Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,080 Commits 4 Branches 45 Tags 7.5 MiB
Commit Graph

525 Commits

Author SHA1 Message Date
Hossein Shafagh 8861cc70cb rewordin 2020-05-26 17:12:47 -07:00
Hossein Shafagh 34e3f7c049 improved messaging 2020-05-26 16:38:12 -07:00
Hossein Shafagh cc4fc66c93
Merge branch 'master' into master 2020-05-22 09:57:46 -07:00
Hossein Shafagh 8d0007b9c0 fixing the private DNS zone issue. 
Private hosted zones will never be visible to third-parties like LetsEncrypt, and Lemur should not consider them as authoritative zones.
This fix, make sure  they are not added to the  dns_provider table.
 2020-04-24 15:48:06 -07:00
csine-nflx cee81bd693 updated requirements, fixed unittests, pytest, and distinguidedName ordering 2020-04-09 18:17:05 -07:00
Curtis Castrapel 1360d846fd Improve error logging for a couple of use cases 2020-04-08 11:50:42 -07:00
csine-nflx 46e0d1953b Merge branch 'master' of github.com:Netflix/lemur into powerdnsplugin_02 2020-04-05 21:47:24 -07:00
csine-nflx f82ec24dfa updating _get_txt_records return values and docstrings 2020-04-05 21:46:33 -07:00
Curtis d825616ea6
No need to retry 25 times on DeleteConflict errors 2020-04-01 10:53:17 -07:00
csine-nflx 6f3ba23fa0 updating sinlge line of comments 2020-03-30 13:34:24 -07:00
csine-nflx 9d9bf9d7ba Merge branch 'powerdnsplugin_02' of github.com:Netflix/lemur into powerdnsplugin_02 2020-03-30 09:02:56 -07:00
csine-nflx d6cc8a8a9a fixing whitespace 2020-03-30 09:01:28 -07:00
Chad S 2b7e60399c
Merge branch 'master' into powerdnsplugin_02 2020-03-27 10:27:33 -07:00
csine-nflx 0e314d0028 adding documentation and final cleanup 2020-03-27 10:18:38 -07:00
csine-nflx 0149f8b0d3 add support for wildcard and naked domains to PowerDNS module 2020-03-26 22:15:10 -07:00
Hossein Shafagh 88c40aa93c
Merge branch 'master' into master 2020-03-23 20:31:16 -07:00
Hossein Shafagh 697215f8bc better handling of destination plugin errors, and also checking cert expiration before upload 2020-03-21 20:05:35 -07:00
Ilya Makarov 7bd5173da4 Merge with Netflix/lemur master 2020-03-20 20:52:33 +03:00
csine-nflx 07dc31bed7 cleaning up whitespace changes 2020-03-16 11:41:05 -07:00
csine-nflx 1a19e250bb updating and cleaning up tests 2020-03-16 11:24:17 -07:00
csine-nflx 921d52b360 fixing get_dns_challenge() logic so duplicate domains (such as wildcard and not wildcard) do not match the wrong authorziations 2020-03-13 00:03:31 -07:00
Ilya Makarov be722fb1b3 Fix lint 2020-03-11 20:51:10 +03:00
Ilya Makarov 92a8942727 Fix lint 2020-03-11 15:37:11 +03:00
Ilya Makarov a6c3b85fe1 Fix lint 2020-03-11 15:15:56 +03:00
Ilya Makarov ba8e315eed Fix typo 2020-03-11 14:22:04 +03:00
Ilya Makarov 729ed3843d Fix bug wth get_options and slash in name 2020-03-11 14:16:29 +03:00
Ilya Makarov d3cb0b517a Add format support 2020-03-11 02:27:31 +03:00
Ilya Makarov ad86cf1fd9 Merge remote-tracking branch 'upstream/master' 2020-03-11 00:29:07 +03:00
csine-nflx e1e7efc96e
Merge branch 'master' into powerdnsplugin_01 2020-03-05 15:25:40 -08:00
csine-nflx 771e72187a updates based on feedback 2020-03-05 15:24:56 -08:00
csine-nflx 5dfb6acb17 adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation 2020-03-05 14:59:21 -08:00
Hossein Shafagh 4a4b3b932e
Merge branch 'master' into master 2020-03-04 10:32:10 -08:00
csine-nflx 1e81d47793 Merge branch 'renewal_validity_01' of github.com:Netflix/lemur into renewal_validity_01 2020-03-03 17:28:58 -08:00
csine-nflx fdc1e20c23 updating config_mock defaults 2020-03-03 17:27:15 -08:00
csine-nflx 38b7d6e5e3
Merge branch 'master' into renewal_validity_01 2020-03-03 14:44:33 -08:00
csine-nflx 6c46481ffd simplifying return statement for validity years 2020-03-03 14:40:50 -08:00
csine-nflx 318292704d fixing default/max DigiCert validity values 2020-03-03 14:29:17 -08:00
e11it fe67ff2146
Update plugin.py 
Fix lint
 2020-03-02 09:18:02 +03:00
Ilya Makarov a8c0adaa4d Merge remote-tracking branch 'upstream/master' 2020-02-27 17:08:35 +03:00
Ilya Makarov 9612d291ed Add path suffix options 2020-02-18 19:16:27 +03:00
Hossein Shafagh 2ee60bcdb6
Merge branch 'master' into le_Log_orderurl 2020-02-17 10:30:58 -08:00
sirferl e75df1ddc9
Update plugin.py 2020-02-17 19:04:20 +01:00
Hossein Shafagh d29edabefe
