Charles Hendrie
fbbf7f90f6
Fix test certificates module hanging issue ( #427 )
...
* Fix test certificates module hanging issue
When executing the lemur/tests/test_certificates.py module's tests, all
tests are executed, but the test process appears to hang and never
completes with the display of the results for the tests.
The hanging issue is traced to the two test methods:
test_import(logged_in_user) and test_upload(logged_in_user). The issue
has to do with the test methods' using the logged_in_user(app) fixture from
the conftest.py module as the method parameter.
The test methods at issue require the session, db, and app fixtures to
be initialized for the tests to complete successfully. The
logged_in_user() fixture only initializes the app fixture. Updating the
test_import() and test_upload() methods parameters to be the "session"
fixture fixes the hanging issue and the tests complete successfully.
This is the command being used to execute the tests...
$ py.test -s -v lemur/tests/test_certificates.py
* Update fix for test certificates hanging issue
Based on feedback from the original pull request for this fix, added the
session fixture to the logged_in_user fixture and reverted the
test_import() and test_upload() methods to use the logged_in_user
(instead of the session fixture).
2016-09-27 13:01:37 -07:00
Terin Stock
1ea75a5d2d
fix(certificates): import re module ( #428 )
2016-09-21 22:54:46 -07:00
Terin Stock
39645a1a84
feat(certificates): add support for restricted domains ( #424 )
...
Lemur's documentation already mentions LEMUR_RESTRICTED_DOMAINS, a list
of regular expressions matching domains only administrators can issue
certificates for. An option to mark domains as sensitive existed in the
API, however the configuration option was not implemented.
Now both ways of sensitivity are checked in the same place.
2016-09-12 16:59:14 -07:00
kevgliss
a60e372c5a
Ensuring that password hashes are compared correctly under python3
2016-09-07 13:25:51 -07:00
kevgliss
76cece7b90
Ensuring that private keys are retrieved correctly under python3. ( #422 )
2016-09-07 12:34:50 -07:00
kevgliss
ca2944d566
Ensuring the inactive certificates are not alerted on. ( #418 )
2016-08-29 15:46:35 -07:00
kevgliss
53d0636574
Python3 ( #417 )
...
* Fixing tests.
* Fixing issue where decrypted credentials were not returning valid strings.
* Fixing issues with python3 authentication.
2016-08-29 08:58:53 -07:00
kevgliss
7e6278684c
Python3 ( #416 )
...
* Fixing issue where decrypted credentials were not returning valid strings.
2016-08-26 16:02:23 -07:00
kevgliss
2d7a6ccf3c
Owner email ( #414 )
...
* Ensuring python2 works with unicode strings.
* adding in owner DN
* fixing tests
* Upgrading requests.
* Fixing tests.
2016-08-25 10:09:46 -07:00
kevgliss
18b99c0de4
Fixing an issue where openssl can't find the certificates to create PKCS12 files ( #408 )
2016-08-17 10:33:59 -07:00
kevgliss
29a330b1f4
Orphaned certificates ( #406 )
...
* Fixing whitespace.
* Fixing syncing.
* Fixing tests
2016-07-28 13:08:24 -07:00
kevgliss
a644f45625
Adding some simplified reporting. ( #403 )
...
* Adding issuance report.
* Fixing whitespace.
2016-07-27 12:41:32 -07:00
kevgliss
3db669b24d
Ensuring that the temporary certificate is created correctly ( #400 )
2016-07-12 18:07:11 -07:00
kevgliss
f38868a97f
Fixing various problems with the syncing of endpoints, throttling sta… ( #398 )
...
* Fixing various problems with the syncing of endpoints, throttling stale endpoints etc.
2016-07-12 08:40:49 -07:00
kevgliss
4f3dc5422c
Allowing the role-user associated to be updated. ( #396 )
...
* Allowing the role-user associated to be updated.
* Fixing tests
* Fixing tests, for real.
2016-07-07 13:03:10 -07:00
kevgliss
1ba7181067
Fixed an issue were default notifications were added even when updati… ( #395 )
...
* Fixed an issue were default notifications were added even when updating a certificate, resulting in duplicate notifications.
* Ensuring imported certificates get the same treatment.
2016-07-07 11:44:11 -07:00
kevgliss
74bf54cb8f
Slack spruce up ( #394 )
...
* Formatting slack message.
* Tweaking tests.
2016-07-06 10:27:13 -07:00
kevgliss
d4732d3ab0
Closes #335 . ( #392 )
2016-07-04 16:08:16 -07:00
kevgliss
cb9631b122
Closes #356 . ( #391 )
2016-07-04 15:38:51 -07:00
kevgliss
4077893d08
Ensuring that destinations require private keys by default. ( #390 )
...
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
kevgliss
4ee1c21144
Closes #372 ( #389 )
...
* Closes #372
2016-07-04 14:32:46 -07:00
kevgliss
c8eca56690
Closes #366 ( #387 )
2016-07-04 13:03:46 -07:00
kevgliss
300e2d0b7d
Adding plugin tests. ( #385 )
...
* Adding plugin tests.
* Fixing some python 2/3 incompatibilities.
2016-07-01 11:32:19 -07:00
kevgliss
e34de921b6
Target Individuals for Certificates ( #384 )
...
* Allowing individual users to be targeted for a role.
* Ensuring that even new users get a per user-role
2016-07-01 09:04:39 -07:00
kevgliss
9aec899bfd
Fixing a few errors.
...
* Fixing organizational_unit and common name
* FIxing organization name and allow creaters to view CA.
2016-06-29 16:16:37 -07:00
kevgliss
54b888bb08
Adding a toy certificate authority. ( #378 )
2016-06-29 09:05:39 -07:00
kevgliss
eefff8497a
Adding a new default issuer.
