5ed109e998
Max end date as per start date + default validity 3 years
2020-08-27 14:15:14 -07:00
7011a4df8b
max date on UI as per max validity configs
2020-08-27 14:15:14 -07:00
4d7c6844e5
Make Organizational Unit optional
2020-08-27 14:15:14 -07:00
2645c4a82d
mention 397 for digicert plugin
2020-08-27 14:15:14 -07:00
3cb386cc0f
maximum 1 year validity for digicert
2020-08-27 14:15:14 -07:00
e06dea106f
Modify unit test test_determine_end_date to match new config
2020-08-27 14:15:14 -07:00
d7d483fa9b
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-27 14:15:14 -07:00
25125f3257
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-27 14:15:14 -07:00
404d213e8f
Modified cert description to have cert id being cloned
2020-08-27 14:15:14 -07:00
e75e472a1a
Do not inherit replacement info during cert clone
2020-08-27 14:15:14 -07:00
69b64c63ea
Honor selected algorithm during certificate cloning
2020-08-27 14:15:14 -07:00
f4bcd1cf30
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-08-27 14:15:14 -07:00
5a6e4e5b43
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-08-27 14:15:14 -07:00
c169ad291e
adding the correct signing algorithm, and a missing key Type
2020-08-27 13:29:56 -07:00
3242fc1e13
Validity with radio buttons
2020-08-26 19:30:12 -07:00
6aedd3b0d8
Datepicker enhancements
2020-08-25 18:40:36 -07:00
3efe14c43f
Remove 397 days validation as it causes error in API calls
...
More to come in future
2020-08-25 16:26:20 -07:00
4f148f3bc3
Merge branch 'master' into master
2020-08-20 11:33:18 +02:00
1b73b1d080
Merge branch 'master' into master
2020-08-19 12:29:02 +02:00
c2116df652
Extended ADCS_TEMPLATE_ Variable
...
If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
2020-08-19 12:25:52 +02:00
5b96b3a032
Lint error fix
2020-08-18 20:03:15 -07:00
240f0b99c8
Max end date as per start date + default validity 3 years
2020-08-18 19:34:59 -07:00
bc5579e9bf
max date on UI as per max validity configs
2020-08-18 14:50:42 -07:00
5b3f40467b
Make Organizational Unit optional
2020-08-18 14:50:42 -07:00
6ff8910f87
mention 397 for digicert plugin
2020-08-11 18:53:19 -07:00
d7ca1570be
maximum 1 year validity for digicert
2020-08-11 18:02:42 -07:00
bde2829e72
Modify unit test test_determine_end_date to match new config
2020-08-11 17:10:29 -07:00
18a3514974
Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES
2020-08-10 18:06:45 -07:00
7a83799bcd
Cert validity should not exceed 397 days for publicly trusted issuers
2020-08-10 17:30:34 -07:00
9bcfcebb3a
Merge branch 'master' into bootswatch-fix
2020-08-04 14:09:33 -07:00
817a4c3d90
Modified cert description to have cert id being cloned
2020-08-03 19:24:06 -07:00
c3d8501401
Do not inherit replacement info during cert clone
2020-08-03 19:23:24 -07:00
c15a2c62d1
Honor selected algorithm during certificate cloning
2020-08-03 19:22:13 -07:00
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA
2020-07-24 10:25:11 -07:00
0fd83d13ae
Fix intermediate CA creation on cryptography plugin
2020-07-23 13:58:32 -07:00
2317967802
lack of an empty config file was resulting into this error
...
```
Traceback (most recent call last):
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
self.acme.request_certificate(mock_acme, [], mock_order)
File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
2020-07-15 17:04:49 -07:00
d5ae45a0d0
Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore.
...
https://letsencrypt.org/certificates/
Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
2020-07-14 17:35:13 -07:00
e0c2f4274e
Merge branch 'master' into patch-1
2020-07-02 10:16:02 -07:00
aa11088944
Remove f from non-f string
2020-07-02 16:48:41 +02:00
1f598e3752
Fix unmatched field in Authorization
...
