f82ec24dfa
updating _get_txt_records return values and docstrings
2020-04-05 21:46:33 -07:00
5c2a2f8ff2
OAUTH2 fixes
...
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
2020-04-04 11:32:23 -04:00
5add647148
# emitting the count of certificates on the source
2020-04-03 16:51:24 -07:00
efb7a33d3e
Merge branch 'master' into castrapel-patch-3
2020-04-01 14:03:17 -04:00
b4025e6820
Merge branch 'master' into castrapel-patch-3
2020-04-01 13:55:14 -04:00
9a939e8281
Merge branch 'master' into castrapel-patch-2
2020-04-01 13:54:39 -04:00
d825616ea6
No need to retry 25 times on DeleteConflict errors
2020-04-01 10:53:17 -07:00
e25f97fce7
Bump time limit for clean_source Celery job
...
For larger accounts, I've hit SoftTimeLimit exceptions before completion of this celery job. Bumping up the time limit on this job.
2020-04-01 10:50:24 -07:00
67d24caef5
Remove equivalent destinations when cleaning certificates
...
Remove equivalent destinations when cleaning certificates. This will prevent Lemur from attempting to re-upload a certificate after it has been cleaned.
2020-04-01 10:31:12 -07:00
6f3ba23fa0
updating sinlge line of comments
2020-03-30 13:34:24 -07:00
9d9bf9d7ba
Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02
2020-03-30 09:02:56 -07:00
d6cc8a8a9a
fixing whitespace
2020-03-30 09:01:28 -07:00
66183e6bdd
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:45:15 -07:00
2b7e60399c
Merge branch 'master' into powerdnsplugin_02
2020-03-27 10:27:33 -07:00
0e314d0028
adding documentation and final cleanup
2020-03-27 10:18:38 -07:00
0149f8b0d3
add support for wildcard and naked domains to PowerDNS module
2020-03-26 22:15:10 -07:00
2a2499a929
simplifying code
2020-03-26 20:45:00 -07:00
5206997468
expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
2020-03-26 19:01:07 -07:00
88c40aa93c
Merge branch 'master' into master
2020-03-23 20:31:16 -07:00
697215f8bc
better handling of destination plugin errors, and also checking cert expiration before upload
2020-03-21 20:05:35 -07:00
7bd5173da4
Merge with Netflix/lemur master
2020-03-20 20:52:33 +03:00
1d4da0e3d8
another polish
2020-03-17 16:59:09 -07:00
ecca003ab4
improving the documentation and method naming
2020-03-17 16:55:36 -07:00
9de89ec96a
Merge branch 'master' into new_clean_cert_cli
2020-03-17 13:38:32 -07:00
07dc31bed7
cleaning up whitespace changes
2020-03-16 11:41:05 -07:00
1a19e250bb
updating and cleaning up tests
2020-03-16 11:24:17 -07:00
34d23503de
fixing the data bug
2020-03-14 20:41:03 -07:00
b28b4f9a28
adding to new cli commands for cleaning certificates from source:
...
a) either about to expire in X days and not attached to an endpoint
a) or issued since X days but still not attached to an endpoint
2020-03-14 20:19:26 -07:00
c96695c966
refactor
2020-03-14 20:18:07 -07:00
593c35776c
adding new methods for getting pending clean
2020-03-14 20:17:05 -07:00
921d52b360
fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations
2020-03-13 00:03:31 -07:00
be722fb1b3
Fix lint
2020-03-11 20:51:10 +03:00
92a8942727
Fix lint
2020-03-11 15:37:11 +03:00
a6c3b85fe1
Fix lint
2020-03-11 15:15:56 +03:00
ba8e315eed
Fix typo
2020-03-11 14:22:04 +03:00
729ed3843d
Fix bug wth get_options and slash in name
2020-03-11 14:16:29 +03:00
d3cb0b517a
Add format support
2020-03-11 02:27:31 +03:00
ad86cf1fd9
Merge remote-tracking branch 'upstream/master'
2020-03-11 00:29:07 +03:00
e1e7efc96e
Merge branch 'master' into powerdnsplugin_01
2020-03-05 15:25:40 -08:00
771e72187a
updates based on feedback
2020-03-05 15:24:56 -08:00
5dfb6acb17
adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation
2020-03-05 14:59:21 -08:00
c0004e506e
removing 2 year option from Lemur certificate request form
2020-03-04 14:50:44 -08:00
4a4b3b932e
Merge branch 'master' into master
2020-03-04 10:32:10 -08:00
1e81d47793
Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01
2020-03-03 17:28:58 -08:00
fdc1e20c23
updating config_mock defaults
2020-03-03 17:27:15 -08:00
38b7d6e5e3
Merge branch 'master' into renewal_validity_01
2020-03-03 14:44:33 -08:00
6c46481ffd
simplifying return statement for validity years
2020-03-03 14:40:50 -08:00
318292704d
fixing default/max DigiCert validity values
2020-03-03 14:29:17 -08:00
27a86f5c18
Fix: San values #2921
...