2016-06-28 17:46:26 -07:00
kevgliss
ecbab64c35
Adding endpoint migration script. ( #376 )
2016-06-28 16:12:56 -07:00
kevgliss
c8447dea3d
Fixing a few issues with startup. ( #374 )
2016-06-28 14:28:05 -07:00
kevgliss
5021e8ba91
Adding ACME Support ( #178 )
2016-06-27 15:57:53 -07:00
kevgliss
f846d78778
S3 destination ( #371 )
2016-06-27 15:11:46 -07:00
kevgliss
fe9703dd94
Closes #284 ( #336 )
2016-06-27 14:40:46 -07:00
mik373
b44a7c73d8
Kubernetes desination plugin ( #357 )
...
* Kubernetes desination plugin
* fixing build warnings
* fixing build warnings
2016-06-27 14:40:01 -07:00
kevgliss
19b928d663
Fixes #367
2016-06-23 13:29:59 -07:00
kevgliss
daea8f6ae4
Bug fixes ( #355 )
...
* we should not require password to update users
* Fixing an issue were roles would not be added.
2016-06-13 17:22:45 -07:00
Roi Martin
41d1fe9191
Using UTC time in JWT token creation ( #354 )
...
As stated in PyJWT's documentation [1] and JWT specification [2][3], UTC
times must be used. This commit fixes JWT decoding in servers not using
UTC time.
[1] https://pypi.python.org/pypi/PyJWT/1.4.0
[2] https://tools.ietf.org/html/rfc7519#section-4.1.6
[3] https://tools.ietf.org/html/rfc7519#section-2
2016-06-13 11:18:07 -07:00
Mike Grima
9a653403ae
Fix for Issue #352 .
2016-06-08 16:41:31 -07:00
kevgliss
77f13c9edb
Fixing issue were, after a user changes their mind validity years wil… ( #349 )
2016-06-06 12:11:40 -07:00
kevgliss
d9cc4980e8
Fixing destination upload. ( #347 )
...
* Fixing an issue where uploaded certificates would have a name of 'None'
* Clarifying comment.
* Improving order.
2016-06-03 18:45:58 -07:00
kevgliss
5e987fa8b6
Adding additional data migrations. ( #346 )
2016-06-03 17:56:32 -07:00
kevgliss
42001be9ec
Fixing the way filters were toggled. ( #345 )
2016-06-03 09:24:17 -07:00
kevgliss
dc198fec8c
Docs ( #344 )
...
* Adding release info.
* adding some fields
* Adding Source Plugin change.
* Updating docs
2016-06-03 08:28:09 -07:00
kevgliss
acd47d5ec9
Fixing an issue were authorities were not related to their roles ( #342 )
2016-06-02 09:07:17 -07:00
kevgliss
72e3fb5bfe
Fixing several small issues. ( #341 )
...
* Fixing several small issues.
* Fixing tests.
2016-06-01 11:18:00 -07:00
kevgliss
b2539b843b
Fixing and error causing duplicate roles to be created. ( #339 )
...
* Fixing and error causing duplicate roles to be created.
* Fixing python3
* Fixing python2 and python3
2016-05-31 15:44:54 -07:00
kevgliss
be5dff8472
Adding a visualization for authorities. ( #338 )
...
* Adding a visualization for authorities.
* Fixing some lint.
* Fixing some lint.
2016-05-30 21:52:34 -07:00
kevgliss
76037e8b3a
Fixing certificate names. ( #337 )
2016-05-27 12:00:10 -07:00
kevgliss
11f4bd503b
Fixes ( #332 )
...
* Ensuring domains are returned correctly.
* Ensuring certificates receive owner role
2016-05-24 17:10:19 -07:00
kevgliss
6688b279e7
Fixing some bad renaming. ( #331 )
2016-05-24 10:43:40 -07:00
kevgliss
1ca38015bc
Fixes ( #329 )
...
* Modifying the way roles are assigned.
* Adding migration scripts.
* Adding endpoints field for future use.
* Fixing dropdowns.
2016-05-23 18:38:04 -07:00
kevgliss
656269ff17
Closes #147 ( #328 )
...
* Closes #147
* Fixing tests
* Ensuring we can validate max dates.
2016-05-23 11:28:25 -07:00
kevgliss
bd727b825d
Making roles more apparent for certificates and authorities. ( #327 )
2016-05-20 12:48:12 -07:00
kevgliss
e04c1e7dc9
Fixing a few things, adding tests. ( #326 )
2016-05-20 09:03:34 -07:00
kevgliss
615df76dd5
Closes 262 ( #324 )
...
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
2016-05-19 13:37:05 -07:00
kevgliss
112c6252d6
Adding password reset command to the cli. ( #325 )
2016-05-19 10:07:15 -07:00
kevgliss
b13370bf0d
Making dropdowns look a bit better. ( #322 )
...
* Making dropdowns look a bit better.
* Pleasing Lint.
2016-05-19 09:04:50 -07:00
kevgliss
88aa5d3fdb
Making nested notifications less verbose ( #321 )
2016-05-19 08:48:55 -07:00
kevgliss
b187d8f836
Adding a better comparison. ( #320 )
2016-05-16 19:03:10 -07:00
kevgliss
1763a1a717
254 duplication certificate name ( #319 )
2016-05-16 15:59:40 -07:00
kevgliss
62b61ed980
Fixing various issues. ( #318 )
...
* Fixing various issues.
* Fixing tests
2016-05-16 11:09:50 -07:00
kevgliss
c11034b9bc
Fixes various issues. ( #317 )
2016-05-16 09:23:48 -07:00
kevgliss
58e8fe0bd0
Fixes various issues. ( #316 )
2016-05-13 14:35:38 -07:00
kevgliss
a0c8765588
Various bug fixes. ( #314 )
2016-05-12 12:38:44 -07:00
kevgliss
9022059dc6
Marshmallowing roles ( #313 )
2016-05-10 14:22:22 -07:00
kevgliss
7f790be1e4
Marsmallowing users ( #312 )
2016-05-10 14:19:24 -07:00
kevgliss
93791c999d
Marsmallowing destinations ( #311 )
2016-05-10 13:43:26 -07:00
kevgliss
5e9f1437ad
Marsmallowing sources ( #310 )
2016-05-10 13:16:33 -07:00
kevgliss
f9655213b3
Marshmallowing notifications. ( #308 )
2016-05-10 11:27:57 -07:00
kevgliss
008d608ec4
Fixing error in notifications. ( #307 )
2016-05-09 17:35:18 -07:00
kevgliss
78c8d12ad8
Cleaning up the way authorities are selected and upgrading uib dependencies.
