key bytecode issue
2018-08-17 10:59:01 -07:00
a6b1f33208
Ensure owner names are lowercase for new / updated certificates
2018-08-17 10:41:55 -07:00
1ad61b1550
allow null validity periods
2018-08-17 07:57:55 -07:00
be9d683e46
fix merge
2018-08-16 10:15:48 -07:00
da99bcda68
Better zone handling
2018-08-16 10:12:19 -07:00
2c22c9c2f1
Allow proper detection of zones, fix certificate detection
2018-08-14 14:37:45 -07:00
1a5abe6550
fix lint
2018-08-13 15:11:57 -07:00
cc836433fb
formatting
2018-08-13 15:06:16 -07:00
5829794d82
typo fix
2018-08-13 14:25:54 -07:00
bb026b8b59
Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider
2018-08-13 14:22:59 -07:00
ab37189022
Merge branch 'master' into unittests-use-valid-certs
2018-08-07 09:42:39 -07:00
cf71f88680
Merge branch 'master' into fill-missing-rotation-policy
2018-08-07 08:23:29 -07:00
f9a7b97839
Merge branch 'master' into unittests-use-valid-certs
2018-08-07 07:45:45 -07:00
2869042f38
Fixed invalid JSON payloads (making API requests fail in particular) ( #1522 )
2018-08-03 15:26:48 -07:00
82158aece6
Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
...
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.
Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
2018-08-03 20:06:21 +03:00
1f0f432327
Fix unit tests certificates to have correct chains and private keys
...
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.
The test vector certs were generated using the Lemur "cryptography"
authority plugin.
* Certificates are now more similar to real-world usage: long serial
numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
anything if needed.
2018-08-03 19:45:13 +03:00
acd2701fa2
Delete dead code in unit tests ( #1510 )
2018-08-03 08:21:55 -07:00
025d177565
Merge branch 'master' into letsencrypt_account_support
2018-07-30 15:28:29 -07:00
44192d4494
remove debug print
2018-07-30 15:27:23 -07:00
0889076d3b
Support LetsEncrypt accounts
2018-07-30 15:25:02 -07:00
d6b482755b
Proper flask_restful boolean parsing.
...
This is documented here: https://github.com/flask-restful/flask-restful/issues/488
2018-07-30 13:49:41 -07:00
caf99d36d6
fix deletion
2018-07-27 15:52:22 -07:00
e16c1de001
Error logging
2018-07-27 14:17:50 -07:00
2a6dda07eb
Show and send error for pending certs
2018-07-27 14:15:14 -07:00
9b29f9f819
Adding pessimistic sqlalchemy disconnection handling
2018-07-23 10:57:22 -07:00
2f51fea743
no bare except
2018-07-20 13:43:47 -07:00
c78077d8d6
Explicit capture exception during create failure
2018-07-20 13:43:47 -07:00
bd9203fcbc
Adds an optional interval variable to notification service's
...
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
2018-07-20 13:43:47 -07:00
d071d85486
Clean up module imports
...
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-20 13:43:47 -07:00
04ee1656ee
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-20 13:43:47 -07:00
56372c55b4
initial commit
2018-07-20 13:43:47 -07:00
149caa5602
Clean up module imports
...
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-12 11:21:18 -07:00
b472e5e648
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-12 11:21:18 -07:00
64132ba92b
Expose certificate dateCreated via API
2018-07-12 11:21:18 -07:00
9ef356f59d
reformat code (noop)
2018-07-12 11:21:17 -07:00
3397fb6560
R53: Extend only TXT records
2018-06-20 10:33:35 -07:00
3efc709e03
tests
2018-06-19 21:16:35 -07:00
dda7f54a16
lint
2018-06-19 20:58:00 -07:00
2d33d3e2b8
lint
2018-06-19 20:35:00 -07:00
d50c9c7748
Merge branch 'master' into acme_validation_dns_provider_option
2018-06-19 16:45:25 -07:00
a141b8c5ea
Support concurrent issuance in Route53 for LetsEncrypt
2018-06-19 16:27:58 -07:00
b2bc431823
Merge branch 'master' into dyn2
2018-06-14 08:06:31 -07:00
4e72cb96c9
Graceful cancellation of pending cert and order details in log for acme failure
2018-06-14 08:02:34 -07:00
b99aad743b
remove linuxdst plugin
2018-06-13 15:15:09 -07:00
135f2b710c
Limit dns queries to 10 attempts
2018-06-13 15:14:48 -07:00
065e0edc5f
lint
2018-06-13 14:22:45 -07:00
d72792ff37
Fix unique dyn situation where zone does not match tld, and there's a deeper zone
2018-06-13 14:08:39 -07:00
038f5dc554
Merge branch 'master' into linuxdst
2018-06-12 07:40:40 -07:00
7f5d1a0b6b
sync error
2018-06-11 15:40:15 -07:00
92860cffca
Default configuration for DNS providers
2018-06-11 13:32:53 -07:00
80e3331596
Merge branch 'master' into master
2018-05-30 08:24:00 -07:00
2a3af5214e
Merge branch 'master' into linuxdst
2018-05-29 18:54:37 -07:00
4911d713a5
Fix import metrics in notifications/messaging.py ( #1254 )
...
