Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,017 Commits 4 Branches 45 Tags
Commit Graph

598 Commits

Author SHA1 Message Date
kevgliss
9c92138f2d Fixing autorotation failures. (#825) 
* Fixing issue with auto rotation failing due to a change in the way certificate data is serialized.
 2017-06-02 08:59:42 -07:00
kevgliss
5a4806bc43 Allowing description to be optional. (#826) 2017-06-01 17:09:04 -07:00
kevgliss
07969f7e10 Ensuring IPAddresses and IPNetworks are correctly serialized. (#818) 2017-05-26 10:48:26 -07:00
Michael LoSapio
3141b47fba Catch OAuth providers that want the params sent as data (#800) 2017-05-25 10:21:29 -07:00
kevgliss
21d48b32c9 Fixing an issue with uploading to cloudfront. (#815) 2017-05-25 10:10:12 -07:00
kevgliss
11bd42af82 Correct status code for basic-auth (#813) 
* ensuring those using basic auth recieve a correct status code when their password is incorrect

* Fixing oauth status codes
 2017-05-23 09:48:31 -07:00
Paul Borg
f6b5012f56 Add Check of DB connections on healthcheck URL (#812) 2017-05-22 17:15:41 -07:00
kevgliss
f9b388c658 Modifying the was s3 uploading works. (#810) 
* Modiying the was s3 uploading works.

* Fixing pep8
 2017-05-20 12:07:44 -07:00
kevgliss
4093f4669a Switching remaining uses of boto to boto3. (#809) 2017-05-20 11:09:55 -07:00
kevgliss
9594f2cd8d Upgrading moto and fixing test that break due to deprecation. (#808) 
* Upgrading moto and fixing test that break due to deprecation.

* Adding region.
 2017-05-20 10:40:22 -07:00
kevgliss
380203eb53 Adding the ability to upload to cloudfront via the 'path' parameter. Cloudfront destinations must be created separately. (#805) 
Closes #277
 2017-05-18 13:49:17 -07:00
kevgliss
307a73c752 Fixing some confusion between 401 vs 403 error code. 401 indicates that the user should attempt to authenticate again. Where as 403 indicates the user is authenticated but not allowed to complete an action. (#804) 
Closes #767
 2017-05-18 13:20:17 -07:00
kevgliss
3050aca3e6 Minor fixes to the domains UI. (#798) 
* Fixes checkbox input.

* Fixes notification message.
 2017-05-15 19:14:12 -07:00
kevgliss
8c41c6785d Fixes issue where domains without any associated certificates are not searchable. (#797) 2017-05-15 19:07:32 -07:00
kevgliss
092ce0f9d8 Closes #792. (#796) 2017-05-15 19:07:16 -07:00
kevgliss
914de78576 Adds migration to fix keys on unique index. Closes #743. (#785) 2017-05-10 12:13:42 -07:00
kevgliss
ecf00fe9d6 Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. (#784) 2017-05-10 12:05:03 -07:00
Michael Treacher
c71b3a319d Log the audit logs (#781) 2017-05-08 09:43:26 -07:00
Michael Treacher
767147aef1 Check for unknown as status is no longer represented as a boolean (#780) 2017-05-08 09:43:19 -07:00
Michael Treacher
ce5a45037a Fix for status representation in the view (#778) 2017-05-05 11:04:40 -07:00
kevgliss
9c9ca37586 Enabling hex serial numbers without breaking backward compatibility. (#779) 
* Enabling hex serial numbers without breaking backward compatibility.

* Fixing tests.
 2017-05-05 11:04:09 -07:00
Ian Stahnke
5c41dafc97 fix unit and interval transposition in schemas.py (#752) (#774) 2017-04-30 12:23:34 -07:00
Paul Van de Vreede
989e3733a2 Add docker setup for running tests on a docker enabled dev environment. (#771) 2017-04-28 09:28:06 -07:00
kevgliss
fbc24ea400 There is an issue when iterating over extensions where certificates might not have been issued in adherence with basic constraints. Here we log these errors instead of failing out right. (#770) 2017-04-27 17:45:34 -07:00
kevgliss
4905020e77 ensuring stdout has a default log level (#766) 2017-04-27 10:11:47 -07:00
kevgliss
75787d20bc ensuring that lemur's default user has a valid email (#765) 2017-04-27 09:53:35 -07:00
kevgliss
ca9f120988 fixing some pep8 issues (#764) 2017-04-27 09:44:39 -07:00
Rick Breidenstein
e86954e8ea Destination Plugin/Lemur_linuxdst (#736) 
* Added lemur_linuxdst

* Revert "Added lemur_linuxdst"

This reverts commit 010c19bd1937320189ee5a0660f9e356221121f3.