2016-05-09 17:17:00 -07:00
kevgliss
df0ad4d875
Authorities marshmallow addition ( #303 )
2016-05-09 11:00:16 -07:00
Harm Weites
776e0fcd11
Slack plugin for notifications ( #305 )
2016-05-08 09:07:16 -07:00
kevgliss
6ec3bad49a
Closes #278 ( #298 )
...
* Closes #278
2016-05-05 15:28:17 -07:00
kevgliss
52f44c3ea6
Closes #278 and #199 , Starting transition to marshmallow ( #299 )
...
* Closes #278 and #199 , Starting transition to marshmallow
2016-05-05 12:52:08 -07:00
kevgliss
db8243b4b4
Closes #301
2016-05-04 16:56:05 -07:00
kevgliss
8e1b7c0036
Removing validation because regex is hard
2016-04-25 16:13:33 -07:00
kevgliss
9b0e0fa9c2
removing validtion from openssl
2016-04-25 16:11:37 -07:00
kevgliss
b9fe359d23
Fixes #285 Renames sync_sources function to sync to align documentation.
2016-04-25 11:21:25 -07:00
kevgliss
dbd1279226
Fixes #289 and #275
2016-04-21 16:22:19 -07:00
kevgliss
82b4f5125d
Fixes an issue where custom OIDs would clear out san extensions
2016-04-11 11:17:18 -07:00
kevgliss
3f89d6d009
Merge pull request #271 from kevgliss/195
...
Closes #195
2016-04-08 12:01:10 -07:00
kevgliss
c2387dc120
Fixes an issue where custom OIDs would clear out san extensions
2016-04-07 10:29:08 -07:00
kevgliss
dbc4964e94
Fixing an issue were metrics would not be sent
2016-04-05 10:23:33 -07:00
kevgliss
62d03b0d41
Closes #216
2016-04-01 16:54:33 -07:00
kevgliss
b5a4b293a9
Merge pull request #270 from kevgliss/248
...
Closes #248
2016-04-01 14:28:52 -07:00
kevgliss
bfcfdb83a7
Closes #195
2016-04-01 14:27:57 -07:00
kevgliss
4ccbfa8164
Closes #248
2016-04-01 13:29:08 -07:00
kevgliss
2cde7336dc
Closes #263
2016-04-01 13:01:56 -07:00
kevgliss
3ceb297276
Merge pull request #267 from kevgliss/261
...
Closes #261
2016-04-01 10:12:10 -07:00
kevgliss
5958bac2a2
Merge pull request #265 from kevgliss/257
...
Closes #257
2016-04-01 10:11:32 -07:00
kevgliss
47891d2953
Closes #261
2016-04-01 09:58:19 -07:00
kevgliss
939194158a
Closes #257
2016-04-01 09:49:44 -07:00
kevgliss
576265e09c
Closes #246
2016-04-01 09:19:36 -07:00
Mike Grima
ba666ddbfa
Removed deprecated auth api endpoint.
2016-02-16 15:04:53 -08:00
kevgliss
ac1f493338
version bump
2016-02-05 13:12:21 -08:00
kevgliss
e8e7bdf9e0
adding changelog
2016-02-05 13:00:59 -08:00
kevgliss
028d86c0bb
Adding a new flag to export plugins 'requires_key' that specifies whether the export plugin needs access to the private key. Defaults to True.
2016-01-29 12:45:18 -08:00
kevgliss
f8b6830013
Merge pull request #239 from kevgliss/228-filter-values
...
Fixing documentation for filter format
2016-01-29 11:54:13 -08:00
kevgliss
2ba48995fe
Fixing documentation for filter format
2016-01-29 11:47:16 -08:00
kevgliss
3cc8ade6d8
associating new authorities with the owner roles
2016-01-29 10:59:04 -08:00
kevgliss
39c9a0a299
Merge pull request #237 from kevgliss/218_password_regex
...
relaxing keystore password validation
2016-01-29 10:37:49 -08:00
kevgliss
3ad317fb6d
Merge pull request #236 from kevgliss/migration_script_fixups
...
Removing per 2.0 migration scripts
2016-01-29 10:30:41 -08:00
kevgliss
bd46440d12
relaxing keystore password validation
2016-01-29 10:29:04 -08:00
kevgliss
9f8f64b9ec
removing pre 2.0 migration scripts, and adding documentation for correct path during init
2016-01-29 09:22:12 -08:00
kevgliss
1e524a49c0
making 'replacements' a non-require attribute for importing. Closes #226
2016-01-29 09:02:51 -08:00
Edward Barker
b36e72bfcc
Minor spelling fix
...
Using the possessive “Your” rather than “You’re” in “Your passphrase
is:”
2016-01-12 22:04:42 -08:00
kevgliss
48f8b33d7d
Adding a rolling metric count
2016-01-11 15:26:32 -08:00
kevgliss
d87ace8c89
Merge pull request #211 from kevgliss/hotfix
...
fixing an issue were urllib does not like unicode
2016-01-11 10:38:45 -08:00
kevgliss
b1326d4145
fixing an issue were urllib does not like unicode
2016-01-11 10:31:58 -08:00
kevgliss
7c2862c958
Merge pull request #210 from kevgliss/hotfix
...
Fixes an assumption that 'subAltNames' are always passed to the API.
2016-01-11 09:08:38 -08:00
kevgliss
0a4f5ad64d
Fixing an assumption that 'subAltNames' are always passed to the API.
2016-01-10 17:33:19 -08:00
kevgliss
c617a11c55
Merge pull request #209 from kevgliss/migrate_chain
...
