a8c0adaa4d
Merge remote-tracking branch 'upstream/master'
2020-02-27 17:08:35 +03:00
9612d291ed
Add path suffix options
2020-02-18 19:16:27 +03:00
2ee60bcdb6
Merge branch 'master' into le_Log_orderurl
2020-02-17 10:30:58 -08:00
e75df1ddc9
Update plugin.py
2020-02-17 19:04:20 +01:00
d29edabefe
Merge branch 'master' into le_Log_orderurl
2020-02-17 09:24:51 -08:00
ed3472d029
Update plugin.py
2020-02-17 15:21:29 +01:00
3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter
...
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>"""
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
2020-02-17 12:40:36 +01:00
1815c89970
Made the change more elegant
...
As suggested by @hosseinsh. This is of course more elegant.
2020-02-16 09:28:52 +01:00
a70a49e4e9
Update plugin.py
2020-02-15 16:11:58 +01:00
3693bc2d8b
removed whitespaces inserted by online editor
2020-02-15 16:09:25 +01:00
bfa953270d
Fixed whitespace error
2020-02-15 16:04:44 +01:00
fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name)
...
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
2020-02-15 15:52:24 +01:00
a8e8924e2a
Merge branch 'master' into le_Log_orderurl
2020-02-14 17:10:38 -08:00
8e3cc93d6a
Whitespaces in empty line 113 removed
2020-02-14 07:50:18 +01:00
b521aaf579
Merge branch 'master' into le_Log_orderurl
2020-02-13 16:41:14 -08:00
af21225918
adding logging on sucess and metric submission of URL for certificate issuance
2020-02-13 16:38:33 -08:00
a449cc2b15
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-13 16:05:46 -08:00
2b849a6520
Update plugin.py
...
making lint happy
2020-02-13 15:58:07 -08:00
9db1ea3307
Merge branch 'master' into master
2020-02-13 12:47:06 -08:00
571c8bf42d
Error when validity_end date is empty #2905
...
this lines of code (114ff) in threw an error, when the validity_end date was empty:
if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)
Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
2020-02-13 07:38:04 +01:00
6c7bb5f9b7
Fixed TLS secret format ( #2913 )
...
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
2020-02-13 07:35:35 +01:00
ca8e73286f
fixed get_domains() to remove duplicate entries, updated usage and tests
2020-02-12 15:10:24 -08:00
2d7284f677
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:23:21 -08:00
c0cf1c02c1
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-10 11:14:26 -08:00
b23ae60847
Merge branch 'master' into vault-k8s-auth
2020-02-10 11:12:52 -08:00
bcdb3173bd
ensuring that "3" is set as an integer instead of a string
2020-02-04 18:23:17 -08:00
8ea54d7db2
removing exception if domain zone not found. Logging the issue instead
2020-02-04 14:50:56 -08:00
48bccd6f68
moving _check_config() lower in file, near other private methods
2020-02-03 19:08:28 -08:00
c38e651eb0
Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01
2020-02-03 19:04:05 -08:00
53f81fb09f
updating based on suggestions in 2911
2020-02-03 18:58:31 -08:00
5e8599540e
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-02-03 20:32:41 +01:00
ac0282529e
adding basic logging on success
2020-02-03 11:05:20 -08:00
fecb5b6252
Merge branch 'master' into powerdnsplugin_01
2020-01-31 16:37:57 -08:00
fb6d369130
removed unnecessary imports in test_dns_providers.py
2020-01-31 16:18:22 -08:00
be7736d350
adding dns tests and assorted exception handling
2020-01-31 13:16:37 -08:00
969a7107fe
fixed PowerDNS Tests
2020-01-29 13:12:09 -08:00
b885244aa7
fixing issue where set_domains() is still called when get_all_zones() throws an exception
2020-01-29 11:26:53 -08:00
ef115ef2b1
moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES
2020-01-29 11:20:39 -08:00
b91899fe99
created CLI options for testin ACME over dns. Examle: `acme dnstest -d _acme-chall.foo.com -t token1`
2020-01-28 19:13:28 -08:00
192ecb3ce0
DNS provider: adding more logging
2020-01-28 16:24:50 -08:00
620f972635
Fixed an error
...
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
2020-01-27 11:04:49 +01:00
5d8eb51ef4
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-24 11:28:55 +01:00
c465062673
integrated PowerDNS plugin into dns_providers
2020-01-23 23:53:38 -08:00
9984470b58
fix fatal error in schema validator
2020-01-23 15:27:02 +01:00
bddae6e428
adding PowerDNS delete_txt_record with associated tests
2020-01-22 16:18:52 -08:00
52c7686d58
adding wait_for_dns_change() and tests for PowerDNS ACME plugin
2020-01-21 18:47:21 -08:00
915ec0ba63
added PowerDNS support for create_txt_record and associated tests
2020-01-21 17:08:59 -08:00
71f43dfcc1
Fixing "'Role' object has no attribute 'set_third_party'" error.