Not sure is it correct solution
2020-03-03 21:45:33 +03:00
fe67ff2146
Update plugin.py
...
Fix lint
2020-03-02 09:18:02 +03:00
a8c0adaa4d
Merge remote-tracking branch 'upstream/master'
2020-02-27 17:08:35 +03:00
9612d291ed
Add path suffix options
2020-02-18 19:16:27 +03:00
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl
2020-02-17 10:30:58 -08:00
e75df1ddc9
Update plugin.py
2020-02-17 19:04:20 +01:00
d29edabefe
Merge branch 'master' into le_Log_orderurl
2020-02-17 09:24:51 -08:00
ed3472d029
Update plugin.py
2020-02-17 15:21:29 +01:00
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
...
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>"""
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
1815c89970
Made the change more elegant
...
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
a70a49e4e9
Update plugin.py
2020-02-15 16:11:58 +01:00
3693bc2d8b
removed whitespaces inserted by online editor
2020-02-15 16:09:25 +01:00
bfa953270d
Fixed whitespace error
2020-02-15 16:04:44 +01:00
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
...
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
a8e8924e2a
Merge branch 'master' into le_Log_orderurl
2020-02-14 17:10:38 -08:00
8e3cc93d6a
Whitespaces in empty line 113 removed
2020-02-14 07:50:18 +01:00
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-13 16:05:46 -08:00
2b849a6520
Update plugin.py
...
making lint happy
2020-02-13 15:58:07 -08:00
9db1ea3307
Merge branch 'master' into master
2020-02-13 12:47:06 -08:00
571c8bf42d
Error when validity_end date is empty #2905
...
this lines of code (114ff) in threw an error, when the validity_end date was empty:
if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)
Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
6c7bb5f9b7
Fixed TLS secret format ( #2913 )
...
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
2020-02-13 07:35:35 +01:00
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:23:21 -08:00
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:14:26 -08:00
b23ae60847
Merge branch 'master' into vault-k8s-auth
2020-02-10 11:12:52 -08:00
bcdb3173bd
ensuring that "3" is set as an integer instead of a string
2020-02-04 18:23:17 -08:00
8ea54d7db2
removing exception if domain zone not found. Logging the issue instead
2020-02-04 14:50:56 -08:00
48bccd6f68
moving _check_config() lower in file, near other private methods
2020-02-03 19:08:28 -08:00
c38e651eb0
Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01
2020-02-03 19:04:05 -08:00
53f81fb09f
updating based on suggestions in 2911
2020-02-03 18:58:31 -08:00
5e8599540e
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-03 20:32:41 +01:00
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
fecb5b6252
Merge branch 'master' into powerdnsplugin_01
2020-01-31 16:37:57 -08:00
fb6d369130
removed unnecessary imports in test_dns_providers.py
2020-01-31 16:18:22 -08:00
be7736d350
adding dns tests and assorted exception handling
2020-01-31 13:16:37 -08:00
969a7107fe
fixed PowerDNS Tests
2020-01-29 13:12:09 -08:00
b885244aa7
fixing issue where set_domains() is still called when get_all_zones() throws an exception
2020-01-29 11:26:53 -08:00
ef115ef2b1
moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES
2020-01-29 11:20:39 -08:00
b91899fe99
created CLI options for testin ACME over dns. Examle: `acme dnstest -d _acme-chall.foo.com -t token1`
2020-01-28 19:13:28 -08:00
192ecb3ce0
DNS provider: adding more logging
2020-01-28 16:24:50 -08:00
620f972635
Fixed an error
...
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
2020-01-27 11:04:49 +01:00
5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-24 11:28:55 +01:00
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
9984470b58
fix fatal error in schema validator
2020-01-23 15:27:02 +01:00
bddae6e428
adding PowerDNS delete_txt_record with associated tests
2020-01-22 16:18:52 -08:00
52c7686d58
adding wait_for_dns_change() and tests for PowerDNS ACME plugin
2020-01-21 18:47:21 -08:00
915ec0ba63
added PowerDNS support for create_txt_record and associated tests
2020-01-21 17:08:59 -08:00
71f43dfcc1
Fixing "'Role' object has no attribute 'set_third_party'" error.