The field in the formatted string was not matching the args
2020-07-02 16:41:19 +02:00
7a5a5531cc
Raise ValidationError if CSR contains invalid CN
...
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:
Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com
The empty L= causes a ValueError which needs to be captured.
2020-07-01 15:44:06 +02:00
4985744bd8
fixing UnboundLocalError bug
2020-06-11 16:47:37 -07:00
a7a309136f
fixing whitespace and imports
2020-06-11 14:15:40 -07:00
f834d10f9a
moving ultradns tests to separate file
2020-06-11 14:04:17 -07:00
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-06-09 14:20:31 -07:00
fd3ea2cf46
Merge branch 'master' into json-logging-rotate
2020-06-09 10:58:53 -07:00
099ebee409
Merge branch 'master' into check-revoke-revised
2020-06-09 10:47:24 -07:00
62469e518f
Merge branch 'master' into json-logging-rotate
2020-06-09 10:45:57 -07:00
c3b36d697f
clarification
2020-06-08 15:17:45 -07:00
5215a71a6d
Merge branch 'master' into check-revoke-revised
2020-06-04 15:51:48 -07:00
704e61dd53
Merge branch 'master' into json-logging-rotate
2020-06-04 15:51:24 -07:00
e06c3ea192
Merge branch 'master' into improve-expiry-email
2020-06-04 15:51:17 -07:00
1bcc9d5d0d
allowing for _ in domains
2020-06-03 13:20:23 -04:00
1b8507636b
fixing quotes, no escape characters in tests, fixed anchors
2020-06-03 12:49:55 -04:00
3ce7cd6c50
fixing escaped string on domain test
2020-06-03 11:34:14 -04:00
8658ac531e
fixing unittests and allowing for single character domains
2020-06-03 08:08:49 -04:00
2a1751ec30
fixing domain validation to account for 2-63 character length and correct character set
2020-06-03 04:56:38 -04:00
50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-27 15:29:47 -07:00
d8948a12d3
Merge branch 'master' into check-revoke-revised
2020-05-27 15:29:19 -07:00
86c3771044
Merge branch 'master' into json-logging-rotate
2020-05-27 15:28:48 -07:00
904bc9d8b6
Merge branch 'master' into improve-expiry-email
2020-05-27 15:28:41 -07:00
d95f02d234
Merge branch 'master' into master
2020-05-27 14:25:07 -07:00
8861cc70cb
rewordin
2020-05-26 17:12:47 -07:00
34e3f7c049
improved messaging
2020-05-26 16:38:12 -07:00
4eeab91d73
making lint happy
2020-05-22 18:36:39 -07:00
10dfedee36
making lint happy
2020-05-22 18:33:43 -07:00
86310ff02d
Merge branch 'master' into check-revoke-revised
2020-05-22 18:25:00 -07:00
87a53557cd
Merge branch 'master' into json-logging-rotate
2020-05-22 18:24:53 -07:00
8f16688b0a
Merge branch 'master' into check-revoke-revised
2020-05-22 17:45:50 -07:00
49a8b80df2
better exception handling when OCSP or CRL or not implemented
2020-05-22 17:36:34 -07:00
c9767b3172
adding logging for revoked certs
2020-05-22 17:32:44 -07:00
49c4a9c3b2
making the revocation to be scoped based on the authority plugin name
2020-05-22 17:29:30 -07:00
4923bbf8a7
adding json formatted logging
2020-05-22 16:22:12 -07:00
09016fd2ee
cleaning up the code after more local testing
2020-05-22 16:04:39 -07:00
f83e3f764e
always assign csr_sans to name
2020-05-22 21:52:43 +03:00
97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-22 10:29:28 -07:00
cc4fc66c93
Merge branch 'master' into master
2020-05-22 09:57:46 -07:00
748268ecd5
Merge branch 'master' into cert-rotation-region-by-region
2020-05-22 09:57:06 -07:00
2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-05-21 15:39:58 -07:00
fd444403bb
improved logging.
...
- adding destination name, fixing broken metric.