2020-01-21 08:40:54 +01:00
acf531ece3
Merge branch 'master' into vault-k8s-auth
2020-01-20 15:18:29 -08:00
6ee856e26d
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-20 15:15:25 -08:00
3080a9527c
adding PowerDNS get_zones functionality and unit tests
2020-01-17 18:29:37 -08:00
7f119b8914
Merge branch 'master' into ilabun/optimize-certificates-sql
2020-01-17 17:18:06 -08:00
cb7507156c
Merge branch 'master' into vault-k8s-auth
2020-01-17 17:17:53 -08:00
d6f41b6a99
improving string formatting to avoid dangling white spaces and new lines
2020-01-16 13:45:13 -08:00
1ed6ae539d
# possibility to default to a SIGNING_ALGORITHM for a given profile
2020-01-15 16:19:48 -08:00
cd7d9aee55
fixed lint error
2020-01-13 23:09:58 +02:00
8d957f22af
changed file handling
2020-01-13 22:46:34 +02:00
bc1a2cf69c
Optimize certificates SQL query
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:43:41 +01:00
cc0b2d5439
Added new lowercase indexes for certificates cn, name and domains name
...
Co-authored-by: Javier Ramos <javier.ramos@booking.com>
2020-01-13 14:40:22 +01:00
cad56c813e
fixed lint error
2020-01-12 01:51:48 +02:00
409b499217
added kubernetes auth for vault
2020-01-12 01:25:22 +02:00
348682d5ea
Merge branch 'master' into cfssl-key-fix
2020-01-09 10:44:02 -08:00
8be8c95b17
handled cfssl-key type error
2020-01-09 15:16:19 +02:00
1537d591a8
Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal.
2020-01-08 14:42:16 -08:00
9b9662d470
Merge branch 'master' into master
2020-01-03 13:15:58 -08:00
45c1207d07
Merge branch 'master' into master
2019-12-27 13:30:56 -05:00
9fb4be1273
remove trailing whitespace
2019-12-27 13:25:03 -05:00
189e8b2725
Eliminate subqueries when showing certificates list
2019-12-20 10:37:47 +01:00
00a0a27826
used fixedName variable to transport db lookup optimization
2019-11-20 09:44:31 -08:00
113c9dd657
atlas redis plugin typo cleanup and better exception handling
2019-11-06 10:42:59 -08:00
f803fab413
add plugin to send atlas metric via redis
2019-11-06 10:14:49 -08:00
0d983bd2b5
missed edge case
2019-10-18 15:39:36 -07:00
f077b19126
Merge branch 'master' into master
2019-10-18 11:32:21 -07:00
06f4aed693
keeping track of certs found by hash
2019-10-18 11:21:29 -07:00
11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash
2019-10-18 11:08:51 -07:00
14e13b512e
providing a count for conflicts
2019-10-18 11:03:28 -07:00
9037f88430
just in case the path varies
2019-10-18 11:02:41 -07:00
1768aad9e2
capturing no such entity exception.
2019-10-18 10:17:58 -07:00
8aea257e6a
optimizing the call to describe cert to only the few certs with the naming issue
2019-10-18 09:24:49 -07:00
f075c5af3d
in case no cert match via name-search, search via the cert itself (serial number, hash comparison)
2019-10-18 08:48:11 -07:00
d43e859c34
describing the cert for each endpoint, for better cert search
2019-10-18 08:46:01 -07:00
10b600424e
refactoring searching for cert
2019-10-18 08:45:32 -07:00
b5ab87877b
adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors
2019-10-17 10:16:33 -07:00
f0652ca6a9
bug fix for overwriting certificates
2019-10-10 15:49:31 -04:00
477db836f4
lint
2019-09-23 12:52:17 -07:00
86f661a8af
With NLBs the DNS formatting has changed, which resulted in Lemur not getting the region correctly parsed
2019-09-23 12:36:08 -07:00
96b2149433
removing unintended commit
2019-09-20 15:22:45 -07:00
8c9a1df2cf
Merge branch 'master' into up-dependencies-20Sep2019
2019-09-20 15:19:25 -07:00
a13c45e9cc
updating dependencies, and fixing the deprecated arrow.replaces to shift
2019-09-20 13:49:38 -07:00
c669cd23f0
Merge branch 'master' into check-revoke-revised
2019-09-20 10:22:04 -07:00
972051a61e
removing 3 and 4 years from validity range options
2019-09-20 10:16:23 -07:00
d0e8666267
Merge branch 'master' into better-metrics-endpoints
2019-08-21 10:01:00 -07:00
db91e48395
adding account number for better logging, since the endpoint is not available in Lemur DB
2019-08-21 09:54:18 -07:00
e5e395f0d9
Show number of found items in pager
...