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:37:29 -08:00
kevgliss
053167965a
Adding command to transparently rotate the chain on an ELB
2016-01-10 14:20:36 -08:00
kevgliss
a7ac45b937
Merge pull request #206 from kevgliss/syncing
...
Fixing issue where we were seeing AWS API errors due to certificates …
2016-01-08 16:39:51 -08:00
kevgliss
5482bbf4bd
Fixing issue where we were seeing AWS API errors due to certificates not having private keys and could not be uploaded or 'synced'
2016-01-07 13:42:46 -08:00
Robert Picard
a1395a5808
Fix how the provider settings are passed to Satellizer
2016-01-05 17:26:09 -08:00
kevgliss
685e2c8b6d
fixing typo
2016-01-05 09:40:53 -08:00
kevgliss
967c7ded8d
Improving documentation layout
2015-12-31 11:12:56 -08:00
kevgliss
d6917155e8
Fixing tests
2015-12-30 15:32:01 -08:00
kevgliss
3f024c1ef4
Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5
2015-12-30 15:11:08 -08:00
kevgliss
9b166fb9a9
version bump
2015-12-30 09:15:11 -08:00
kevgliss
ca82b227b9
0.2.1 release info
2015-12-30 09:11:19 -08:00
Matthias Hähnel
8bb9a8c5d1
Define ACTIVE_PROVIDERS in default config
...
The configuration item ACTIVE_PROVIDERS must be initialized
Workaround for this error:
2015-12-30 13:58:48,073 ERROR: Internal Error [in /www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py:299]
Traceback (most recent call last):
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/www/lemur/local/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 462, in wrapper
resp = resource(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask/views.py", line 84, in view
return self.dispatch_request(*args, **kwargs)
File "/www/lemur/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 572, in dispatch_request
resp = meth(*args, **kwargs)
File "/www/lemur/lemur/auth/views.py", line 276, in get
for provider in current_app.config.get("ACTIVE_PROVIDERS"):
TypeError: 'NoneType' object is not iterable
2015-12-30 14:56:59 +01:00
kevgliss
00cb66484b
Merge pull request #188 from kevgliss/csr
...
Adding the ability to submit a third party CSR
2015-12-29 12:11:11 -08:00
kevgliss
cabe2ae18d
Adding the ability to issue third party created CSRs
2015-12-29 10:49:33 -08:00
kevgliss
3b5d7eaab6
More Linting
2015-12-27 18:08:17 -05:00
kevgliss
aa2358aa03
Fixing linting
2015-12-27 18:02:38 -05:00
kevgliss
a7decc1948
Fixing some issues with dynamically supporting multiple SSO providers
2015-12-27 17:54:11 -05:00
Robert Picard
60856cb7b9
Add an endpoint to return active authentication providers
...
This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
2015-12-22 18:03:56 -05:00
Robert Picard
350d013043
Add Google SSO
...
This pull request adds Google SSO support. There are two main changes:
1. Add the Google auth view resource
2. Make passwords optional when creating a new user. This allows an admin
to create a user without a password so that they can only login via Google.
2015-12-22 13:44:30 -05:00
kevgliss
6211b126a9
Fixing py3 syntax error
2015-12-18 11:01:08 -05:00
kevgliss
54c3fcc72a
Adding rotate command
2015-12-17 23:17:27 -05:00
kevgliss
b8c2d42cad
Closes #176
2015-12-17 14:52:20 -08:00
kevgliss
2896ce0dad
Closes #172
2015-12-16 08:18:01 -08:00
kevgliss
29bcde145c
0.2.1 release
2015-12-14 10:42:51 -08:00
kevgliss
6d17e4d538
Fixing templates
2015-12-04 09:51:38 -08:00
kevgliss
de9478a992
Disabling one-time binding
2015-12-03 16:57:37 -08:00
kevgliss
78037dc9ec
Fixing the startup port
2015-12-02 17:13:52 -08:00
kevgliss
041382b02f
Version bump
2015-12-02 14:53:46 -08:00
kevgliss
aa18b88a61
Making the notification email template cleaner
2015-12-01 17:13:43 -08:00
kevgliss
b1e842ae47
Merge pull request #162 from kevgliss/160-startup
...
Closes #160
2015-12-01 10:08:03 -08:00
kevgliss
e2524e43cf
adding exports
2015-12-01 09:44:41 -08:00
kevgliss
6aac2d62be
Closes #160
2015-12-01 09:40:27 -08:00
kevgliss
95e2636f23
Updating docs
2015-12-01 09:15:53 -08:00
kevgliss
11f2d88b16
Adding current migration files.
2015-11-30 15:43:38 -08:00
kevgliss
c3091a7346
Adding missing files.
2015-11-30 14:08:17 -08:00
kevgliss
9cadebcd50
adding example requests
2015-11-30 13:51:27 -08:00
kevgliss
f194e2a1be
Linting
2015-11-30 10:24:53 -08:00
kevgliss
ec896461a7
Adding final touches to #125
2015-11-30 09:47:36 -08:00
kevgliss
8eeed821d3
Adding UI elements
2015-11-27 13:27:14 -08:00
kevgliss
920d595c12
Initial work on #125
2015-11-25 14:54:08 -08:00
kevgliss
1c6e9caa40
Closes #144
2015-11-24 16:07:44 -08:00
kevgliss
d6b3f5af81
Closes #122
2015-11-24 14:53:22 -08:00
kevgliss
e14eefdc31
Added the ability to find an authority even if a user only types the name in and does not select it.
2015-11-23 16:41:31 -08:00
kevgliss
f0324e4755
Merge pull request #148 from kevgliss/120-error-length
...
Closes #120
2015-11-23 15:25:30 -08:00
kevgliss
00f0f957c0
Lint again
2015-11-23 15:13:18 -08:00
kevgliss
9c652d784d
Merge pull request #143 from kevgliss/requirements
...
