f13a3505f3
X509 extensions issue#646 ( #666 )
...
* Allowing that create_csr can be called with an additional flag in the csr_config to adjust the BasicConstraints for a CA.
* If there are no SANs, skip adding a blank list of SANs.
* Adding handling for all the extended key usage, key usage, and subject key identifier extensions.
* Fixing lint checks. I was overly verbose.
* This implements marshalling of the certificate extensions into x509 ExtensionType objects in the schema validation code.
* Will create x509 ExtensionType objects in the schema validation stage
* Allows errors parsing incoming options to bubble up to the requestor as ValidationErrors.
* Cleans up create_csr a lot in the certificates/service.py
* Makes BasicConstraints _just another extension_, rather than a hard-coded one
* Adds BasicConstraints option for path_length to the UI for creating an authority
* Removes SAN types which cannot be handled from the UI for authorities and certificates.
* Fixes Certificate() object model so that it doesn't just hard-code only SAN records in the extensions property and actually returns the extensions how you expect to see them. Since Lemur is focused on using these data in the "CSR" phase of things, extensions that don't get populated until signing will be in dict() form.* Trying out schema validation of extensions
2017-01-27 12:31:29 -08:00
83128f3019
Fixing elb sync issues. ( #641 )
...
* Fixing elb sync issues.
* Fixing de-duplications of names.
2017-01-05 16:06:34 -08:00
e5dee2d7e6
Adding additional metrics for when destinations fail to upload. ( #637 )
2016-12-28 09:52:23 -08:00
700c57b807
Rotation ui ( #633 )
...
* Adding rotation to the UI.
* Removing spinkit dependency.
2016-12-26 15:55:11 -08:00
ce75bba2c3
Replacement refactor. ( #631 )
...
* Deprecating replacement keyword.
* Def renaming.
2016-12-26 11:09:50 -08:00
46f8ebd136
Modifying the way rotation works. ( #629 )
...
* Modifying the way rotation works.
* Adding docs.
* Fixing tests.
2016-12-23 13:18:42 -08:00
beba2ba092
Adding additional reporting and refactoring existing setup. ( #620 )
2016-12-20 12:48:14 -08:00
03d5a6cfe1
Refactors how notifications are generated. ( #584 )
2016-12-12 11:22:49 -08:00
fc205713c8
Certificate rotation enhancements ( #570 )
2016-12-07 16:24:59 -08:00
81bf98c746
Enabling RSA2048 and RSA4096 as available key types ( #551 )
...
* Enabling RSA2048 and RSA4096 as available key types
* Fixing re-issuance
2016-12-01 15:41:53 -08:00
727bc87ede
Log fixes ( #534 )
...
* tying up some loose ends with event logging
* Ensuring creators can access
2016-11-28 14:13:16 -08:00
6eca2eb147
Re-working the way audit logs work.
...
* Adding more checks.
2016-11-21 11:28:11 -08:00
744e204817
Initial work on #74 . ( #514 )
...
* Initial work on #74 .
* Fixing tests.
* Adding migration script.
* Excluding migrations from coverage report.
2016-11-21 09:19:14 -08:00
d45e7d6b85
[WIP] - 422 elb rotate ( #493 )
...
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
2016-11-18 11:27:46 -08:00
6fd47edbe3
Adds the ability to clone existing certificates. ( #513 )
2016-11-17 16:19:52 -08:00
9ac1756011
removing new 'active' logic for the time being ( #505 )
2016-11-16 15:56:24 -08:00
eaf34b1c8b
Disabling the protect active flag ( #498 )
2016-11-16 09:31:02 -08:00
e9219adfb5
Ensuring model's have a basic __repr__. ( #499 )
2016-11-16 09:30:54 -08:00
114deba06e
Adding the ability to silence notifications on creation. ( #490 )
2016-11-12 09:29:42 -08:00
f921b67fff
Removing the ability to use spaces in custom names. ( #455 )
2016-10-15 04:56:25 -07:00
c367e4f73f
Prevents the silencing of notifications that are actively deployed. ( #454 )
...
* Renaming 'active' to 'notify' as this is clearer and more aligned to what this value is actually controlling. 'active' is now a property that depends on whether any endpoints were found to be using the certificate. Also added logic for issue #405 disallowing for a certificates' notifications to be silenced when it is actively deployed on an endpoint.