Merge branch 'master' into le_Log_orderurl 2020-02-17 09:24:51 -08:00
sirferl ed3472d029
Update plugin.py 2020-02-17 15:21:29 +01:00
sirferl 3fd0d3e141
Added VERISIGN_INTERMEDIATE_<authority> parameter 
When using the VERISIGN_PRODUCT_<authority> Parameter one also has to add this parameter:
VERISIGN_INTERMEDIATE_<authority> = """ <PEM-String of Issuing CA for this certificate Type>""" 
While doing this, I also added code, so the external_id field is filled with data from CA-Answer
 2020-02-17 12:40:36 +01:00
sirferl 1815c89970
Made the change more elegant 
As suggested by @hosseinsh. This is of course more elegant.
 2020-02-16 09:28:52 +01:00
sirferl a70a49e4e9
Update plugin.py 2020-02-15 16:11:58 +01:00
sirferl 3693bc2d8b
removed whitespaces inserted by online editor 2020-02-15 16:09:25 +01:00
sirferl bfa953270d
Fixed whitespace error 2020-02-15 16:04:44 +01:00
sirferl fabcad1e46
New variable VERISIGN_PRODUCT_(authority.name) 
If there is a config variable with VERISIGN_PRODUCT_<upper(authority.name)> take the value as Cert product-type
else default to "Server", to be compatoible with former versions.
This enables the use of different Verisign authorities for differnt cert-products eg. EV or Standard Certs
 2020-02-15 15:52:24 +01:00
csine-nflx a8e8924e2a
Merge branch 'master' into le_Log_orderurl 2020-02-14 17:10:38 -08:00
sirferl 8e3cc93d6a
Whitespaces in empty line 113 removed 2020-02-14 07:50:18 +01:00
csine-nflx b521aaf579
Merge branch 'master' into le_Log_orderurl 2020-02-13 16:41:14 -08:00
csine-nflx af21225918 adding logging on sucess and metric submission of URL for certificate issuance 2020-02-13 16:38:33 -08:00
Hossein Shafagh 2b849a6520
Update plugin.py 
making lint happy
 2020-02-13 15:58:07 -08:00
Hossein Shafagh 9db1ea3307
Merge branch 'master' into master 2020-02-13 12:47:06 -08:00
sirferl 571c8bf42d
Error when validity_end date is empty #2905 
this lines of code (114ff) in threw an error, when the validity_end date was empty:

if options.get("validity_end") > arrow.utcnow().shift(years=2):
raise Exception(
"Verisign issued certificates cannot exceed two years in validity"
)

Actually, they are not needed, because immidiately following is a check for an empty validity_end and for the length of the entered period.
When I commented it out for testing, the error was gone and everything worked as expected.
 2020-02-13 07:38:04 +01:00
sirferl 6c7bb5f9b7
Fixed TLS secret format ( #2913 ) 
The Plugin handled the TLS secret format wrong: it sent chain certificate instead of requested public certificate #2913
 2020-02-13 07:35:35 +01:00
csine-nflx ca8e73286f fixed get_domains() to remove duplicate entries, updated usage and tests 2020-02-12 15:10:24 -08:00
Hossein Shafagh b23ae60847
Merge branch 'master' into vault-k8s-auth 2020-02-10 11:12:52 -08:00
csine-nflx bcdb3173bd ensuring that "3" is set as an integer instead of a string 2020-02-04 18:23:17 -08:00
csine-nflx 8ea54d7db2 removing exception if domain zone not found. Logging the issue instead 2020-02-04 14:50:56 -08:00
csine-nflx 48bccd6f68 moving _check_config() lower in file, near other private methods 2020-02-03 19:08:28 -08:00
csine-nflx c38e651eb0 Merge branch 'powerdnsplugin_01' of github.com:Netflix/lemur into powerdnsplugin_01 2020-02-03 19:04:05 -08:00
csine-nflx 53f81fb09f updating based on suggestions in 2911 2020-02-03 18:58:31 -08:00
csine-nflx ac0282529e adding basic logging on success 2020-02-03 11:05:20 -08:00
csine-nflx fecb5b6252
Merge branch 'master' into powerdnsplugin_01 2020-01-31 16:37:57 -08:00
csine-nflx be7736d350 adding dns tests and assorted exception handling 2020-01-31 13:16:37 -08:00
csine-nflx 969a7107fe fixed PowerDNS Tests 2020-01-29 13:12:09 -08:00
csine-nflx ef115ef2b1 moving PowerDNS number_of_attempts to global config variable ACME_POWERDNS_RETRIES 2020-01-29 11:20:39 -08:00
csine-nflx b91899fe99 created CLI options for testin ACME over dns. Examle: `acme dnstest -d _acme-chall.foo.com -t token1` 2020-01-28 19:13:28 -08:00
sirferl 620f972635
Fixed an error 
Found out that I introduced an error when I changed code up for publishig. The certserv.py I use does not return the ID of the certificate created. For now I just leave the field empty. I will create another issue , so that the ID is filled up.