Updating requirements
2015-11-23 14:59:31 -08:00
kevgliss
eb2fa74661
Fixing test
2015-11-23 14:49:05 -08:00
kevgliss
146c599deb
Lint cleanup
2015-11-23 14:47:34 -08:00
kevgliss
574c4033ab
Closes #120
2015-11-23 14:30:23 -08:00
kevgliss
eb0f6a04d8
Closes #140
2015-11-23 10:43:07 -08:00
kevgliss
df4364714e
Closes #139
2015-11-23 09:53:55 -08:00
Ryan Clough
2073090628
Use american english for consistency
2015-10-28 19:39:10 -07:00
kevgliss
0453afcb0e
Fixing issuer where roles were not added correctly to user.
2015-10-26 10:59:20 -07:00
kevgliss
4b968a9474
Adding aes - fernet migration
2015-10-23 16:47:17 -07:00
Robert Picard
40eb950e94
Use MultiFernet for encryption
...
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.
Fixes #117 and #119 .
2015-10-13 16:58:58 -07:00
Robert Picard
2fc6d4cd21
Fix a handful of typos in documentation
...
As I was reading through the docs I made note of grammar issues and
typos I saw. Not a huge deal but might as well fix what I noticed.
2015-10-06 15:05:05 -07:00
kevgliss
a20726a301
Fixing python 3.x syntax error
2015-10-06 13:11:24 -07:00
kevgliss
39727a1c9f
Fixing tests
2015-10-06 13:00:06 -07:00
kevgliss
168f46a436
Adding the ability to track a certificates signing key algorithm
2015-10-06 12:51:59 -07:00
kevgliss
798a6295ee
Fixes destination stat
2015-10-06 09:43:31 -07:00
kevgliss
63b7b71b49
adding clipboard functionality
2015-10-05 16:06:56 -07:00
kevgliss
9965af9ccd
fixing links, and adding zeroclipboard
2015-10-05 09:48:52 -07:00
kevgliss
867be09e29
more double quotes
2015-10-05 09:24:11 -07:00
kevgliss
8362a92898
fixing double quotes
2015-10-05 09:19:14 -07:00
kevgliss
162482dbc4
Adding ui router and perma links to certificates and authorities
2015-10-05 09:00:51 -07:00
kevgliss
2187898494
adding copy and a better profile picture for non-sso users
2015-10-02 15:36:50 -07:00
kevgliss
d4bc6ae7a1
Fixes #105
2015-10-02 13:46:13 -07:00
kevgliss
5cfa9d4bc5
description should be optional
2015-09-29 16:37:32 -07:00
kevgliss
7ebd0bf5d4
making fields required
2015-09-24 08:42:31 -07:00
kevgliss
06a69c09a0
Fixing a bug where notifications associated during certificate creation would not be respected.
2015-09-22 13:01:05 -07:00
kevgliss
be6a5b859e
adding notification example
2015-09-22 09:46:54 -07:00
Eric Mill
baef329a4d
Rename SSL to TLS
2015-09-21 18:16:19 -04:00
Eric Mill
a3385bd2ac
Rename SSL to TLS
2015-09-21 18:15:25 -04:00
kevgliss
fc0a884d5f
Cleaning up unneed/unused files
2015-09-20 09:49:16 -07:00
kevgliss
ef72de89b3
Minor fixes
2015-09-18 15:50:59 -07:00
kevgliss
a563986ce4
fixing an error where dates components were not replaced in logical order
2015-09-16 11:10:09 -07:00
kevgliss
d3cf273a45
Merge pull request #72 from kevgliss/docker
...
[WIP] Docker
2015-09-11 15:36:25 -07:00
kevgliss
25f652c1eb
fixing merge conflict
2015-09-11 08:38:48 -07:00
kevgliss
7f119e95e1
making the verisign urls more generic
2015-09-11 08:27:34 -07:00
kevgliss
1e314b505f
fixing keyerror
2015-09-08 18:18:14 -07:00
kevgliss
ef9a80ebfd
adding actual recipients
2015-09-08 18:03:18 -07:00
kevgliss
84d0afae4c
fixing email internvals
2015-09-08 17:56:20 -07:00
kevgliss
48a53ad436
fixing error in default password creation
2015-09-08 17:42:57 -07:00
kevgliss
2f4aee49e2
adding logging
2015-09-08 10:56:23 -07:00
kevgliss
f3f5b9eeb3
adding password commandline option
2015-09-08 10:56:23 -07:00
kevgliss
8ab9c06778
removing more netflix
2015-09-04 15:54:52 -07:00
kevgliss
0afd4c94b4
removing more netflix
2015-09-04 15:54:02 -07:00
kevgliss
aaae4d5a1f
unifying lemur defaults
2015-09-04 15:52:56 -07:00
kevgliss
9da713ab06
cleaning up references to netflix
2015-09-04 15:29:57 -07:00
kevgliss
160eaa6901
Fixing issue with expiration emails not being sent
2015-09-04 09:24:55 -07:00
kevgliss
180c8228e1
adding verisign source
2015-09-02 14:37:07 -07:00
kevgliss
089c0b2b1b
Merge pull request #68 from kevgliss/crons
...
Crons
2015-09-02 09:35:46 -07:00
kevgliss
3b109ec578
Cleaning up temporary file creation, and revocation checking
2015-09-02 09:19:06 -07:00
kevgliss
45158c64a2
cleaning up temporary file creation
2015-09-02 09:19:06 -07:00
kevgliss
a350940cd1
Adding command to fetch and publish verisign units
2015-09-02 09:19:06 -07:00
kevgliss
efec79d8de
removing silly description validation from lemur and enforcing it on the cloudca plugin (who actually cares)
2015-09-02 09:15:12 -07:00
kevgliss
62950128a2
Adding a better error message for really long common names Fixes #38
2015-09-02 09:15:11 -07:00
kevgliss
aca69ce03c
Closes #53
2015-09-02 09:15:11 -07:00
kevgliss
bf8ce354e5
Closes #55
2015-09-02 09:13:47 -07:00
kevgliss
8d09d865b1
Closes #57
2015-09-02 09:13:47 -07:00
kevgliss
480078da42
Removing str casting for role permission
2015-09-01 14:15:40 -07:00
kevgliss
46a5355377
Allows authorities to have editable owners and descriptions
2015-09-01 14:15:40 -07:00
kevgliss
3fb226ec11
Merge pull request #64 from kevgliss/validation
...
