Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,118 Commits 4 Branches 45 Tags 7.5 MiB
Commit Graph

1096 Commits

Author SHA1 Message Date
Curtis 6e4306b3bb
Merge pull request #2795 from ardichoke/fix_vault_api_v2_append 
Fix Certificate Appending With v2 Vault API
 2019-05-29 12:49:36 -07:00
Curtis Castrapel 5e389f3f48 Add certificate1 to test DB 2019-05-29 12:38:17 -07:00
Curtis Castrapel f81adb1371 Make get_or_increase_name queries less demanding 2019-05-29 12:20:05 -07:00
Curtis Castrapel fd35a26955 Support read replicas 2019-05-28 12:45:39 -07:00
Ryan DeShone 09c7076e79 Handle double data field in API v2 2019-05-22 17:12:10 -04:00
Curtis Castrapel 1423ac0d98 More metrics 2019-05-21 12:55:33 -07:00
Curtis Castrapel 34c7e5230b Set a limit on number of retries 2019-05-21 12:52:41 -07:00
Curtis Castrapel 4fac726cf4 Add support for JSON logging 2019-05-17 08:48:26 -07:00
Curtis Castrapel 0320c04be2 nosec comment 2019-05-16 08:14:46 -07:00
Curtis Castrapel 68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis Castrapel e3c5490d25 Expose exact response from digicert as error 2019-05-15 13:36:40 -07:00
Curtis Castrapel 26d10e8b98 change ordering in more places 2019-05-15 11:47:53 -07:00
Curtis Castrapel 7e92edc70a Set resolved cert ID before resolving cert; Ignore sentry exceptions when no records on deletion 2019-05-15 11:43:59 -07:00
Curtis 6eb3836abc
Merge branch 'master' into fast-valid-cert-lookup 2019-05-15 10:20:17 -07:00
Curtis Castrapel 5d8f71c3e4 nt 2019-05-14 13:02:24 -07:00
Curtis Castrapel 565142f985 Add soft timeouts to celery jobs; Check for PEM in LE order 2019-05-14 12:52:30 -07:00
Hossein Shafagh f452a7ce68 adding a new API for faster certificate lookup. 
The new API api/1/certificates/valid returns only non-expired (not_after >= today) certs which have auto-rotate enabled:

cn is a required parameter:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com
cn can also be a database string wildcard ('%'):

http://localhost:8000/api/1/certificates/valid?filter=cn;%
owner is the additional parameter, and must be the email address of the owner:

http://localhost:8000/api/1/certificates/valid?filter=cn;example.com&owner=hossein@example.com
given owner  and a database string wildcard ('%') one can retrieve all certs for that owner, which are still valid, and have auto-rotate enabled:

http://localhost:8000/api/1/certificates/valid?filter=cn;%&owner=hossein@example.com
 2019-05-11 18:06:51 -07:00
Curtis Castrapel ed18df22db remove permalink change 2019-05-09 14:54:44 -07:00
Curtis Castrapel e33a103ca1 Allow searching for certificates by name via API 2019-05-09 14:36:56 -07:00
Curtis c9c782684d
Merge branch 'master' into add_metrics_reissue_rotate 2019-05-08 07:48:44 -07:00
Curtis Castrapel 87470602fd Gather more metrics on certificate reissue/rotate jobs 2019-05-08 07:48:08 -07:00
Curtis 317c84800c
Merge branch 'master' into jwks_validation_error_control 2019-05-08 06:50:56 -07:00
Curtis Castrapel 0eacbd42d7 Converting userinfo authorization to a config var 2019-05-07 15:31:42 -07:00
Jose Plana 4e6e7edf27 Rename return variable for better readability 2019-05-07 22:53:01 +02:00
Hossein Shafagh b7ce9ab901
Merge branch 'master' into jwks_validation_error_control 2019-05-07 13:09:02 -07:00
Hossein Shafagh ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration 2019-05-07 09:06:02 -07:00
Hossein Shafagh e58ff476c9
Merge branch 'master' into jwks_validation_error_control 2019-05-07 09:05:41 -07:00
Curtis 22caaa0c95
Merge branch 'master' into fix_userinfo_authorization 2019-05-07 07:48:47 -07:00
Curtis e65154b48e
Merge branch 'master' into develop 2019-05-07 07:36:51 -07:00
alwaysjolley ef7a8587fe Merge branch 'lemur_vault_source' of github.com:/alwaysjolley/lemur into lemur_vault_source 2019-05-07 10:06:09 -04:00
alwaysjolley b0c8901b0a lint cleanup 2019-05-07 10:05:01 -04:00
alwaysjolley 36ce1cc7ef
Merge branch 'master' into lemur_vault_source 2019-05-07 09:41:50 -04:00
alwaysjolley fb3f0bd72a adding Vault Source plugin 2019-05-07 09:37:30 -04:00
Daniel Iancu a7af3cf8d2 Fix Cloudflare DNS 2019-05-07 03:05:24 +03:00
Jose Plana deed1b9685 Don't fail if googleGroups is not found in user profile 2019-05-06 12:30:25 +02:00
Jose Plana 6c99e76c9a Better error management in jwks token validation 2019-05-06 12:27:43 +02:00
Jose Plana 2063baefc9 Fixes userinfo using Bearer token 2019-05-06 12:23:24 +02:00
Curtis Castrapel 3a1da72419 nt 2019-04-29 13:57:04 -07:00
Curtis Castrapel 6e3f394cff Updated requirements ; Revert change and require DNS validation by provider 2019-04-29 13:55:26 -07:00
Curtis Castrapel 1a90e71884 Move ACME host validation logic prior to R53 host modification 2019-04-26 17:27:44 -07:00
Curtis Castrapel 333ba8030a Ensure hostname is lowercase when comparing DNS challenges. ACME will automatically lowercase the hostname 2019-04-26 15:45:04 -07:00
Curtis Castrapel 1a3ba46873 More retry changes 2019-04-26 10:18:54 -07:00
Curtis Castrapel 1e64851d79 Strip out self-polling logic and rely on ACME; Enhance ELB logging and retries 2019-04-26 10:16:18 -07:00
Curtis 8eef95b58e
Merge branch 'master' into expose_verisign_exception 2019-04-25 19:15:55 -07:00
Curtis Castrapel dcdfb32883 Expose verisign exceptions 2019-04-25 19:14:15 -07:00
Curtis Castrapel 39584f214b Process DNS Challenges appropriately (1 challenge -> 1 domain) 2019-04-25 15:12:52 -07:00
Curtis Castrapel 2bc604e5a9 Better metrics and error reporting 2019-04-25 13:50:41 -07:00
Curtis Castrapel 272285f64a Better exception handling, logging, and metrics for ACME flow 2019-04-24 15:26:23 -07:00
Curtis 0f9b0f39f7
Merge branch 'master' into add-pending-certificate-upload 2019-04-24 09:34:35 -07:00
alwaysjolley a801112cf6
Merge branch 'master' into lemur_vault_plugin 2019-04-23 07:07:39 -04:00
alwaysjolley 85efb6a99e cleanup tmp files 2019-04-23 07:06:52 -04:00
Hossein Shafagh 9b38761153
Merge branch 'master' into add-pending-certificate-upload 2019-04-22 11:47:02 -07:00
alwaysjolley f9dadb2670 fixing validation 2019-04-22 09:38:44 -04:00
alwaysjolley 8dccaaf544 simpler validation 2019-04-22 07:58:01 -04:00
alwaysjolley 1667c05742 removed unused functions 2019-04-18 13:57:10 -04:00
alwaysjolley b39e2e3f66 Merge branch 'master' into lemur_vault_plugin 2019-04-18 13:55:45 -04:00
alwaysjolley fb3b0e8cd7 adding regex filtering 2019-04-18 13:52:40 -04:00
Jose Plana 7dd9268ca7 Allow uploading a signed cert for a pending certificate. 2019-04-18 00:46:39 +02:00
Curtis 8177e12f3f