This commit does not involve any additional query as the data is already in API calls' responses
2019-08-20 09:29:58 +02:00
9b04d901c4
metric for missing certificate from an endpoint
2019-08-15 19:14:08 -07:00
f09643f350
Merge branch 'master' into check-revoke-revised
2019-08-15 11:15:24 -07:00
1c6fee7292
Allow better DNS autodetection for domains that directly match a DNS hosted zone
2019-08-15 10:52:26 -07:00
68abf11be8
Merge branch 'master' into check-revoke-revised
2019-08-13 20:09:27 -07:00
296a315a3e
Merge branch 'master' into soft_time_outs
2019-08-13 19:42:22 -07:00
ceb2d3d796
Merge branch 'master' into check-revoke-revised
2019-08-13 14:07:57 -07:00
2de3f287ab
standardizing the timeouts to easier monitor any timeouts
2019-08-13 12:21:27 -07:00
6e17d36d76
typos
2019-08-13 12:16:23 -07:00
22c60fedad
cosmetics
2019-08-13 12:11:04 -07:00
a3dfc3ef0a
consistency
2019-08-13 11:58:58 -07:00
c29f282560
improved the flow for checking if the task is active
2019-08-13 11:52:56 -07:00
4d728738ee
handling celery tasks without any arguments
2019-08-13 11:42:43 -07:00
07a9c56fb8
making lint happy
2019-08-13 09:35:57 -07:00
bf47f87c21
preventing celery duplicate tasks
2019-08-12 13:52:01 -07:00
5d4413e45c
Merge branch 'master' into ultradnsPlugin
2019-08-09 08:48:24 -07:00
83159c2417
Merge branch 'master' into multi-profile-digicert-plugin
2019-08-09 07:32:33 -07:00
da9c91afb4
fixing metric bug
2019-08-08 17:56:22 -07:00
3b9b94623f
cleaning up
2019-08-07 18:06:59 -07:00
8340e0653b
making lint happy
2019-08-07 18:04:28 -07:00
d1519343d1
improving check revoked by only considering authorities which do support revocation and also only including not expired certs
2019-08-07 17:54:10 -07:00
9a02230d63
adding soft time outs for celery
2019-08-07 17:48:06 -07:00
d9aef2da3e
Changed dummy nameserver value
2019-08-07 14:38:18 -07:00
a97283f0a4
Fixed indentation
2019-08-07 14:23:09 -07:00
a6bf081bec
Remove unused import
2019-08-07 14:08:27 -07:00
43f5c8b34e
Fixed indentation
2019-08-07 14:08:06 -07:00
cadf372f7b
Removed hardcoded value from function call
2019-08-07 14:02:10 -07:00
b4f4e4dc24
Added extra check for return value to test_create_txt_record
2019-08-07 13:55:02 -07:00
fa7f71d859
Modified paginate response to dummy values
2019-08-07 13:53:10 -07:00
3ff56fc595
Blank line removed
2019-08-07 13:42:11 -07:00
894502644c
test_wait_for_dns_change fixed!
2019-08-07 13:39:20 -07:00
37a1b55b08
test_delete_txt_record changed to mock get_zone_name and return the value directly instead of executing the function.
2019-08-07 13:27:21 -07:00
31c2d207a2
test_delete_txt_record fixed. Function call was missing earlier
2019-08-07 13:23:05 -07:00
785c1ca73e
test_create_txt_record modified - get_zone_name mocked to return the zone name directly, instead of actually running the function.
2019-08-07 13:20:24 -07:00
f2cbddf9e2
Unit tests for get_zone_name, get_zones
2019-08-07 13:17:16 -07:00
6e84e1fd59
Unit Tests for create_txt_record, delete_txt_record, wait_for_dns_change
2019-08-07 13:04:38 -07:00
ff1f73f985
fixing the plugin test to include authority
2019-08-07 12:05:36 -07:00
bbda9b1d6f
making sure to handle when no config file provided, though we do a check for that
2019-08-07 12:05:13 -07:00
e2ea2ca4d1
providing sample config
2019-08-07 11:05:07 -07:00
b885cdf9d0
adding multi profile name support with DigiCert plug.
...
This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.
DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}
Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
2019-08-07 10:24:38 -07:00
a7c2b970b0
Unit testing Part 1
2019-08-05 14:00:22 -07:00
ad6c38960a
Merge branch 'master' into ultradnsPlugin
2019-07-31 16:05:36 -07:00
2903799b85
Changed string formatting from "{}".format() to f"{}" for consistency
2019-07-31 14:19:49 -07:00
e8e4f826ea
updating logging format
2019-07-31 13:09:31 -07:00
5a401b2d87
Added the Zone class and Record class to ultradns.py and removed the respective files
2019-07-31 12:04:42 -07:00
fe075dc9f5
Changed function comments to doc strings.
2019-07-31 12:00:31 -07:00
503df999fa
Updated metrics.send to send function named, followed by status, separated by a period
2019-07-31 11:32:04 -07:00
11cd095131
Reduced the number of calls to get_public_authoritative_nameserver by using a variable
2019-07-31 11:12:28 -07:00
3ba7fdbd49
Updated logger to log a dictionary instead of a string
2019-07-31 11:11:39 -07:00
0f591e9a3d
Merge branch 'master' into moving-cronjobs-to-celery-v2
2019-07-30 14:13:59 -07:00
6bf920e66c
Merge branch 'master' into ultradnsPlugin
2019-07-30 14:13:45 -07:00
7810095796
Merge branch 'master' into better-error-handling-dyn
2019-07-30 13:27:43 -07:00
44bc562e8b
Update ultradns.py
...
Minor logging changes in wait_for_dns_change
2019-07-30 13:08:16 -07:00
3d48b422b5
Removed TODO
2019-07-30 11:39:35 -07:00
a89cbe9332
moving all cron jobs to become celery jobs
2019-07-30 09:57:15 -07:00
3ad791e1ec
Dynamically obtain the authoritative nameserver for the domain
2019-07-29 18:01:28 -07:00
e993194b4f
Check ultraDNS authoritative server first. Upon success, check Googles DNS server.