Validation of common name field
2015-08-29 14:01:31 -07:00
kevgliss
7471984ecf
removing silly description validation from lemur and enforcing it on the cloudca plugin (who actually cares)
2015-08-29 13:57:07 -07:00
kevgliss
df9b345541
Adding a better error message for really long common names Fixes #38
2015-08-29 13:57:07 -07:00
kevgliss
a484a6e24d
Closes #53
2015-08-29 13:07:30 -07:00
kevgliss
a7fd74396c
Merge pull request #61 from kevgliss/editOwner
...
Closes #55
2015-08-29 12:09:09 -07:00
kevgliss
8977c5ddbf
Ensuring notifications follow owner
2015-08-29 12:02:50 -07:00
kevgliss
f492e9ec1b
Closes #55
2015-08-29 11:53:46 -07:00
kevgliss
03e2991ced
Closes #57
2015-08-29 11:48:39 -07:00
kevgliss
80136834b5
Merge pull request #59 from kevgliss/cleanup
...
Cleanup
2015-08-29 10:30:03 -07:00
kevgliss
3b2f71cc8a
Merge pull request #58 from kevgliss/configBasedNames
...
Adding ability to define distinguished names in config
2015-08-29 10:23:21 -07:00
kevgliss
783acf6d8c
Removing Meechum specific code
2015-08-29 10:11:03 -07:00
Jeremy Heffner
53ce9cac4c
Fix a typo, add a typo
2015-08-27 15:55:39 -07:00
Jeremy Heffner
51800d5e4b
Added better error handling
...
Added a "dry run" option
2015-08-27 15:48:49 -07:00
Jeremy Heffner
627b36d2a5
Adding method to get existing listeners
2015-08-27 15:45:00 -07:00
kevgliss
70ccd137e1
removing netflix specific code from auth flow
2015-08-27 13:09:02 -07:00
kevgliss
9a04371680
Adding ability to define distinguished names in config
2015-08-27 12:59:40 -07:00
kevgliss
f799ff3af1
Seeing if using decode explicity this helps py3 problem
2015-08-24 20:10:03 -07:00
Jeremy Heffner
6db1d0b031
fixing unicode support
2015-08-24 16:37:24 -07:00
Jeremy Heffner
d599aaa410
Updating to handle unicode in python 2 and 3$
...
added retry with backoff for the SSL cert to show up after it is added (CAP, ftw)$
2015-08-24 16:17:04 -07:00
Jeremy Heffner
09bc79ef84
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-24 12:18:40 -07:00
Jeremy Heffner
6e39a1e666
Finished glue code to push ELBs.
2015-08-24 12:18:15 -07:00
kevgliss
75de814b15
Adding new verisign error
2015-08-24 09:43:30 -07:00
kevgliss
b4c348aef7
switching out default orgname
2015-08-24 09:41:03 -07:00
kevgliss
45c442000e
Fixing some unfortunate casting that prevent creators from viewing/updating their certs
2015-08-22 10:56:15 -07:00
kevgliss
a07db5625b
Fixing an issue were extensions were implicitly required
2015-08-22 10:22:36 -07:00
kevgliss
4b7a55c89f
Fixing issue with a certificate with no role not being viewable
2015-08-21 16:08:53 -07:00
Jeremy Heffner
3ff5cdf43f
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-21 14:29:03 -07:00
Jeremy Heffner
dbfd6b1e17
Fixing this so it pulls the named option
2015-08-21 13:09:29 -07:00
kevgliss
d62f57eab3
Fixing an issue with futures, unicode and b64 not being able to handle the unicode values
2015-08-20 15:49:08 -07:00
Jeremy Heffner
96c3ab7f9d
Merge remote-tracking branch 'upstream/master' into elb-ssl-automation
2015-08-20 15:46:11 -07:00
Jeremy Heffner
38ebeab163
Refactoring.. with pep8 fixes
2015-08-20 15:45:53 -07:00
Jeremy Heffner
fcfaa21a24
Refactoring
2015-08-20 15:45:42 -07:00
kevgliss
0f0d11a828
Merge pull request #45 from kevgliss/authByOwner
...