2020-05-21 15:32:38 -07:00
70985f4ff5
revised system arch
2020-05-14 22:37:30 -07:00
cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region
2020-05-08 15:32:49 -07:00
529ee04ae7
removing duplicate line
2020-05-08 09:16:46 -07:00
f68900d2b3
improving logging and the possibility of defining which Authorities qualify for auto-rotation
2020-05-07 18:28:01 -07:00
843ffad60e
removing testing comments
2020-05-07 17:10:50 -07:00
1b6907a404
Certificate rotation region by region
...
example scheudule:
CELERYBEAT_SCHEDULE = {
'certificate_rotate': {
'task': 'lemur.common.celery.certificate_rotate',
'options': {
'expires': 180
},
'schedule': crontab(minute="*"),
'kwargs': {'region': 'us-east-1'}
}
}
2020-05-07 16:28:01 -07:00
7e97d885df
Address comments
2020-04-28 13:16:27 -07:00
863af7a3e5
Making CLI command ; Running black
2020-04-28 12:16:46 -07:00
273c3e2793
Celery task to enable autorotate for all certificates attached to endpoints without it enabled
2020-04-28 11:52:43 -07:00
8d0007b9c0
fixing the private DNS zone issue.
...
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure they are not added to the dns_provider table.
2020-04-24 15:48:06 -07:00
cee81bd693
updated requirements, fixed unittests, pytest, and distinguidedName ordering
2020-04-09 18:17:05 -07:00
213b13d3c9
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:56:51 -04:00
2c8dc24fda
Merge branch 'master' into enhanced_error_loggin
2020-04-08 14:51:06 -04:00
1360d846fd
Improve error logging for a couple of use cases
2020-04-08 11:50:42 -07:00
3b3cec6f8b
Merge branch 'master' into oauth2
2020-04-08 10:12:04 -07:00
eaeec5d757
Merge branch 'master' into imporved-metrics-sources
2020-04-08 09:23:27 -07:00
11b15e7e23
Clean up docstrings
2020-04-08 08:41:48 -07:00
eb138fc960
Add default celery metrics and logging using celery signals
2020-04-08 08:38:40 -07:00
45c98a21b3
Merge branch 'master' into imporved-metrics-sources
2020-04-06 16:02:25 -07:00
46e0d1953b
Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02
2020-04-05 21:47:24 -07:00
f82ec24dfa
updating _get_txt_records return values and docstrings
2020-04-05 21:46:33 -07:00
5c2a2f8ff2
OAUTH2 fixes
...
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
2020-04-04 11:32:23 -04:00
5add647148
# emitting the count of certificates on the source
2020-04-03 16:51:24 -07:00
efb7a33d3e
Merge branch 'master' into castrapel-patch-3
2020-04-01 14:03:17 -04:00
b4025e6820
Merge branch 'master' into castrapel-patch-3
2020-04-01 13:55:14 -04:00
9a939e8281
Merge branch 'master' into castrapel-patch-2
2020-04-01 13:54:39 -04:00
d825616ea6
No need to retry 25 times on DeleteConflict errors
2020-04-01 10:53:17 -07:00
e25f97fce7
Bump time limit for clean_source Celery job
...
For larger accounts, I've hit SoftTimeLimit exceptions before completion of this celery job. Bumping up the time limit on this job.
2020-04-01 10:50:24 -07:00
67d24caef5
Remove equivalent destinations when cleaning certificates
...
Remove equivalent destinations when cleaning certificates. This will prevent Lemur from attempting to re-upload a certificate after it has been cleaned.