2019-07-29 14:59:28 -07:00
adabe18c90
metric tags, to be able to track which domains where failing during the LetsEncrypt domain validation
2019-07-25 18:56:28 -07:00
429e6a967c
better error handling for redis
2019-07-25 18:49:19 -07:00
252410c6e9
Updated TTL from 300 to 5
2019-07-22 16:00:20 -07:00
51f3b7dde0
Added the Record class for UltraDNS
2019-07-22 14:23:40 -07:00
0b52aa8c59
Added Zone class to handle ultradns zones
2019-07-22 11:47:48 -07:00
36ebba6491
source is not dict
2019-07-18 15:16:01 -07:00
e37a7c775e
Initial commit for the UltraDNS plugin to support Lets Encrypt
2019-07-18 14:29:54 -07:00
09c0fa0f94
updating the function declaration
2019-07-16 17:21:01 -07:00
cd1aeb15f1
adding testing for redis
2019-07-12 11:50:12 -07:00
1b1bdbb261
spacing
2019-07-12 10:25:37 -07:00
97d74bfa1d
fixing the app context issue. we will create an app if no current_app available
2019-07-12 08:47:39 -07:00
2628ed1a82
better alerting
2019-07-11 23:00:35 -07:00
8eb639e366
Initial LetsEncrypt / Celery docs
2019-07-09 11:13:11 -07:00
0c5a8f2039
Relax celery time limit for source syncing; Ensure metric tags are string
2019-07-01 08:35:04 -07:00
0e037973b2
Revert "Faster permalink"
2019-06-26 10:31:58 -07:00
850620c2a2
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:41:08 -07:00
5df06501f6
Merge pull request #2814 from intgr/expose-cert-hasprivaatekey
...
Expose new certificate field hasPrivateKey
2019-06-25 09:40:27 -07:00
8fbff00850
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:29:06 -07:00
404b7a25bc
Merge branch 'master' into restore-manage-shebang
2019-06-25 09:27:08 -07:00
86a1fb41ac
lint fix
2019-06-25 06:56:37 -04:00
55a96ba790
type none
2019-06-24 15:10:10 -04:00
6699833297
fixing empty chain
2019-06-24 13:10:08 -04:00
2319858586
Expose new certificate field hasPrivateKey
...
We can also now disable the 'private key' tab when cert doesn't have a
private key.
2019-06-22 15:38:28 +03:00
4565bd7dc6
Update SAN text
2019-06-21 13:33:55 -07:00
960064d5c6
Color change for Show Expired button
2019-06-21 11:32:16 -07:00
23caac5576
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-21 08:59:53 -07:00
39d65db7fd
Merge branch 'master' into generalizing-api
2019-06-20 16:13:04 -07:00
162a300e53
Merge branch 'master' into temp-ExpiredToggle-3
2019-06-20 16:12:55 -07:00
34cdd29a50
removing the rotation enabled requirement, to keep the endpoint generic
2019-06-20 16:06:26 -07:00
de0462e54f
Added missing semi-colon and changed double quotes to single quotes
2019-06-20 15:41:32 -07:00
68815b8f44
UI changes - Button to show / hide expired certs.
2019-06-20 15:05:26 -07:00
bbf50cf0b0
updated dest as well as src
2019-06-20 08:26:32 -04:00
02719a1de7
Merge branch 'master' into vault_regex
...
fixed conflicts:
lemur/plugins/lemur_vault_dest/plugin.py
2019-06-19 09:53:08 -04:00
56917614a2
fixing regex to be more flexable
2019-06-19 09:46:44 -04:00
8a08edb0f3
manage.py: Restore shebang line
...
This is an executable file but cannot be executed without the interpreter.
The shebang line was lost in commit 8cbc6b8325
2019-06-18 10:51:11 +03:00
f836c6fff6
API additions for viewing expired certs as well. Default behavior modified to show only valid certs and those which have expired less than 1 month ago.
2019-06-17 14:29:48 -07:00
c0f8fbb24f
Modified Permalink behavior to access a newer, faster API
2019-06-11 15:53:47 -07:00
57016f2f45
Merge branch 'master' of https://github.com/Netflix/lemur into FasterPermalink
2019-06-11 14:33:58 -07:00
491d048948
Modified the behavior of Permalink to access a newer, faster API
2019-06-10 09:47:29 -07:00
0446aea20e
Update messaging.py
2019-06-06 13:35:45 -07:00
1ed41d03ea
Merge branch 'master' into duplicate-notifications-(alternative)
2019-06-06 09:10:57 -07:00
28e26a1baf
to prevent duplicate emails, we might better remove owner and security email address from the notification recipient
2019-06-05 17:57:11 -07:00
45231c2423
Added code to automatically add the common name as a DNS name while creating a certificate.
2019-05-31 14:08:28 -07:00
7eb9c80fb2
Merge pull request #2798 from castrapel/domains_enhancements
...
Enhance domains query and sensitive domain checking code
2019-05-30 10:31:24 -07:00
8b821d0023
Enhance domains query and sensitive domain checking code; Allow creation of opt-out roles via config
2019-05-30 10:21:44 -07:00
071c083eae
hiding expired certs after 6 months from the main page
2019-05-30 10:21:03 -07:00
b4d9ab9f0c
Merge branch 'master' of github.com:Netflix/lemur into improving-cert-lookup-time
2019-05-30 08:55:49 -07:00
13d46ae42e
indexing the not after field in the cert table
2019-05-30 08:55:30 -07:00
8bc23f6deb
Merge pull request #2797 from castrapel/get_or_increase_name_simplify
...