Fixes #35
2015-08-19 18:08:55 -07:00
kevgliss
6b2da2fe6b
Fixes #35
2015-08-19 18:05:18 -07:00
kevgliss
cbcc8af3bd
Fixing bug were domains would not have correct pagination
2015-08-19 16:42:56 -07:00
Jeremy Heffner
ab7b0c442c
provisionelb creates certs. needs some cleanup and the rest of the glue
2015-08-19 16:10:45 -07:00
kevgliss
b00917aa60
Ensure there are no accidental newlines when fetching the ENCRYPTION_KEY
2015-08-19 15:46:10 -07:00
kevgliss
b96af3a1f1
Editing footer text
2015-08-19 10:10:19 -07:00
kevgliss
28e12a973f
Misc fixed around certificate notifications
2015-08-19 10:07:22 -07:00
kevgliss
c6747439fb
Misc fixed around certificate syncing
2015-08-18 16:17:20 -07:00
kevgliss
f09f5eb0f1
Fixing issue with creating roles
2015-08-17 22:51:29 -07:00
kevgliss
dd607e5c07
Making CLOUDCA_API_ENDPOINT configurable
2015-08-17 17:09:31 -07:00
kevgliss
eb55d5465f
Making LEMUR_DEFAULT_SECURITY_EMAIL optional
2015-08-17 16:03:57 -07:00
kevgliss
500b212a25
Adding a few default expiration intervals
2015-08-17 15:49:16 -07:00
kevgliss
bfcbd1b065
Fixes issue where client authentication was not displaying in the UI
2015-08-11 15:43:59 -07:00
kevgliss
32ef793c4d
Switch to relying on the configuration key in the configuration file
2015-08-08 16:12:29 -07:00
kevgliss
63b1babf7b
Fixing a few syntax errors
2015-08-03 21:16:55 -07:00
kevgliss
fc68552d0f
Making Lemur py3 compatible
2015-08-03 21:07:28 -07:00
kevgliss
888e75e7f7
Fixing tests
2015-08-03 16:15:59 -07:00
kevgliss
710b4d45bc
Allowing notifications to be marked as in-active
2015-08-03 16:10:00 -07:00
kevgliss
a873e5c7ea
Lots of minor fixes
2015-08-03 15:52:39 -07:00
kevgliss
7d169f7c4c
Fixing up some of the sync related code
2015-08-03 13:51:27 -07:00
kevgliss
0360ccc666
Cleaning up some documentation
2015-08-03 09:49:33 -07:00
kevgliss
cdb3814469
Fixing notification deduplication and roll up
2015-08-02 09:14:27 -07:00
kevgliss
c9e9a9ed7c
Fixing upload description
2015-08-02 07:45:10 -07:00
kevgliss
02b717dd7c
Fixing upload, and removing old unneeded code
2015-08-02 05:57:26 -07:00
kevgliss
e61de4578e
Ensuring that default notifications are made based on app configuration during app initialization
2015-08-02 05:10:50 -07:00
kevgliss
aef1587635
Adding default notifications
2015-08-01 19:08:46 -07:00
kevgliss
b2a4219a0f
Removing AWS bootstrapping
2015-08-01 18:33:31 -07:00
kevgliss
e7e6a99ff4
Adding more source syncing logic
2015-08-01 18:31:38 -07:00
kevgliss
46652ba117
Purging ELB and Listener specific models
2015-08-01 15:47:14 -07:00
kevgliss
abf21d2931
Adding in frontend javascript for sources
2015-08-01 15:37:47 -07:00
kevgliss
e247d635fc
Adding backend code for sources models
2015-08-01 15:29:34 -07:00
kevgliss
c5a6a0570a
adding link to python packaging documentation
2015-07-31 19:02:44 -07:00
kevgliss
d3b0822e14
updating docs with new API endpoints and plugin information
2015-07-30 22:54:59 -07:00
kevgliss
2e1abdd2f1
Fixing tests and pinning versions
2015-07-29 21:54:29 -07:00
kevgliss
79353c142a
Pleasing jshint gods
2015-07-29 19:24:05 -07:00
kevgliss
1e748a64d7
Initial support for notification plugins closes #8 , closes #9 , closes #7 , closes #4 , closes #16
2015-07-29 17:13:06 -07:00
kevgliss
7d8cac6605
Adding support for SMTP emails
2015-07-23 13:46:54 -07:00
kevgliss
c02390d63b
PEP8
2015-07-23 09:08:07 -07:00
kevgliss
017eab6e39
Adding tests to AWS plugin
2015-07-23 08:52:56 -07:00
kevgliss
a4ed83cb62
Refactoring out challenge
2015-07-23 08:52:30 -07:00
kevgliss
49c7421591
More test fixes
2015-07-22 20:32:29 -07:00
kevgliss
412d2a1bbe
adding testing conf
2015-07-22 10:53:35 -07:00
kevgliss
8d576aa3d8
Fixing tests
2015-07-22 10:51:55 -07:00
kevgliss
a826bd16f7
Pleasing the JSHint gods
2015-07-21 13:36:03 -07:00
kevgliss
c75e20a1ea
Pleasing the PEP8 gods
2015-07-21 13:06:13 -07:00
kevgliss
309590fb6b
Removing unneeded directory
2015-07-21 09:50:33 -07:00
kevgliss
9c0f2917ad
Merge branch 'master' into ci
...
* master:
Fixed issue where hardcoded localhost:port combination existed in Javascript, added another step to setup.py 'package' that removes such instances and creates a more agnostic javascript blob.
Fixing issue where nginx was not sending the right mimetype for CSS files.
Conflicts:
gulp/build.js
2015-07-20 16:53:58 -07:00
kevgliss
c89dff7994
Getting travisCI setup
2015-07-20 16:13:42 -07:00
kevgliss
5ce3f9427b
Fixed issue where hardcoded localhost:port combination existed in Javascript, added another step to setup.py 'package' that removes
...
such instances and creates a more agnostic javascript blob.
2015-07-19 19:04:42 -07:00
kevgliss
a30a8481d0
Adding support for multiple plugin types.
2015-07-10 17:09:22 -07:00
kevgliss
c79905cd92
Refactoring views to use modals for create/edit instead of their own pages.
2015-07-10 17:08:39 -07:00
kevgliss
1e902750c3
Adding destination javascript controllers and partials.
2015-07-10 17:07:41 -07:00
kevgliss
0c7204cdb9
Refactored 'accounts' to be more general with 'destinations'
2015-07-10 17:06:57 -07:00
kevgliss
b26de2b000
Adding support for marshaling bare lists.
2015-07-10 17:03:28 -07:00
kevgliss
76049b4ff1
Fixing how we feed a list of destinations to be saved.
2015-07-10 17:02:23 -07:00
kevgliss
5476547e74
Simplifiying SAN identification.
2015-07-08 16:45:19 -07:00
kevgliss
601d80388f
Adding links to the roles that Authorities are associated with.
2015-07-08 16:44:48 -07:00
kevgliss
0ed3918113
Changing default as 'State' cannot be abbreviated in a CSR
2015-07-08 16:44:06 -07:00
kevgliss
67dc12347e
Removing verisign specific frontend code, we also give some more hints to user on how to make SAN certificates.
2015-07-08 16:42:57 -07:00
kevgliss
bc6202adf7
Refactoring out static methods and removing the old SHA1 intermediate certificates.
2015-07-08 16:41:45 -07:00
kevgliss
1a2e437b33
Factoring out 'dry' run. This doesn't really make sense to have as we don't have a concept of a pre-flight request. Plugin tests should mock out their particular dependencies.
2015-07-08 16:40:46 -07:00
kevgliss
5156371913
Modify the naming structure for certificates. AWS is pretty picky about what is a valid name.