`from lemur import metrics` is incorrect for notifications/messaging.py
because that is importing the `metrics` module rather than the
instanciated `lemur.extensions.metrics` object. This will cause errors
if you import notifications/messaging.py elsewhere, since it can cause
circular dependencies.
Change-Id: Ice28c480373601420fc83bae2d27bb6467cdb752
2018-05-29 18:54:16 -07:00
5e24f685c1
lint error
2018-05-29 10:46:24 -07:00
97d3621705
convert description to TEXT column
2018-05-29 10:23:01 -07:00
544a02ca3f
Addressing comments. Updating copyrights. Added function to determine authorative name server
2018-05-29 10:23:01 -07:00
ae26e44cc2
Merge branch 'master' into master
2018-05-25 11:09:23 -07:00
b0f9d33b32
Requirements update
2018-05-25 11:07:26 -07:00
5e3add0b81
docstring
2018-05-24 15:21:38 -07:00
9fc6c9aaf7
Sort and page
2018-05-24 12:55:52 -07:00
a47b6c330d
Use serial_number instead of serial ( #1251 )
...
* Add code coverage badge to README
* fixing docs (#1231 )
* Change cert.serial to serial_number
This fixes deprecation warning coming from cryptography package about
using cert.serial instead of serial_number.
Change-Id: I252820974c77cc1b80639920a5e8c2e874819dda
2018-05-23 16:04:30 -07:00
de52fa7f48
fix v1 backwards compatibility
2018-05-16 08:00:33 -07:00
680f4966a1
acme v2 support
2018-05-16 07:46:37 -07:00
a9b9b27a0b
fix tests
2018-05-10 12:58:04 -07:00
52e7ff9919
Allow specification of dns provider name only
2018-05-10 12:58:04 -07:00
f4a010e505
Merge branch 'master' into master
2018-05-09 07:52:07 -07:00
0bd14488bb
Update requirements, handle more lemur_acme exceptions, and remove take a tour button
2018-05-08 15:35:03 -07:00
6500559f8e
Fix issue with automatically renewing acme certificates
2018-05-08 14:54:10 -07:00
642dbd4098
Merge branch 'master' into linuxdst
2018-05-08 12:09:05 -07:00
a8187d15c6
quick lint
2018-05-08 11:04:25 -07:00
df5168765b
more tests
2018-05-08 11:03:17 -07:00
c26ae16060
fixing docs ( #1231 )
2018-05-08 10:58:48 -07:00
9ccb8fb838
Alembic simplification
2018-05-07 15:14:32 -07:00
e68b3d2cbd
0.7 release
2018-05-07 09:58:24 -07:00
1be3f8368f
dyn support
2018-05-04 15:01:01 -07:00
3e64dd4653
Additional work
2018-05-04 15:01:01 -07:00
74ca13861c
Merge branch 'master' into master
2018-04-27 11:19:23 -07:00
532872b3c6
dns_provider ui
2018-04-27 11:18:51 -07:00
0579b2935c
Print variable value instead of name ( #1227 )
...
* Print variable value instead of name
* Fixed ordering and variable name for stdout string
2018-04-26 09:39:42 -07:00
c5cb01bd33
Merge branch 'master' into master
2018-04-26 09:16:31 -07:00
efd5836e43
fix test
2018-04-26 09:04:13 -07:00
f0f2092fb4
Some unit tests
2018-04-25 11:19:34 -07:00
e09b7eb978
Selectively enable CORS. ( #1220 )
2018-04-24 17:10:38 -07:00
3e5db9eedb
Check for default rotation policy before updating db ( #1223 )
2018-04-24 16:55:26 -07:00
91500d1022
Minor comment & stdout corrections ( #1225 )
2018-04-24 16:53:51 -07:00
38b8df4a07
lint
2018-04-24 09:48:14 -07:00
7704f51441
Working acme flow. Pending DNS providers UI
2018-04-24 09:38:57 -07:00
81e349e07d
Merge branch 'master' into hackday
2018-04-23 10:11:49 -07:00
44e3b33aaa
More stuff. Will prioritize this more next week
2018-04-20 14:49:54 -07:00
fbce1ef7c7
temp digicert fix
2018-04-13 15:50:55 -07:00
309d10c4e2
stuff
2018-04-13 15:50:55 -07:00
4d05a09a20
fix_changes
2018-04-13 15:50:55 -07:00
3538f1a629
fix_errors
2018-04-13 15:50:55 -07:00
993958c356
up-reqs
2018-04-13 15:50:55 -07:00
2d6d2357b5
DNS Providers list returned
2018-04-13 15:50:55 -07:00
a66d85b63d
clean up a bit
2018-04-13 15:50:55 -07:00
b0bd0435c4
more stuff
2018-04-13 15:50:54 -07:00
b2e6938815
WIP: Add support for Acme/LetsEncrypt with DNS Provider integration
2018-04-13 15:50:54 -07:00
5dd03098e5
actually update deps
2018-04-13 15:50:53 -07:00
c03133622f
Correct validities
2018-04-13 15:18:17 -07:00
8303cfbd2b
Fix datetime
2018-04-13 14:53:45 -07:00
3ef550f738
Merge branch 'master' into hackday
2018-04-12 12:49:52 -07:00
f6fd262618
DNS Providers list returned
2018-04-11 15:56:00 -07:00
5125990c4c
clean up a bit
2018-04-11 07:48:04 -07:00
52cb145333
ecc: add the support for ECC ( #1191 )
...