Make get_or_increase_name queries less demanding
2019-05-29 12:50:06 -07:00
6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append
...
Fix Certificate Appending With v2 Vault API
2019-05-29 12:49:36 -07:00
5e389f3f48
Add certificate1 to test DB
2019-05-29 12:38:17 -07:00
f81adb1371
Make get_or_increase_name queries less demanding
2019-05-29 12:20:05 -07:00
fd35a26955
Support read replicas
2019-05-28 12:45:39 -07:00
09c7076e79
Handle double data field in API v2
2019-05-22 17:12:10 -04:00
1423ac0d98
More metrics
2019-05-21 12:55:33 -07:00
34c7e5230b
Set a limit on number of retries
2019-05-21 12:52:41 -07:00
4fac726cf4
Add support for JSON logging
2019-05-17 08:48:26 -07:00
0320c04be2
nosec comment
2019-05-16 08:14:46 -07:00
68fd1556b2
Black lint all the things
2019-05-16 07:57:02 -07:00
e3c5490d25
Expose exact response from digicert as error
2019-05-15 13:36:40 -07:00
26d10e8b98
change ordering in more places
2019-05-15 11:47:53 -07:00
7e92edc70a
Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion
2019-05-15 11:43:59 -07:00
6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup
2019-05-15 10:20:17 -07:00
5d8f71c3e4
nt
2019-05-14 13:02:24 -07:00
565142f985
Add soft timeouts to celery jobs; Check for PEM in LE order
2019-05-14 12:52:30 -07:00
f452a7ce68
adding a new API for faster certificate lookup.
...
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:
cn is a required parameter:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):
http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:
http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:
http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
2019-05-11 18:06:51 -07:00
ed18df22db
remove permalink change
2019-05-09 14:54:44 -07:00
e33a103ca1
Allow searching for certificates by name via API
2019-05-09 14:36:56 -07:00
c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate
2019-05-08 07:48:44 -07:00
87470602fd
Gather more metrics on certificate reissue/rotate jobs
2019-05-08 07:48:08 -07:00
317c84800c
Merge branch 'master' into jwks_validation_error_control
2019-05-08 06:50:56 -07:00
0eacbd42d7
Converting userinfo authorization to a config var
2019-05-07 15:31:42 -07:00
4e6e7edf27
Rename return variable for better readability
2019-05-07 22:53:01 +02:00
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control
2019-05-07 13:09:02 -07:00
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration
2019-05-07 09:06:02 -07:00
e58ff476c9
Merge branch 'master' into jwks_validation_error_control
2019-05-07 09:05:41 -07:00
22caaa0c95
Merge branch 'master' into fix_userinfo_authorization
2019-05-07 07:48:47 -07:00
e65154b48e
Merge branch 'master' into develop
2019-05-07 07:36:51 -07:00
ef7a8587fe
Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source
2019-05-07 10:06:09 -04:00
b0c8901b0a
lint cleanup
2019-05-07 10:05:01 -04:00
36ce1cc7ef
Merge branch 'master' into lemur_vault_source
2019-05-07 09:41:50 -04:00
fb3f0bd72a
adding Vault Source plugin
2019-05-07 09:37:30 -04:00
a7af3cf8d2
Fix Cloudflare DNS
2019-05-07 03:05:24 +03:00
deed1b9685
Don't fail if googleGroups is not found in user profile
2019-05-06 12:30:25 +02:00
6c99e76c9a
Better error management in jwks token validation
2019-05-06 12:27:43 +02:00
2063baefc9
Fixes userinfo using Bearer token
2019-05-06 12:23:24 +02:00
3a1da72419
nt
2019-04-29 13:57:04 -07:00
6e3f394cff
Updated requirements ; Revert change and require DNS validation by provider
2019-04-29 13:55:26 -07:00
1a90e71884
Move ACME host validation logic prior to R53 host modification
2019-04-26 17:27:44 -07:00
333ba8030a
Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname
2019-04-26 15:45:04 -07:00
1a3ba46873
More retry changes
2019-04-26 10:18:54 -07:00
1e64851d79
Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries
2019-04-26 10:16:18 -07:00
8eef95b58e
Merge branch 'master' into expose_verisign_exception
2019-04-25 19:15:55 -07:00
dcdfb32883
Expose verisign exceptions
2019-04-25 19:14:15 -07:00
39584f214b
Process DNS Challenges appropriately (1 challenge -> 1 domain)
2019-04-25 15:12:52 -07:00
2bc604e5a9
Better metrics and error reporting
2019-04-25 13:50:41 -07:00
272285f64a
Better exception handling, logging, and metrics for ACME flow
2019-04-24 15:26:23 -07:00
0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload
2019-04-24 09:34:35 -07:00
a801112cf6
Merge branch 'master' into lemur_vault_plugin
2019-04-23 07:07:39 -04:00
85efb6a99e
cleanup tmp files
2019-04-23 07:06:52 -04:00
9b38761153
Merge branch 'master' into add-pending-certificate-upload
2019-04-22 11:47:02 -07:00
f9dadb2670
fixing validation
2019-04-22 09:38:44 -04:00
8dccaaf544
simpler validation
2019-04-22 07:58:01 -04:00
1667c05742
removed unused functions
2019-04-18 13:57:10 -04:00
b39e2e3f66
Merge branch 'master' into lemur_vault_plugin
2019-04-18 13:55:45 -04:00
fb3b0e8cd7
adding regex filtering
2019-04-18 13:52:40 -04:00
7dd9268ca7
Allow uploading a signed cert for a pending certificate.