2020-04-01 10:31:12 -07:00
6f3ba23fa0
updating sinlge line of comments
2020-03-30 13:34:24 -07:00
9d9bf9d7ba
Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02
2020-03-30 09:02:56 -07:00
d6cc8a8a9a
fixing whitespace
2020-03-30 09:01:28 -07:00
66183e6bdd
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:45:15 -07:00
2b7e60399c
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:27:33 -07:00
0e314d0028
adding documentation and final cleanup
2020-03-27 10:18:38 -07:00
0149f8b0d3
add support for wildcard and naked domains to PowerDNS module
2020-03-26 22:15:10 -07:00
2a2499a929
simplifying code
2020-03-26 20:45:00 -07:00
5206997468
expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
2020-03-26 19:01:07 -07:00
88c40aa93c
Merge branch 'master' into master
2020-03-23 20:31:16 -07:00
697215f8bc
better handling of destination plugin errors, and also checking cert expiration before upload
2020-03-21 20:05:35 -07:00
7bd5173da4
Merge with Netflix/lemur master
2020-03-20 20:52:33 +03:00
1d4da0e3d8
another polish
2020-03-17 16:59:09 -07:00
ecca003ab4
improving the documentation and method naming
2020-03-17 16:55:36 -07:00
9de89ec96a
Merge branch 'master' into new_clean_cert_cli
2020-03-17 13:38:32 -07:00
07dc31bed7
cleaning up whitespace changes
2020-03-16 11:41:05 -07:00
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
34d23503de
fixing the data bug
2020-03-14 20:41:03 -07:00
b28b4f9a28
adding to new cli commands for cleaning certificates from source:
...
a) either about to expire in X days and not attached to an endpoint
a) or issued since X days but still not attached to an endpoint
2020-03-14 20:19:26 -07:00
c96695c966
refactor
2020-03-14 20:18:07 -07:00
593c35776c
adding new methods for getting pending clean
2020-03-14 20:17:05 -07:00
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
be722fb1b3
Fix lint
2020-03-11 20:51:10 +03:00
92a8942727
Fix lint
2020-03-11 15:37:11 +03:00
a6c3b85fe1
Fix lint
2020-03-11 15:15:56 +03:00
ba8e315eed
Fix typo
2020-03-11 14:22:04 +03:00
729ed3843d
Fix bug wth get_options and slash in name
2020-03-11 14:16:29 +03:00
d3cb0b517a
Add format support
2020-03-11 02:27:31 +03:00
ad86cf1fd9
Merge remote-tracking branch 'upstream/master'
2020-03-11 00:29:07 +03:00
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01
2020-03-05 15:25:40 -08:00
771e72187a
updates based on feedback
2020-03-05 15:24:56 -08:00
5dfb6acb17
adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation
2020-03-05 14:59:21 -08:00
c0004e506e
removing 2 year option from Lemur certificate request form
2020-03-04 14:50:44 -08:00
4a4b3b932e
Merge branch 'master' into master
2020-03-04 10:32:10 -08:00
1e81d47793
Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01
2020-03-03 17:28:58 -08:00
fdc1e20c23
updating config_mock defaults
2020-03-03 17:27:15 -08:00
38b7d6e5e3
Merge branch 'master' into renewal_validity_01
2020-03-03 14:44:33 -08:00
6c46481ffd
simplifying return statement for validity years
2020-03-03 14:40:50 -08:00
318292704d
fixing default/max DigiCert validity values
2020-03-03 14:29:17 -08:00
27a86f5c18
Fix: San values #2921
...
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
fe67ff2146
Update plugin.py
...
Fix lint
2020-03-02 09:18:02 +03:00
a8c0adaa4d
Merge remote-tracking branch 'upstream/master'
2020-02-27 17:08:35 +03:00
9612d291ed
Add path suffix options
2020-02-18 19:16:27 +03:00
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl
2020-02-17 10:30:58 -08:00
e75df1ddc9
Update plugin.py
2020-02-17 19:04:20 +01:00
d29edabefe
Merge branch 'master' into le_Log_orderurl
2020-02-17 09:24:51 -08:00
ed3472d029
Update plugin.py
2020-02-17 15:21:29 +01:00
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
...
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>"""
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
1815c89970
Made the change more elegant
...
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
a70a49e4e9
Update plugin.py
2020-02-15 16:11:58 +01:00
3693bc2d8b
removed whitespaces inserted by online editor
2020-02-15 16:09:25 +01:00
bfa953270d
Fixed whitespace error
2020-02-15 16:04:44 +01:00
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
...
