Commit Graph

2449 Commits

Author SHA1 Message Date
Lukas M c25c703723
Create entrypoint 2018-12-30 21:37:46 +01:00
Lukas M 7eb6617a28
Create supervisor.conf 2018-12-30 21:37:30 +01:00
Lukas M fc6caecc0b
Update Dockerfile 2018-12-30 21:37:09 +01:00
Lukas M 4ec8490c55
Create Dockerfile 2018-12-30 00:04:13 +01:00
Curtis d60b0c8805
Merge pull request #2229 from wfhartford/kubernetes-improvment
Improve the Kubernetes Destination plugin
2018-12-21 13:00:46 -08:00
Curtis 6a31856d0d
Update plugin.py 2018-12-21 12:33:47 -08:00
Curtis b5d6abb01f
Merge branch 'master' into kubernetes-improvment 2018-12-21 12:06:09 -08:00
Curtis 954c4dfc16
Merge pull request #2261 from intgr/unicode-in-issuer-name
Properly handle Unicode in issuer name sanitization
2018-12-21 08:39:18 -08:00
Curtis b7332957e7
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:59:20 -08:00
Curtis 4bfe9bc921
Merge pull request #2219 from wfhartford/kubernetes-fix
Fix Kubernetes Destination Plugin
2018-12-21 07:58:55 -08:00
Curtis 70381c4c89
Merge branch 'master' into kubernetes-fix 2018-12-21 07:44:11 -08:00
Curtis a14fe08a63
Merge branch 'master' into kubernetes-improvment 2018-12-21 07:42:13 -08:00
Curtis fb7605e34b
Merge branch 'master' into unicode-in-issuer-name 2018-12-21 07:41:08 -08:00
Curtis ae2b227943
Merge pull request #2260 from intgr/deduplicate-before-unique-migration
Deduplicate rows before notification associations unique constraint migration
2018-12-21 07:40:24 -08:00
Marti Raudsepp 72f6fdb17d Properly handle Unicode in issuer name sanitization
If the point of sanitization is to get rid of all non-alphanumeric
characters then Unicode characters should probably be forbidden too.

We can re-use the same sanitization function as used for cert 'name'
2018-12-21 16:34:12 +02:00
Marti Raudsepp 0f2e30cdae Deduplicate rows before notification associations unique constraint migration 2018-12-21 12:11:33 +02:00
sirferl f02178c154 added ADCS issuer and source plugin 2018-12-20 11:54:47 +01:00
sirferl 194e2a43e7
Merge pull request #1 from Netflix/master
Merge fork with updated master again
2018-12-20 09:10:46 +01:00
Wesley Hartford fbf48316b1 Minor changes for code review suggestions. 2018-12-18 22:43:32 -05:00
Wesley Hartford 073d05ae21 Merge branch 'kubernetes-fix' into kubernetes-improvment 2018-12-18 22:26:03 -05:00
Wesley Hartford e7313da03e Minor changes for code review suggestions. 2018-12-18 22:24:48 -05:00
Curtis 0b39d0fa34
Merge pull request #2242 from castrapel/up-reqs-12182018
Update requirements
2018-12-18 12:48:04 -08:00
Curtis 49723d9aed
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:34:41 -08:00
Curtis 9e8804dddb
Merge pull request #2218 from wfhartford/destination-tpl-fix
Fix textarea and validation on destination page
2018-12-18 12:34:26 -08:00
Curtis d01e9f21f9
Merge branch 'master' into up-reqs-12182018 2018-12-18 12:29:37 -08:00
Curtis Castrapel b35d494f2d Update requirements 2018-12-18 12:29:12 -08:00
Curtis 425a07e988
Merge branch 'master' into destination-tpl-fix 2018-12-18 12:27:35 -08:00
Curtis 388699be7c
Merge pull request #2204 from rmoesbergen/master
Bugfix: Prevent 'unserializable' error for unknown SAN types
2018-12-18 12:27:15 -08:00
Curtis 513e876e2e
Merge branch 'master' into master 2018-12-18 12:18:38 -08:00
Curtis 04681d9e1e
Merge pull request #2227 from sirferl/cli-repair-query
updated query to ignore empty parameters
2018-12-18 12:18:08 -08:00
Wesley Hartford bc621c1468 Improve the Kubernetes Destination plugin
The plugin now supports loading details from local files rather than requiring them to be entered through the UI. This is especially relaent when Lemur is deployed on Kubernetes as the certificate, token, and current namespace will be injected into the pod. The location these details are injected are the defaults if no configuration details are supplied.