2019-04-18 00:46:39 +02:00
8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:43:44 -07:00
52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-17 10:31:58 -07:00
f6afcc6d21
Merge branch 'master' into master
2019-04-17 10:28:46 -07:00
58dd424de8
Prevent potential NoneType not subscriptable
...
Fix when data['extensions']['subAltNames']['names'] is none
2019-04-17 18:33:52 +02:00
771f2ebc47
Use SAN_CERT_CSR
2019-04-13 11:01:36 +02:00
770729a72e
Allow csr to be empty during upload
2019-04-13 01:17:12 +02:00
2ff811ae71
updating cryptography API call, to create right signing algorithm object.
2019-04-13 00:57:48 +02:00
09796cf7c9
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-04-13 00:57:48 +02:00
406753fcde
Fix PEP8
2019-04-13 00:49:35 +02:00
a5570d07bc
Added some documentation for API users.
2019-04-13 00:48:19 +02:00
c1b02cc8a5
Allow uploading csr along with certificates
2019-04-13 00:48:19 +02:00
df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-12 09:38:50 -07:00
ceb335f3ab
Merge branch 'master' into master
2019-04-12 09:38:41 -07:00
9ecc19c481
adding san filter
2019-04-12 09:53:06 -04:00
6d67ec7e34
removing unused import
2019-04-11 17:34:02 -07:00
512e1a0bdd
fixing typos
2019-04-11 17:17:28 -07:00
6ec84a398c
checking for None
2019-04-11 17:13:47 -07:00
69c00c4db5
upon creating a new destination, we also add it as source, if the plugin defines this as an option
2019-04-11 17:13:47 -07:00
d7abf2ec18
adding a new util method for setting options
2019-04-11 17:13:47 -07:00
557fac39b5
refactoring the sync job into a service method that we can also call when adding a new destination
2019-04-11 17:13:47 -07:00
d1ead4b79c
removing the announcement
2019-04-11 17:13:47 -07:00
5900828051
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
818da6653d
removing the announcement
2019-04-11 17:13:47 -07:00
e1a67e9b4e
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
84dfdd0600
removing the announcement
2019-04-11 17:13:47 -07:00
ba691a26d4
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
b66fac0494
removing the announcement
2019-04-11 17:13:47 -07:00
1bda246df2
simple hardcoded announcement
2019-04-11 17:13:47 -07:00
9a210c055a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-11 15:36:48 -07:00
2459234147
removing lines
2019-04-11 14:34:26 -07:00
60edab9f6d
cleaning up
2019-04-11 14:12:31 -07:00
ec3d2d7316
fixing typo
2019-04-11 13:51:43 -07:00
83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-11 13:30:12 -07:00
266c83367d
avoiding hard-coded plugin names
2019-04-11 13:29:37 -07:00
f185df4f1e
bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug
2019-04-11 13:28:58 -07:00
2ff57e932c
Update requirements - upgrade to py37
2019-04-10 15:40:48 -07:00
d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-04-10 09:47:06 -07:00
bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register
2019-04-09 20:52:33 -07:00
f3d0536800
removing hardcoded rules, to give more flexibility into defining new source-destinations
2019-04-09 20:49:07 -07:00
bfc4f940da
Merge branch 'master' into master
2019-04-09 18:06:09 +02:00
64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks
2019-04-09 08:28:05 -07:00
dbf34a4d48
Rewrite Java Keystore/Truststore support based on pyjks library
2019-04-06 20:24:46 +03:00
d80a6bb405
Added tests for CSR parsing into CertificateInputSchema
2019-04-01 08:44:40 +02:00
e10007ef7b
Add support for Vault KV API v2
...
This adds the ability to target KV API v1 or v2.
2019-03-29 10:32:49 -04:00
b86e381e20
Parse SubjectAlternativeNames from CSR into Lemur Certificate
2019-03-27 13:46:33 +01:00
d2e969b836
better synching of source and destinations
2019-03-26 18:20:14 -07:00
4018c68d49
Merge branch 'master' into authority_validation_LE_errors
2019-03-25 08:34:10 -07:00
c2158ff8fb
Add order URI during LE cert creation failure; Fail properly when invalid CA passed; Update reqs
2019-03-25 08:28:23 -07:00
8a42cfa345
Merge branch 'master' into ghjaramos/master
2019-03-21 08:07:44 -07:00
fa4a5122bc
fixing file read to trim line endings and cleanup
2019-03-20 14:59:04 -04:00
f99b11d50e
refactor url and token to support muiltiple instances of vault
2019-03-20 13:51:06 -04:00
9e5496b484
Update schemas.py
2019-03-15 10:19:25 +01:00
f7452e8379
Parse DNSNames from CSR into Lemur Certificate
2019-03-15 09:29:23 +01:00
157db684c3
Merge branch 'master' into lemur_vault_plugin
2019-03-14 11:09:01 -04:00
c445297357
Update celery.py
2019-03-12 15:41:24 -07:00
f38e5b0879
Update celery.py
2019-03-12 15:29:04 -07:00
1a5a91ccc7
Update celery.py
2019-03-12 15:11:13 -07:00
3b3faa66f4
Merge branch 'master' into skip_duplicate_tasks
2019-03-12 14:53:42 -07:00
d220e9326c
Skip a task if similar task already active
2019-03-12 14:45:43 -07:00
57d3f3d5a5
Merge branch 'master' into lemur_vault_plugin
2019-03-08 07:08:56 -05:00
f1c09a6f8f
fixed comments
2019-03-07 15:58:34 -05:00
93ce259fb2
Merge branch 'master' into verify-cert-chain
2019-03-07 12:46:19 -08:00
7b0a3cf781
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-07 15:42:40 -05:00
752c9a086b
fixing error handling and better data formating
2019-03-07 15:41:29 -05:00
92b60b279a
Merge branch 'master' into verify-cert-chain
2019-03-06 11:15:32 -08:00
43b1d6217a
Merge branch 'master' into allow-cert-deletion
2019-03-06 10:59:33 -08:00
98ece58342
Merge branch 'master' into lemur_vault_plugin
2019-03-06 10:59:03 -08:00
45cb0f0513
Merge branch 'master' into allow-cert-deletion
2019-03-06 09:35:10 -08:00
cc6d53fdeb
Ensuring that configs passed via the command line are respected.