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
a8e8924e2a
Merge branch 'master' into le_Log_orderurl
2020-02-14 17:10:38 -08:00
8e3cc93d6a
Whitespaces in empty line 113 removed
2020-02-14 07:50:18 +01:00
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-13 16:05:46 -08:00
2b849a6520
Update plugin.py
...
making lint happy
2020-02-13 15:58:07 -08:00
9db1ea3307
Merge branch 'master' into master
2020-02-13 12:47:06 -08:00
571c8bf42d
Error when validity_end date is empty #2905
...
this lines of code (114ff) in threw an error, when the validity_end date was empty:
if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)
Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
6c7bb5f9b7
Fixed TLS secret format ( #2913 )
...
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
2020-02-13 07:35:35 +01:00
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:23:21 -08:00
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:14:26 -08:00
b23ae60847
Merge branch 'master' into vault-k8s-auth
2020-02-10 11:12:52 -08:00
bcdb3173bd
ensuring that "3" is set as an integer instead of a string
2020-02-04 18:23:17 -08:00
8ea54d7db2
removing exception if domain zone not found. Logging the issue instead
2020-02-04 14:50:56 -08:00
48bccd6f68
moving _check_config() lower in file, near other private methods
2020-02-03 19:08:28 -08:00
c38e651eb0
Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01
2020-02-03 19:04:05 -08:00
53f81fb09f
updating based on suggestions in 2911
2020-02-03 18:58:31 -08:00
5e8599540e
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-03 20:32:41 +01:00
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
fecb5b6252
Merge branch 'master' into powerdnsplugin_01
2020-01-31 16:37:57 -08:00
fb6d369130
removed unnecessary imports in test_dns_providers.py
2020-01-31 16:18:22 -08:00
be7736d350
adding dns tests and assorted exception handling
2020-01-31 13:16:37 -08:00
969a7107fe
fixed PowerDNS Tests
2020-01-29 13:12:09 -08:00
b885244aa7
fixing issue where set_domains() is still called when get_all_zones() throws an exception
2020-01-29 11:26:53 -08:00
ef115ef2b1
moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES
2020-01-29 11:20:39 -08:00
b91899fe99
created CLI options for testin ACME over dns. Examle: `acme dnstest -d _acme-chall.foo.com -t token1`
2020-01-28 19:13:28 -08:00
192ecb3ce0
DNS provider: adding more logging
2020-01-28 16:24:50 -08:00
620f972635
Fixed an error
...
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
2020-01-27 11:04:49 +01:00
5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-24 11:28:55 +01:00
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
9984470b58
fix fatal error in schema validator
2020-01-23 15:27:02 +01:00
bddae6e428
adding PowerDNS delete_txt_record with associated tests
2020-01-22 16:18:52 -08:00
52c7686d58
adding wait_for_dns_change() and tests for PowerDNS ACME plugin
2020-01-21 18:47:21 -08:00
915ec0ba63
added PowerDNS support for create_txt_record and associated tests
2020-01-21 17:08:59 -08:00
71f43dfcc1
Fixing "'Role' object has no attribute 'set_third_party'" error.
2020-01-21 08:40:54 +01:00
acf531ece3
Merge branch 'master' into vault-k8s-auth
2020-01-20 15:18:29 -08:00
6ee856e26d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-20 15:15:25 -08:00
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
7f119b8914
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-17 17:18:06 -08:00
cb7507156c
Merge branch 'master' into vault-k8s-auth
2020-01-17 17:17:53 -08:00
d6f41b6a99
improving string formatting to avoid dangling white spaces and new lines
2020-01-16 13:45:13 -08:00
1ed6ae539d
# possibility to default to a SIGNING_ALGORITHM for a given profile
2020-01-15 16:19:48 -08:00
cd7d9aee55
fixed lint error
2020-01-13 23:09:58 +02:00
8d957f22af
changed file handling
2020-01-13 22:46:34 +02:00
bc1a2cf69c
Optimize certificates SQL query
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
cc0b2d5439
Added new lowercase indexes for certificates cn, name and domains name
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:40:22 +01:00
cad56c813e
fixed lint error
2020-01-12 01:51:48 +02:00
409b499217
added kubernetes auth for vault
2020-01-12 01:25:22 +02:00
348682d5ea
Merge branch 'master' into cfssl-key-fix
2020-01-09 10:44:02 -08:00
8be8c95b17
handled cfssl-key type error
2020-01-09 15:16:19 +02:00
1537d591a8
Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal.