* ecc: add the support for ECC
update generate_private_key to support ECC. Move key types to constant. Update UI for the new key types
* ecc: Remove extra line to fix linting
* ecc: Fix flake8 lint problems
* Update options.tpl.html
2018-04-10 16:54:17 -07:00
5beb319b27
more stuff
2018-04-10 16:04:07 -07:00
12622d5847
Adding metrics for request timings. ( #1190 )
2018-04-10 15:55:02 -07:00
a9baaf4da4
add(plugins): Added a statsd plugin for lemur ( #1189 )
2018-04-10 15:15:03 -07:00
f61098b874
WIP: Add support for Acme/LetsEncrypt with DNS Provider integration
2018-04-10 14:28:53 -07:00
8ca4f730e8
lemur_digicert: Do not truncate valid_to anymore ( #1187 )
...
* lemur_digicert: Do not truncate valid_to anymore
The valid_to field for Digicert supports YYYY-MM-DDTHH:MM:SSZ so we should stop truncating
* lemur_digicert: Update unit tests for valid_to
2018-04-10 13:23:09 -07:00
8e2b2123f1
Fix filtering on boolean columns, broken with SQLAlchemy 1.2 upgrade
...
SQLAlchemy 1.2 does not allow comparing string values to boolean
columns. This caused errors like:
sqlalchemy.exc.StatementError: (builtins.TypeError) Not a boolean value: 'true'
For more details see http://docs.sqlalchemy.org/en/latest/changelog/migration_12.html#boolean-datatype-now-enforces-strict-true-false-none-values
2018-04-09 18:59:23 +03:00
28614b5793
remove linuxdst plugin
2018-04-04 14:49:25 +03:00
4a0103a88d
SFTP destination plugin ( #1170 )
...
* add sftp destination plugin
2018-04-03 10:30:19 -07:00
259800ce35
Merge branch 'master' into issue_1089
2018-03-29 08:48:52 -07:00
b814a4f009
Remove get_pending_certificates from verisign issuer
2018-03-28 08:56:28 -07:00
c3a2781507
Allow quotes for exact match
2018-03-28 08:33:43 -07:00
a316cbba73
[add] Docs and default config for metric plugins ( #1148 )
2018-03-27 15:51:32 -07:00
844202f36b
check if user active properly
2018-03-26 13:14:22 -07:00
c51fed5307
allowing null basic contraints ( #1131 )
2018-03-23 11:38:47 -07:00
db746f1296
Adds support for CDLDistributionPoints. ( #1130 )
2018-03-23 08:51:18 -07:00
e15836e9ca
Update more dependencies. Remove hashes
2018-03-21 14:48:51 -07:00
d67542d7f5
actually update deps
2018-03-21 12:46:30 -07:00
Hossein Shafagh
Kush Bavishi
Kush Bavishi
Curtis Castrapel
Hossein Shafagh
Curtis
alwaysjolley
Marti Raudsepp
Danny Thomas
Ryan DeShone
Jose Plana
alwaysjolley
Daniel Iancu
Javier Ramos
Javier Ramos
Kevin Glisson
Ronald Moesbergen
sirferl
Curtis Castrapel
Curtis Castrapel
sirferl
Wesley Hartford
Ronald Moesbergen
James Chuong
Non Sequitur
Non Sequitur
Mike Culbertson
Gus Esquivel
Cyril Dangerville
Mike Grima
Steven Reiling
root
Dmitry Zykov
kevgliss
James Chuong
Zach Seils
Will Bengtson
Mihir Jham
iTitou