2020-01-21 08:40:54 +01:00
acf531ece3
Merge branch 'master' into vault-k8s-auth
2020-01-20 15:18:29 -08:00
6ee856e26d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-20 15:15:25 -08:00
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
7f119b8914
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-17 17:18:06 -08:00
cb7507156c
Merge branch 'master' into vault-k8s-auth
2020-01-17 17:17:53 -08:00
d6f41b6a99
improving string formatting to avoid dangling white spaces and new lines
2020-01-16 13:45:13 -08:00
1ed6ae539d
# possibility to default to a SIGNING_ALGORITHM for a given profile
2020-01-15 16:19:48 -08:00
cd7d9aee55
fixed lint error
2020-01-13 23:09:58 +02:00
8d957f22af
changed file handling
2020-01-13 22:46:34 +02:00
bc1a2cf69c
Optimize certificates SQL query
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
cc0b2d5439
Added new lowercase indexes for certificates cn, name and domains name
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:40:22 +01:00
cad56c813e
fixed lint error
2020-01-12 01:51:48 +02:00
409b499217
added kubernetes auth for vault
2020-01-12 01:25:22 +02:00
348682d5ea
Merge branch 'master' into cfssl-key-fix
2020-01-09 10:44:02 -08:00
8be8c95b17
handled cfssl-key type error
2020-01-09 15:16:19 +02:00
1537d591a8
Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal.
2020-01-08 14:42:16 -08:00
9b9662d470
Merge branch 'master' into master
2020-01-03 13:15:58 -08:00
45c1207d07
Merge branch 'master' into master
2019-12-27 13:30:56 -05:00
9fb4be1273
remove trailing whitespace
2019-12-27 13:25:03 -05:00
189e8b2725
Eliminate subqueries when showing certificates list
2019-12-20 10:37:47 +01:00
00a0a27826
used fixedName variable to transport db lookup optimization
2019-11-20 09:44:31 -08:00
113c9dd657
atlas redis plugin typo cleanup and better exception handling
2019-11-06 10:42:59 -08:00
f803fab413
add plugin to send atlas metric via redis
2019-11-06 10:14:49 -08:00
0d983bd2b5
missed edge case
2019-10-18 15:39:36 -07:00
f077b19126
Merge branch 'master' into master
2019-10-18 11:32:21 -07:00
06f4aed693
keeping track of certs found by hash
2019-10-18 11:21:29 -07:00
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash
2019-10-18 11:08:51 -07:00
14e13b512e
providing a count for conflicts
2019-10-18 11:03:28 -07:00
9037f88430
just in case the path varies
2019-10-18 11:02:41 -07:00
1768aad9e2
capturing no such entity exception.
2019-10-18 10:17:58 -07:00
8aea257e6a
optimizing the call to describe cert to only the few certs with the naming issue
2019-10-18 09:24:49 -07:00
f075c5af3d
in case no cert match via name-search, search via the cert itself (serial number, hash comparison)
2019-10-18 08:48:11 -07:00
d43e859c34
describing the cert for each endpoint, for better cert search
2019-10-18 08:46:01 -07:00
10b600424e
refactoring searching for cert
2019-10-18 08:45:32 -07:00
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
f0652ca6a9
bug fix for overwriting certificates
2019-10-10 15:49:31 -04:00
477db836f4
lint
2019-09-23 12:52:17 -07:00
86f661a8af
With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed
2019-09-23 12:36:08 -07:00
96b2149433
removing unintended commit
2019-09-20 15:22:45 -07:00
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019
2019-09-20 15:19:25 -07:00
a13c45e9cc
updating dependencies, and fixing the deprecated arrow.replaces to shift
2019-09-20 13:49:38 -07:00
c669cd23f0
Merge branch 'master' into check-revoke-revised
2019-09-20 10:22:04 -07:00
972051a61e
removing 3 and 4 years from validity range options
2019-09-20 10:16:23 -07:00
d0e8666267
Merge branch 'master' into better-metrics-endpoints
2019-08-21 10:01:00 -07:00
db91e48395
adding account number for better logging, since the endpoint is not available in Lemur DB
2019-08-21 09:54:18 -07:00
e5e395f0d9
Show number of found items in pager
...