2019-03-05 15:39:37 -08:00
a1cb8ee266
fixing lint
2019-03-05 07:37:04 -05:00
880eaad6cb
Merge branch 'lemur_vault_plugin' of github.com:/alwaysjolley/lemur into lemur_vault_plugin
2019-03-05 07:22:18 -05:00
4a027797e0
fixing linting issues
2019-03-05 07:19:22 -05:00
54ad3ba777
Merge branch 'master' into verify-cert-chain
2019-03-04 17:55:36 -08:00
c9bcd29082
Merge branch 'master' into lemur_vault_plugin
2019-03-04 17:55:00 -08:00
dd2900bdbc
Relax search;update requirements
2019-03-04 10:04:06 -08:00
10cec063c2
Check that stored certificate chain matches certificate
...
Similar to how the private key is checked.
2019-03-04 17:10:59 +02:00
20518bc377
Merge branch 'master' into lemur_vault_plugin
2019-03-01 09:58:43 -05:00
5d2f603c84
renamed vault destination plugin to avoid conflict with vault pki plugin
2019-03-01 09:49:52 -05:00
63de8047ce
Return 'already deleted' instead of 'not found' when cert has already been deleted
2019-02-27 09:38:25 +01:00
a9735e129c
Merge branch 'master' into allow-cert-deletion
2019-02-27 09:28:48 +01:00
658c58e4b6
clarifying comments
2019-02-26 17:04:43 -08:00
9dbae39604
updating cryptography API call, to create right signing algorithm object.
2019-02-26 16:42:26 -08:00
16a18cc4b7
adding more edge test cases for EC-certs
2019-02-26 16:42:26 -08:00
aec7c7b0bc
Merge branch 'master' into fixing-signature-verify-ecc
2019-02-26 09:28:48 -08:00
53301728fa
Moved url to config file instead of plugin option. One one url can be supported
...
unless both the token and url are moved to the plugin options.
2019-02-26 09:15:12 -05:00
40fac02d8b
the check_cert_signature() method was attempting to compare RSA and ECC signatures.
...
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
2019-02-25 19:05:54 -08:00
cd65a36437
- support multiple bundle configuration, nginx, apache, cert only
...
- update vault destination to support multi cert under one object
- added san list as key value
- read and update object with new keys, keeping other keys, allowing
us to keep an iterable list of keys in an object for deploying multiple
certs to a single node
2019-02-25 09:42:07 -05:00
ef0c08dfd9
Fix: when no alias is entered when exporting a certificate, the alias is set to 'blah'.
...
This fix sets it to the common name instead.
2019-02-21 16:33:43 +01:00
eaa73998a0
adding lemur_vault destination plugin
2019-02-19 15:03:15 -05:00
29bda6c00d
Fix typo's
2019-02-14 11:58:29 +01:00
8abf95063c
Implement a ALLOW_CERT_DELETION option (boolean, default False). When enabled, the certificate delete API call will work and the UI
...
will no longer display deleted certificates. When disabled (the default), the delete API call will not work (405 method not allowed)
and the UI will show all certificates, regardless of the 'deleted' flag.
2019-02-14 11:57:27 +01:00
e034771e36
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-11 12:04:33 -08:00
605663704b
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst
2019-02-05 12:41:33 -08:00
e139b92b24
Merge branch 'master' into hshafagh-src-dst-register
2019-02-05 12:41:26 -08:00
6d1ef933c4
creating a new celery task to sync sources with destinations. This is as a measure to make sure important new destinations are also present as sources.
2019-02-05 10:48:52 -08:00
2107d58050
Merge branch 'master' into get_by_attributes
2019-02-05 10:31:35 -08:00
8d261b4120
Merge branch 'master' into special-issuer-for-selfsigned-certs
2019-02-05 10:29:20 -08:00
51248c1938
Use special issuer values <selfsigned> and <unknown> in special cases
...
This way it's easy to find/distinguish selfsigned certificates stored in
Lemur.
2019-02-05 16:56:09 +02:00
1d2771b014
Merge branch 'master' into get_by_attributes
2019-02-04 21:07:09 -08:00
f249a82d71
renaming destination to source.