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-17 10:43:44 -07:00
Hossein Shafagh 52f939658f
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-17 10:31:58 -07:00
Curtis f6afcc6d21
Merge branch 'master' into master 2019-04-17 10:28:46 -07:00
Javier Ramos 58dd424de8
Prevent potential NoneType not subscriptable 
Fix when data['extensions']['subAltNames']['names'] is none
 2019-04-17 18:33:52 +02:00
Jose Plana 771f2ebc47 Use SAN_CERT_CSR 2019-04-13 11:01:36 +02:00
Jose Plana 770729a72e Allow csr to be empty during upload 2019-04-13 01:17:12 +02:00
Hossein Shafagh 2ff811ae71 updating cryptography API call, to create right signing algorithm object. 2019-04-13 00:57:48 +02:00
Hossein Shafagh 09796cf7c9 the check_cert_signature() method was attempting to compare RSA and ECC signatures. 
If a ec public-key certificate is signed with an RSA key, then it can't be a self-signed certificate, in which case we just raise InvalidSignature.
 2019-04-13 00:57:48 +02:00
Jose Plana 406753fcde Fix PEP8 2019-04-13 00:49:35 +02:00
Jose Plana a5570d07bc Added some documentation for API users. 2019-04-13 00:48:19 +02:00
Jose Plana c1b02cc8a5 Allow uploading csr along with certificates 2019-04-13 00:48:19 +02:00
Hossein Shafagh df8d4e0892
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-12 09:38:50 -07:00
Hossein Shafagh ceb335f3ab
Merge branch 'master' into master 2019-04-12 09:38:41 -07:00
alwaysjolley 9ecc19c481 adding san filter 2019-04-12 09:53:06 -04:00
Hossein Shafagh 6d67ec7e34 removing unused import 2019-04-11 17:34:02 -07:00
Hossein Shafagh 512e1a0bdd fixing typos 2019-04-11 17:17:28 -07:00
Hossein Shafagh 6ec84a398c checking for None 2019-04-11 17:13:47 -07:00
Hossein Shafagh 69c00c4db5 upon creating a new destination, we also add it as source, if the plugin defines this as an option 2019-04-11 17:13:47 -07:00
Hossein Shafagh d7abf2ec18 adding a new util method for setting options 2019-04-11 17:13:47 -07:00
Hossein Shafagh 557fac39b5 refactoring the sync job into a service method that we can also call when adding a new destination 2019-04-11 17:13:47 -07:00
Hossein Shafagh d1ead4b79c removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh 5900828051 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh 818da6653d removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh e1a67e9b4e simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh 84dfdd0600 removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh ba691a26d4 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh b66fac0494 removing the announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh 1bda246df2 simple hardcoded announcement 2019-04-11 17:13:47 -07:00
Hossein Shafagh 9a210c055a
Merge branch 'master' into hshafagh-src-dst-register 2019-04-11 15:36:48 -07:00
Hossein Shafagh 2459234147 removing lines 2019-04-11 14:34:26 -07:00
Hossein Shafagh 60edab9f6d cleaning up 2019-04-11 14:12:31 -07:00
Hossein Shafagh ec3d2d7316 fixing typo 2019-04-11 13:51:43 -07:00
Hossein Shafagh 83d408b238
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-04-11 13:30:12 -07:00
Hossein Shafagh 266c83367d avoiding hard-coded plugin names 2019-04-11 13:29:37 -07:00
Hossein Shafagh f185df4f1e bringing class AWSDestinationPlugin(DestinationPlugin) after AWSSourcePlugin.slug, such that we can do: sync_as_source_name = AWSSourcePlugin.slug 2019-04-11 13:28:58 -07:00
Curtis Castrapel 2ff57e932c Update requirements - upgrade to py37 2019-04-10 15:40:48 -07:00
Hossein Shafagh d628e97035
Merge branch 'master' into hosseinsh-celeryjob-sync-src-dst 2019-04-10 09:47:06 -07:00
Hossein Shafagh bc8c7e114a
Merge branch 'master' into hshafagh-src-dst-register 2019-04-09 20:52:33 -07:00
Hossein Shafagh f3d0536800 removing hardcoded rules, to give more flexibility into defining new source-destinations 2019-04-09 20:49:07 -07:00
Javier Ramos bfc4f940da
Merge branch 'master' into master 2019-04-09 18:06:09 +02:00
Hossein Shafagh 64c6bb2475
Merge branch 'master' into rewrite-java-keystore-use-pyjks 2019-04-09 08:28:05 -07:00
Marti Raudsepp dbf34a4d48 Rewrite Java Keystore/Truststore support based on pyjks library 2019-04-06 20:24:46 +03:00