This commit does not involve any additional query as the data is already in API calls' responses
2019-08-20 09:29:58 +02:00
9b04d901c4
metric for missing certificate from an endpoint
2019-08-15 19:14:08 -07:00
f09643f350
Merge branch 'master' into check-revoke-revised
2019-08-15 11:15:24 -07:00
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
68abf11be8
Merge branch 'master' into check-revoke-revised
2019-08-13 20:09:27 -07:00
296a315a3e
Merge branch 'master' into soft_time_outs
2019-08-13 19:42:22 -07:00
ceb2d3d796
Merge branch 'master' into check-revoke-revised
2019-08-13 14:07:57 -07:00
2de3f287ab
standardizing the timeouts to easier monitor any timeouts
2019-08-13 12:21:27 -07:00
6e17d36d76
typos
2019-08-13 12:16:23 -07:00
22c60fedad
cosmetics
2019-08-13 12:11:04 -07:00
a3dfc3ef0a
consistency
2019-08-13 11:58:58 -07:00
c29f282560
improved the flow for checking if the task is active
2019-08-13 11:52:56 -07:00
4d728738ee
handling celery tasks without any arguments
2019-08-13 11:42:43 -07:00
07a9c56fb8
making lint happy
2019-08-13 09:35:57 -07:00
bf47f87c21
preventing celery duplicate tasks
2019-08-12 13:52:01 -07:00
5d4413e45c
Merge branch 'master' into ultradnsPlugin
2019-08-09 08:48:24 -07:00
83159c2417
Merge branch 'master' into multi-profile-digicert-plugin
2019-08-09 07:32:33 -07:00
da9c91afb4
fixing metric bug
2019-08-08 17:56:22 -07:00
3b9b94623f
cleaning up
2019-08-07 18:06:59 -07:00
8340e0653b
making lint happy
2019-08-07 18:04:28 -07:00
d1519343d1
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
2019-08-07 17:54:10 -07:00
9a02230d63
adding soft time outs for celery
2019-08-07 17:48:06 -07:00
d9aef2da3e
Changed dummy nameserver value
2019-08-07 14:38:18 -07:00
a97283f0a4
Fixed indentation
2019-08-07 14:23:09 -07:00
a6bf081bec
Remove unused import
2019-08-07 14:08:27 -07:00
43f5c8b34e
Fixed indentation
2019-08-07 14:08:06 -07:00
cadf372f7b
Removed hardcoded value from function call
2019-08-07 14:02:10 -07:00
b4f4e4dc24
Added extra check for return value to test_create_txt_record
2019-08-07 13:55:02 -07:00
fa7f71d859
Modified paginate response to dummy values
2019-08-07 13:53:10 -07:00
3ff56fc595
Blank line removed
2019-08-07 13:42:11 -07:00
894502644c
test_wait_for_dns_change fixed!
2019-08-07 13:39:20 -07:00
37a1b55b08
test_delete_txt_record changed to mock get_zone_name and return the value directly instead of executing the function.
2019-08-07 13:27:21 -07:00
31c2d207a2
test_delete_txt_record fixed. Function call was missing earlier
2019-08-07 13:23:05 -07:00
785c1ca73e
test_create_txt_record modified - get_zone_name mocked to return the zone name directly, instead of actually running the function.
2019-08-07 13:20:24 -07:00
f2cbddf9e2
Unit tests for get_zone_name, get_zones
2019-08-07 13:17:16 -07:00
6e84e1fd59
Unit Tests for create_txt_record, delete_txt_record, wait_for_dns_change
2019-08-07 13:04:38 -07:00
ff1f73f985
fixing the plugin test to include authority
2019-08-07 12:05:36 -07:00
bbda9b1d6f
making sure to handle when no config file provided, though we do a check for that
2019-08-07 12:05:13 -07:00
e2ea2ca4d1
providing sample config
2019-08-07 11:05:07 -07:00
b885cdf9d0
adding multi profile name support with DigiCert plug.
...
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.
DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}
Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
2019-08-07 10:24:38 -07:00
a7c2b970b0
Unit testing Part 1
2019-08-05 14:00:22 -07:00
ad6c38960a
Merge branch 'master' into ultradnsPlugin
2019-07-31 16:05:36 -07:00
2903799b85
Changed string formatting from "{}".format() to f"{}" for consistency
2019-07-31 14:19:49 -07:00
e8e4f826ea
updating logging format
2019-07-31 13:09:31 -07:00
5a401b2d87
Added the Zone class and Record class to ultradns.py and removed the respective files
2019-07-31 12:04:42 -07:00
fe075dc9f5
Changed function comments to doc strings.