* Adding migration script to alter 'active' column.
2016-10-15 00:12:11 -07:00
29a330b1f4
Orphaned certificates ( #406 )
...
* Fixing whitespace.
* Fixing syncing.
* Fixing tests
2016-07-28 13:08:24 -07:00
4077893d08
Ensuring that destinations require private keys by default. ( #390 )
...
* Ensuring that destinations require private keys by default.
2016-07-04 15:30:20 -07:00
fe9703dd94
Closes #284 ( #336 )
2016-06-27 14:40:46 -07:00
d9cc4980e8
Fixing destination upload. ( #347 )
...
* Fixing an issue where uploaded certificates would have a name of 'None'
* Clarifying comment.
* Improving order.
2016-06-03 18:45:58 -07:00
b2539b843b
Fixing and error causing duplicate roles to be created. ( #339 )
...
* Fixing and error causing duplicate roles to be created.
* Fixing python3
* Fixing python2 and python3
2016-05-31 15:44:54 -07:00
656269ff17
Closes #147 ( #328 )
...
* Closes #147
* Fixing tests
* Ensuring we can validate max dates.
2016-05-23 11:28:25 -07:00
e04c1e7dc9
Fixing a few things, adding tests. ( #326 )
2016-05-20 09:03:34 -07:00
615df76dd5
Closes 262 ( #324 )
...
Moves the authority -> role relationship from a 1 -> many to a many -> many. This will allow one role to control and have access to many authorities.
2016-05-19 13:37:05 -07:00
b187d8f836
Adding a better comparison. ( #320 )
2016-05-16 19:03:10 -07:00
1763a1a717
254 duplication certificate name ( #319 )
2016-05-16 15:59:40 -07:00
52f44c3ea6
Closes #278 and #199 , Starting transition to marshmallow ( #299 )
...
* Closes #278 and #199 , Starting transition to marshmallow
2016-05-05 12:52:08 -07:00
d6b3f5af81
Closes #122
2015-11-24 14:53:22 -08:00
40eb950e94
Use MultiFernet for encryption
...
Facilitates key rotation and uses more secure encryption than what
sqlalchemy-utils does.
Fixes #117 and #119 .
2015-10-13 16:58:58 -07:00
168f46a436
Adding the ability to track a certificates signing key algorithm
2015-10-06 12:51:59 -07:00
32ef793c4d
Switch to relying on the configuration key in the configuration file
2015-08-08 16:12:29 -07:00
fc68552d0f
Making Lemur py3 compatible
2015-08-03 21:07:28 -07:00
7d169f7c4c
Fixing up some of the sync related code
2015-08-03 13:51:27 -07:00
cdb3814469
Fixing notification deduplication and roll up
2015-08-02 09:14:27 -07:00
46652ba117
Purging ELB and Listener specific models
2015-08-01 15:47:14 -07:00
e247d635fc
Adding backend code for sources models
2015-08-01 15:29:34 -07:00
1e748a64d7
Initial support for notification plugins closes #8 , closes #9 , closes #7 , closes #4 , closes #16
2015-07-29 17:13:06 -07:00
8d576aa3d8
Fixing tests
2015-07-22 10:51:55 -07:00
c75e20a1ea
Pleasing the PEP8 gods
2015-07-21 13:06:13 -07:00
0c7204cdb9
Refactored 'accounts' to be more general with 'destinations'
2015-07-10 17:06:57 -07:00
5156371913
Modify the naming structure for certificates. AWS is pretty picky about what is a valid name.
2015-07-08 16:39:00 -07:00
1a01209e78
Merge pull request #10 from kevgliss/tests
...
Tests
2015-06-29 14:10:54 -07:00
964d1c1c52
Refactoring 'create_name' out of our certificate class, fixed an issuer were key size was being calculated and removing unused functions
2015-06-26 16:18:31 -07:00
be97f3dcc2
Fixes an issue where the issuer has special chars in the name. AWS dislikes special chars in certificate names so we strip them out here. In general we want to have the name tracked by Lemur be the same as what is uploaded to various destinations.
2015-06-24 16:51:44 -07:00
4330ac9c05
initial commit
2015-06-22 13:47:27 -07:00
Neil Schelly
kevgliss
Robert Picard
kevgliss