The plugin now supports deploying the secret in three different formats:
* Full - matches the formate used by the plugin prior to these changes.
* TLS - creates a secret of type kubernetes.io/tls and includes the certificate chain and private key, this format is used by many kubernetes features.
* Certificate - creates a secret containing only the certificate chain, suitable for use as trust authority where private keys should _NOT_ be deployed.

The deployed secret can now have a name set through the configuration options; the setting allows the insertion of the placeholder '{common_name}' which will be replaced by the certificate's common name value.

Debug level logging has been added.
2018-12-12 13:25:36 -08:00
sirferl a50d80992c updated query to ignore empty parameters 2018-12-12 12:45:48 +01:00
Wesley Hartford 060c78fd91 Fix Kubernetes Destination Plugin
The Kubernetes plugin was broken. There were two major issues:
* The server certificate was entered in a string input making it impossible (as far as I know) to enter a valid PEM certificate.
* The base64 encoding calls were passing strings where bytes were expected.

The fix to the first issue depends on #2218 and a change in the options structure. I've also included some improved input validation and logging.
2018-12-10 15:33:04 -08:00
Wesley Hartford 437d918cf7 Fix textarea and validation on destination page
The destination configuration page did not previously support a textarea input as was supported on most other pages. The validation of string inputs was not being performed. This commit addresses both of those issues and corrects the validation expressions for the AWS and S3 destination plugins so that they continue to function. The SFTP destination plugin does not have any string validation. The Kubernetes plugin does not work at all as far as I can tell; there will be another PR in the coming days to address that.
2018-12-10 12:04:16 -08:00
Ronald Moesbergen dcf5ce0eec
Merge branch 'master' into master 2018-12-07 13:57:59 +01:00
Curtis afc7512914
Merge pull request #2200 from castrapel/notification_fix
Fix notification emails
2018-12-06 12:50:01 -08:00
Curtis Castrapel da87135e02 update reqs 2018-12-06 12:29:16 -08:00
Curtis 27fdce3842
Merge branch 'master' into notification_fix 2018-12-06 12:26:51 -08:00
Curtis Castrapel c32e20b6fc Fix notifications - Ensure that notifcation e-mails are sent appropriately 2018-12-06 12:25:43 -08:00
Ronald Moesbergen e0ac749734 When parsing SAN's, ignore unknown san_types, because in some cases they can contain unparsable/serializable values, resulting in a TypeError(repr(o) + " is not JSON serializable") 2018-12-06 16:47:53 +01:00
Curtis f944e6aa32
Merge pull request #2177 from castrapel/multiple_dns_providers
Prefer DNS provider with longest matching zone
2018-11-30 12:53:25 -08:00
Curtis Castrapel 2a235fb0e2 Prefer DNS provider with longest matching zone 2018-11-30 12:44:52 -08:00
Curtis d36a51fabb
Merge pull request #2171 from castrapel/letsencrypt_fix
LetsEncrypt Celery Flow
2018-11-29 09:42:36 -08:00
Curtis Castrapel a90154e0ae LetsEncrypt Celery Flow 2018-11-29 09:29:05 -08:00
Curtis 67b476e6d7
Merge pull request #2158 from castrapel/celery_pending
Add async call to create pending cert when needed
2018-11-28 15:22:31 -08:00
Curtis Castrapel 39b76d18dc add countdown to async call 2018-11-28 14:41:56 -08:00
Curtis Castrapel e074a14ee9 unit test 2018-11-28 14:27:03 -08:00
Curtis Castrapel 2381d0a4bb Add async call to create pending cert when needed 2018-11-28 11:32:52 -08:00
Curtis c66c8f873e
Merge pull request #2127 from rmoesbergen/master
Add support for nested group membership in ldap authenticator
2018-11-26 12:09:37 -08:00
Ronald Moesbergen 5fc5a058b6 Add documentation for the LDAP_IS_ACTIVE_DIRECTORY setting 2018-11-20 10:51:14 +01:00