2019-07-31 12:00:31 -07:00
503df999fa
Updated metrics.send to send function named, followed by status, separated by a period
2019-07-31 11:32:04 -07:00
11cd095131
Reduced the number of calls to get_public_authoritative_nameserver by using a variable
2019-07-31 11:12:28 -07:00
3ba7fdbd49
Updated logger to log a dictionary instead of a string
2019-07-31 11:11:39 -07:00
0f591e9a3d
Merge branch 'master' into moving-cronjobs-to-celery-v2
2019-07-30 14:13:59 -07:00
6bf920e66c
Merge branch 'master' into ultradnsPlugin
2019-07-30 14:13:45 -07:00
7810095796
Merge branch 'master' into better-error-handling-dyn
2019-07-30 13:27:43 -07:00
44bc562e8b
Update ultradns.py
...
Minor logging changes in wait_for_dns_change
2019-07-30 13:08:16 -07:00
3d48b422b5
Removed TODO
2019-07-30 11:39:35 -07:00
a89cbe9332
moving all cron jobs to become celery jobs
2019-07-30 09:57:15 -07:00
3ad791e1ec
Dynamically obtain the authoritative nameserver for the domain
2019-07-29 18:01:28 -07:00
e993194b4f
Check ultraDNS authoritative server first. Upon success, check Googles DNS server.
2019-07-29 14:59:28 -07:00
adabe18c90
metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation
2019-07-25 18:56:28 -07:00
429e6a967c
better error handling for redis
2019-07-25 18:49:19 -07:00
252410c6e9
Updated TTL from 300 to 5
2019-07-22 16:00:20 -07:00
51f3b7dde0
Added the Record class for UltraDNS
2019-07-22 14:23:40 -07:00
0b52aa8c59
Added Zone class to handle ultradns zones
2019-07-22 11:47:48 -07:00
36ebba6491
source is not dict
2019-07-18 15:16:01 -07:00
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
09c0fa0f94
updating the function declaration
2019-07-16 17:21:01 -07:00
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
1b1bdbb261
spacing
2019-07-12 10:25:37 -07:00
97d74bfa1d
fixing the app context issue. we will create an app if no current_app available
2019-07-12 08:47:39 -07:00
2628ed1a82
better alerting
2019-07-11 23:00:35 -07:00
8eb639e366
Initial LetsEncrypt / Celery docs
2019-07-09 11:13:11 -07:00
0c5a8f2039
Relax celery time limit for source syncing; Ensure metric tags are string
2019-07-01 08:35:04 -07:00
0e037973b2
Revert "Faster permalink"
2019-06-26 10:31:58 -07:00
850620c2a2
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:41:08 -07:00
5df06501f6
Merge pull request #2814 from intgr/expose-cert-hasprivaatekey
...
Expose new certificate field hasPrivateKey
2019-06-25 09:40:27 -07:00
8fbff00850
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:29:06 -07:00
404b7a25bc
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:27:08 -07:00
86a1fb41ac
lint fix
2019-06-25 06:56:37 -04:00
55a96ba790
type none
2019-06-24 15:10:10 -04:00
6699833297
fixing empty chain
2019-06-24 13:10:08 -04:00
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
4565bd7dc6
Update SAN text
2019-06-21 13:33:55 -07:00
960064d5c6
Color change for Show Expired button
2019-06-21 11:32:16 -07:00
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
39d65db7fd
Merge branch 'master' into generalizing-api
2019-06-20 16:13:04 -07:00
162a300e53
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-20 16:12:55 -07:00
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
de0462e54f
Added missing semi-colon and changed double quotes to single quotes
2019-06-20 15:41:32 -07:00
68815b8f44
UI changes - Button to show / hide expired certs.
2019-06-20 15:05:26 -07:00
bbf50cf0b0
updated dest as well as src
2019-06-20 08:26:32 -04:00
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
3a1da72419
nt
2019-04-29 13:57:04 -07:00
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
2459234147
removing lines
2019-04-11 14:34:26 -07:00
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
csine-nflx
David Stipp
Hossein Shafagh
Curtis
Chad S
Ilya Makarov
Ilya Makarov
e11it
sirferl
Hossein Shafagh
Ilya Labun
rajatsharma94
Gutttlt
jenkins-x-bot
Ilya Labun
pmelse
Jay Zarfoss
Javier Ramos
Curtis Castrapel
Kush Bavishi
Kush Bavishi
alwaysjolley
Marti Raudsepp
Danny Thomas
Ryan DeShone
Jose Plana
alwaysjolley
Daniel Iancu
Javier Ramos