2020-01-08 14:42:16 -08:00
9b9662d470
Merge branch 'master' into master
2020-01-03 13:15:58 -08:00
45c1207d07
Merge branch 'master' into master
2019-12-27 13:30:56 -05:00
9fb4be1273
remove trailing whitespace
2019-12-27 13:25:03 -05:00
189e8b2725
Eliminate subqueries when showing certificates list
2019-12-20 10:37:47 +01:00
00a0a27826
used fixedName variable to transport db lookup optimization
2019-11-20 09:44:31 -08:00
113c9dd657
atlas redis plugin typo cleanup and better exception handling
2019-11-06 10:42:59 -08:00
f803fab413
add plugin to send atlas metric via redis
2019-11-06 10:14:49 -08:00
0d983bd2b5
missed edge case
2019-10-18 15:39:36 -07:00
f077b19126
Merge branch 'master' into master
2019-10-18 11:32:21 -07:00
06f4aed693
keeping track of certs found by hash
2019-10-18 11:21:29 -07:00
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash
2019-10-18 11:08:51 -07:00
14e13b512e
providing a count for conflicts
2019-10-18 11:03:28 -07:00
9037f88430
just in case the path varies
2019-10-18 11:02:41 -07:00
1768aad9e2
capturing no such entity exception.
2019-10-18 10:17:58 -07:00
8aea257e6a
optimizing the call to describe cert to only the few certs with the naming issue
2019-10-18 09:24:49 -07:00
f075c5af3d
in case no cert match via name-search, search via the cert itself (serial number, hash comparison)
2019-10-18 08:48:11 -07:00
d43e859c34
describing the cert for each endpoint, for better cert search
2019-10-18 08:46:01 -07:00
10b600424e
refactoring searching for cert
2019-10-18 08:45:32 -07:00
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
f0652ca6a9
bug fix for overwriting certificates
2019-10-10 15:49:31 -04:00
477db836f4
lint
2019-09-23 12:52:17 -07:00
86f661a8af
With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed
2019-09-23 12:36:08 -07:00
96b2149433
removing unintended commit
2019-09-20 15:22:45 -07:00
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019
2019-09-20 15:19:25 -07:00
a13c45e9cc
updating dependencies, and fixing the deprecated arrow.replaces to shift
2019-09-20 13:49:38 -07:00
c669cd23f0
Merge branch 'master' into check-revoke-revised
2019-09-20 10:22:04 -07:00
972051a61e
removing 3 and 4 years from validity range options
2019-09-20 10:16:23 -07:00
d0e8666267
Merge branch 'master' into better-metrics-endpoints
2019-08-21 10:01:00 -07:00
db91e48395
adding account number for better logging, since the endpoint is not available in Lemur DB
2019-08-21 09:54:18 -07:00
e5e395f0d9
Show number of found items in pager
...
This commit does not involve any additional query as the data is already in API calls' responses
2019-08-20 09:29:58 +02:00
9b04d901c4
metric for missing certificate from an endpoint
2019-08-15 19:14:08 -07:00
f09643f350
Merge branch 'master' into check-revoke-revised
2019-08-15 11:15:24 -07:00
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
68abf11be8
Merge branch 'master' into check-revoke-revised
2019-08-13 20:09:27 -07:00
296a315a3e
Merge branch 'master' into soft_time_outs
2019-08-13 19:42:22 -07:00
ceb2d3d796
Merge branch 'master' into check-revoke-revised
2019-08-13 14:07:57 -07:00
sayali
Hossein Shafagh
sirferl
Raul Benencia
Javier Ramos
csine-nflx
alwaysjolley
e11it
Curtis Castrapel
Curtis
David Stipp
Chad S
Ilya Makarov
Ilya Makarov
Hossein Shafagh
Ilya Labun
rajatsharma94
Gutttlt
jenkins-x-bot
Ilya Labun
pmelse
Jay Zarfoss