2015-07-08 16:39:00 -07:00
kevgliss
002f83092d
Changing the signature of save_cert, we don't create a csr_config anymore so it doesn't make sense to store it. Additionally 'challenge' is a verisign specific thing and should be factored out. We have stopped saving it as well.
2015-07-08 16:37:48 -07:00
kevgliss
f660450043
Aligning config variables
2015-07-07 17:23:46 -07:00
kevgliss
8239aa55e1
fixing conflicts
2015-07-07 16:26:37 -07:00
kevgliss
82c4be29a4
fixing merge conflict
2015-07-07 15:36:39 -07:00
kevgliss
a7d20cb3a5
fixing conflict
2015-07-07 15:33:29 -07:00
kevgliss
6d384f342f
adding test utils
2015-07-07 15:32:55 -07:00
kevgliss
c59bf3f257
Fixing tests
2015-07-06 10:53:12 -07:00
kevgliss
737d4d62d4
Merge pull request #15 from kevgliss/master
...
General cleanup and hotfixes
2015-07-04 12:57:17 -07:00
kevgliss
b04fb471e9
Ensuring that path to to the default config is correct regardless of how the app was started.
2015-07-04 12:55:28 -07:00
kevgliss
277599f0e5
fixing an a small typo
2015-07-04 12:50:41 -07:00
kevgliss
3f49bb95ff
Starting to move to new plugin architecture.
2015-07-04 12:47:57 -07:00
kevgliss
b17e12bed4
Doc fix
2015-07-03 12:59:48 -07:00
kevgliss
95bab9331d
Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir.
2015-07-03 10:30:17 -07:00
kevgliss
8cbc6b8325
Initial work at removing openssl
2015-07-02 15:48:56 -07:00
Kevin Glisson
7123e77edf
Extending certificate tests.
2015-07-02 15:48:56 -07:00
Kevin Glisson
9def00d1a2
Adding basic authority tests.
2015-07-02 15:48:56 -07:00
Kevin Glisson
bc0f9534c2
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-07-02 15:48:56 -07:00
Kevin Glisson
096d88bc9b
Ensuring a 404 is returned when we can't find the specified certificate
2015-07-02 15:48:56 -07:00
Kevin Glisson
7ab3e27c79
Starting add certificate tests
2015-07-02 15:48:56 -07:00
Kevin Glisson
57ec9c068a
Adding role tests
2015-07-02 15:48:55 -07:00
Kevin Glisson
9f20880615
Adding domain module tests
2015-07-02 15:48:55 -07:00
Kevin Glisson
8a6abc6f82
Adding for handling proxy-based errors
2015-07-02 15:48:55 -07:00
Kevin Glisson
6b5383633d
Removing duplicated commit
2015-07-02 15:48:55 -07:00
Kevin Glisson
6aa1a12ef6
Removing netflix specific role
2015-07-02 15:48:55 -07:00
Kevin Glisson
bea8e6f2a3
Adding more tests to the accounts model
2015-07-02 15:48:55 -07:00
Kevin Glisson
f28d3a54c5
API change in cryptography
2015-07-02 15:48:55 -07:00
Kevin Glisson
0285422654
Adding some structure for authenticated tests
2015-07-02 15:48:54 -07:00
Kevin Glisson
37669b906c
Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations.
2015-07-02 15:48:54 -07:00
Kevin Glisson
39ad270dad
Adding in some initial tests
2015-07-02 15:48:54 -07:00
kevgliss
eadfaaeed0
Fixing an issue you couldn't create a configuration because one did not yet exist.
2015-07-02 14:12:39 -07:00
kevgliss
fc18e0f2bf
Making the creation of AWS accounts optional.
2015-07-02 13:49:31 -07:00
kevgliss
5c9bcc5c23
Ensuring that we are looking for LEMUR_ENCRYPTION_KEY configuration variable and not ENCRYPTION_KEY configuration variable.
2015-07-02 12:50:03 -07:00
kevgliss
1a01209e78
Merge pull request #10 from kevgliss/tests
...
Tests
2015-06-29 14:10:54 -07:00
Kevin Glisson
bde556aa10
Extending certificate tests.
2015-06-29 13:51:52 -07:00
Kevin Glisson
b025a45046
Adding basic authority tests.
2015-06-29 12:36:27 -07:00
Kevin Glisson
964d1c1c52
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-06-26 16:18:31 -07:00
Kevin Glisson
1f9d943a4c
Ensuring a 404 is returned when we can't find the specified certificate
2015-06-26 16:17:22 -07:00
Kevin Glisson
c8cbc82062
Starting add certificate tests
2015-06-26 16:16:13 -07:00
Kevin Glisson
c6ae689dc8
Adding role tests
2015-06-26 10:31:55 -07:00
Kevin Glisson
9637383f63
Adding domain module tests
2015-06-26 08:09:10 -07:00
Kevin Glisson
e2475fb024
Adding for handling proxy-based errors
2015-06-25 18:08:04 -07:00
Kevin Glisson
7c996e2f48
Removing duplicated commit
2015-06-25 18:07:21 -07:00
Kevin Glisson
457a63c000
Removing netflix specific role
2015-06-25 18:06:47 -07:00
Kevin Glisson
2a3fac11e4
Adding more tests to the accounts model
2015-06-25 18:05:52 -07:00
kevgliss
b1f93c5dd2
Merge pull request #3 from kevgliss/hotfix/upload
...
API change in cryptography
2015-06-25 13:57:45 -07:00
Kevin Glisson
e92113d28f
API change in cryptography
2015-06-25 13:50:46 -07:00
Kevin Glisson
75e5bdfa55
Adding some structure for authenticated tests
2015-06-25 13:43:42 -07:00
Kevin Glisson
be97f3dcc2
Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations.
2015-06-24 16:51:44 -07:00
Kevin Glisson
5111f055fa
Adding in some initial tests
2015-06-24 16:48:40 -07:00
Kevin Glisson
4330ac9c05
initial commit
2015-06-22 13:47:27 -07:00