 2020-01-27 11:04:49 +01:00
csine-nflx c465062673 integrated PowerDNS plugin into dns_providers 2020-01-23 23:53:38 -08:00
csine-nflx bddae6e428 adding PowerDNS delete_txt_record with associated tests 2020-01-22 16:18:52 -08:00
csine-nflx 52c7686d58 adding wait_for_dns_change() and tests for PowerDNS ACME plugin 2020-01-21 18:47:21 -08:00
csine-nflx 915ec0ba63 added PowerDNS support for create_txt_record and associated tests 2020-01-21 17:08:59 -08:00
Hossein Shafagh acf531ece3
Merge branch 'master' into vault-k8s-auth 2020-01-20 15:18:29 -08:00
csine-nflx 3080a9527c adding PowerDNS get_zones functionality and unit tests 2020-01-17 18:29:37 -08:00
Hossein Shafagh cb7507156c
Merge branch 'master' into vault-k8s-auth 2020-01-17 17:17:53 -08:00
Hossein Shafagh d6f41b6a99 improving string formatting to avoid dangling white spaces and new lines 2020-01-16 13:45:13 -08:00
Hossein Shafagh 1ed6ae539d # possibility to default to a SIGNING_ALGORITHM for a given profile 2020-01-15 16:19:48 -08:00
jenkins-x-bot cd7d9aee55 fixed lint error 2020-01-13 23:09:58 +02:00
jenkins-x-bot 8d957f22af changed file handling 2020-01-13 22:46:34 +02:00
jenkins-x-bot cad56c813e fixed lint error 2020-01-12 01:51:48 +02:00
jenkins-x-bot 409b499217 added kubernetes auth for vault 2020-01-12 01:25:22 +02:00
Hossein Shafagh 348682d5ea
Merge branch 'master' into cfssl-key-fix 2020-01-09 10:44:02 -08:00
jenkins-x-bot 8be8c95b17 handled cfssl-key type error 2020-01-09 15:16:19 +02:00
Hossein Shafagh 1537d591a8 Improved messaging to point out to the Auto Rotate option for certificate issuance and renewal. 2020-01-08 14:42:16 -08:00
pmelse 45c1207d07
Merge branch 'master' into master 2019-12-27 13:30:56 -05:00
pmelse 9fb4be1273
remove trailing whitespace 2019-12-27 13:25:03 -05:00
Jay Zarfoss 113c9dd657 atlas redis plugin typo cleanup and better exception handling 2019-11-06 10:42:59 -08:00
Jay Zarfoss f803fab413 add plugin to send atlas metric via redis 2019-11-06 10:14:49 -08:00
Hossein Shafagh f077b19126
Merge branch 'master' into master 2019-10-18 11:32:21 -07:00
Hossein Shafagh 11f9920ff9
Merge branch 'master' into cert-sync-endpoint-find-by-hash 2019-10-18 11:08:51 -07:00
Hossein Shafagh 9037f88430 just in case the path varies 2019-10-18 11:02:41 -07:00
Hossein Shafagh 1768aad9e2 capturing no such entity exception. 2019-10-18 10:17:58 -07:00
Hossein Shafagh 8aea257e6a optimizing the call to describe cert to only the few certs with the naming issue 2019-10-18 09:24:49 -07:00
Hossein Shafagh d43e859c34 describing the cert for each endpoint, for better cert search 2019-10-18 08:46:01 -07:00
Hossein Shafagh b5ab87877b adding retry to acme setup client, since it can experience timeouts or other types of Connection Errors 2019-10-17 10:16:33 -07:00
pmelse f0652ca6a9
bug fix for overwriting certificates 2019-10-10 15:49:31 -04:00