2019-02-04 16:10:48 -08:00
44a060b159
adding support for creating a source while creating a new dst, while the destination is from AWS
2019-02-04 15:36:39 -08:00
c1cf8d7a92
Merge branch 'master' into ADCS-plugin
2019-02-02 19:21:22 +01:00
45fbaf159a
Merge branch 'master' into master
2019-02-01 16:50:09 -08:00
8e93d007be
Merge branch 'master' into get_by_attributes
2019-02-01 16:48:50 -08:00
6705a0e030
Merge branch 'master' into ADCS-plugin
2019-02-01 16:38:39 -08:00
36ab1c0bec
Merge branch 'master' into ADCS-plugin
2019-02-01 19:10:46 +01:00
e24a94d798
Enforce that PEM strings (certs, keys, CSR) are internally passed as str, not bytes
...
This was already true in most places but not 100%, leading to lots of redundant checks and conversions.
2019-01-30 18:11:24 +02:00
e475d90e2e
Merge branch 'master' into master
2019-01-30 07:20:44 -08:00
e5ddf08f48
Merge branch 'master' into master
2019-01-29 16:37:29 -08:00
7f4f4ffded
Merge branch 'master' into master
2019-01-29 16:30:15 -08:00
48ad20faca
moving the 2 year validity issue to the Verisign plugin, and address it there
2019-01-29 16:17:08 -08:00
1e708bf1c7
Merge branch 'master' into password_noninteractive
2019-01-29 15:21:34 -08:00
d2317acfc5
allowing create_user with noninteractive PW;updating reqs
2019-01-29 15:17:40 -08:00
29638c7f3b
Merge branch 'master' into master
2019-01-29 14:59:55 -08:00
93021a5d89
Merge branch 'master' into expose-cert-distinguished-name
2019-01-29 14:56:31 -08:00
c68a9cf80a
fixing linting issues
2019-01-29 11:10:56 -05:00
254a3079f2
fix whitespace
2019-01-29 11:01:55 -05:00
b4d1b80e04
Adding support for cfssl auth mode signing
2019-01-29 10:13:44 -05:00
c77ccdf46e
Merge branch 'master' into ADCS-plugin
2019-01-28 17:57:46 +01:00
c47fa0f9a2
adjusting the tests to reflect on the new full year convert limit!
2019-01-24 17:52:22 -08:00
a9724e7383
Resolving the 2 years error from UI during cert creation:
...
Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
2019-01-24 17:23:40 -08:00
4b893ab5b4
Expose full certificate RFC 4514 Distinguished Name string
...
Using rfc4514_string() method added in cryptography version 2.5.
2019-01-23 10:03:40 +02:00
4c4fbf3e48
Implement certificates delete API call by marking a cert as 'deleted' in the database. Only certificates that have expired can be deleted.
2019-01-21 10:25:28 +01:00
cb35f19d6c
Add 'delete_cert' to enum log_type in logs table
2019-01-21 10:22:03 +01:00
0336d68ee2
Merge remote-tracking branch 'upstream/master'
2019-01-17 14:56:12 -08:00
7f88c24e83
Fix LetsEncrypt Dyn flow for duplicate CN/SAN
2019-01-17 14:56:04 -08:00
d3284a4006
adjusting the query to filter authorities based on matching CN
2019-01-14 17:52:06 -08:00
3567a768d5
Compare certificate hashes to determine if Lemur already has a synced certificate
2019-01-14 13:35:55 -08:00
31a86687e7
Reduce the expense of joins
2019-01-14 09:20:02 -08:00
c4e6e7c59b
Optimize DB cert filtering
2019-01-14 08:02:27 -08:00
638a8450a3
Merge branch 'master' into more_retries
2019-01-11 11:25:00 -08:00
0e02e6da79
Be more forgiving to throttling
2019-01-11 11:13:43 -08:00
a1ca61d813
changed a too long comment
2019-01-09 09:50:26 +01:00
a43476bc87
minor errors after lint fix
2019-01-07 11:04:27 +01:00
054685fc38
Merge branch 'master' into ADCS-plugin
2019-01-07 10:23:18 +01:00
c62bcd1456
repaired several lint errors
2019-01-07 10:02:37 +01:00
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
6a31856d0d
Update plugin.py
2018-12-21 12:33:47 -08:00
b5d6abb01f
Merge branch 'master' into kubernetes-improvment
2018-12-21 12:06:09 -08:00
b7332957e7
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:59:20 -08:00
70381c4c89
Merge branch 'master' into kubernetes-fix
2018-12-21 07:44:11 -08:00
a14fe08a63
Merge branch 'master' into kubernetes-improvment
2018-12-21 07:42:13 -08:00
fb7605e34b
Merge branch 'master' into unicode-in-issuer-name
2018-12-21 07:41:08 -08:00
Ilya Makarov
Hossein Shafagh
sirferl
csine-nflx
csine-nflx
Hossein Shafagh
Ilya Labun
rajatsharma94
Gutttlt
jenkins-x-bot
Ilya Labun
pmelse
Jay Zarfoss
Javier Ramos
Curtis Castrapel
Kush Bavishi
Kush Bavishi
Curtis
alwaysjolley
Marti Raudsepp
Danny Thomas
Ryan DeShone
Jose Plana
alwaysjolley
Daniel Iancu
Javier Ramos
Kevin Glisson
Ronald Moesbergen
Curtis Castrapel
Curtis Castrapel
sirferl