* added plugin\lemur_linuxdst

Destination plugin for a target linux host

* Update remote_host.py

* Update plugin.py

* Update remote_host.py

* Update plugin.py

* Update plugin.py

* chaning var and funct names

* Write data with local temp

* .

* .

* typo

* tested plugin successfully

* Update plugin.py

* Update remote_host.py

* removed whitespace

* set permissions on exported keys to 600

sftp.chmod(dst_dir_cn + '/' + dst_file, (stat.S_IRUSR))

* Update plugin.py

* Update remote_host.py

* Update plugin.py

* added 'paramiko==2.1.2'

required for lemur_linuxdst plugin

* data stored in clear text at rest

* Update plugin.py

* Update plugin.py

* Update remote_host.py
 2017-04-27 09:19:49 -07:00
Paul Van de Vreede
604cd60dbe Return correct intermediate certificate on digicert creation. (#762) 
This commit also removes the unused DIGICERT_INTERMEDIATE env
var as it is not used.
 2017-04-27 09:14:20 -07:00
Michael Treacher
05f4ae8e58 Hexify cert serial (#763) 
* Hexify serial at the serialization layer

* Fix for flakey test. Change test to test for uppercased string
 2017-04-27 09:13:04 -07:00
kevgliss
88ac783fd2 PEP8 Fixes (#760) 2017-04-25 09:23:18 -07:00
Travis McPeak
bc66ede9aa Fixing Bandit findings and adding travis Bandit job (#759) 
* Fixes for Bandit

This commit fixes a couple of issues so that Bandit can run
cleanly using medium+ severity and confidence filtering.

* Adding Lemur Bandit job to TravisCI
 2017-04-24 18:37:03 -07:00
Michael Treacher
1c295896e6 Add test for when there are no notifications on a certificate (#757) 2017-04-24 09:04:49 -07:00
kevgliss
01aa372e59 Version bump. (#751) 2017-04-08 13:23:48 -07:00
kevgliss
81aff42e03 Removing this exception handling, that error should be caught above. (#749) 2017-04-07 16:01:40 -07:00
Michael Treacher
7f019583f2 Don’t set ‘custom_expiration_date’ if validity years is set in the UI. (#742) 
* Don’t set ‘custom_expiration_date’ if validity years is set in the UI.

* Use single quotes instead of double quotes.
 2017-04-04 17:11:17 -07:00
kevgliss
f91ae5b319 Fixes bug where authority status was not set correctly. (#739) 2017-03-29 10:10:51 -07:00
kevgliss
f0dde845db Adding ability to exclude certificates from expiration (#730) 
* adding ability to exclude certificates from expiration

* fixing tests
 2017-03-15 11:25:19 -07:00
kevgliss
b0ea027769 Underscores should not be in hostnames (#728) 2017-03-15 08:41:06 -07:00
Neil Schelly
8762e1c5ae Issue #703 bugfix (#711) 
* Ensures that both AKI serial/issue _and_ keyid won't be included.
Validation issues crop up if both types of AKI fields are present.

* Ensure that SAN extension includes the certificate's common name

* Fix scenario where subAltNames are getting dropped when applying a template

* Ensure that SAN includes the CN

* Ensuring that getting here without a SAN extension won't break things.

* New cleaner approach

* Some bits of handling the extensions are a bit hacky, requiring access to attributes inside the objects in x509.
I think this is pretty clean though.

* lintian check

* Fixing tests
 2017-03-10 09:09:18 -08:00
kevgliss
3c5b2618c0 Rely on the lemur generating the correct name for rotated certificates. (#714) 
* Rely on the lemur generating the correct name for rotated certificates.

* Fixing tests.
 2017-03-09 13:09:20 -08:00
kevgliss
602c5580d3 Only validates values if present in options. Fixing authority test to parse plugin information. (#713) 2017-03-06 20:38:04 -08:00
kevgliss
b715687617 Ensuring that we don't fail cleaning if it doesn't exist. (#708) 2017-03-03 16:03:52 -08:00
kevgliss
c46fa5d69c Ensures the rotation has a value during migration. (#707) 2017-03-03 15:16:25 -08:00
kevgliss
310e1d4501 Adds support for filtering by UI. Closes #702. (#706) 2017-03-03 15:07:26 -08:00
kevgliss
fc957b63ff Source syncing tweaks. (#705) 
* Allow owner to be specified when syncing certs.

* Ensuring non-endpoint plugins don't fail to complete syncing.

* Adding in some additional error handling.
 2017-03-03 14:53:56 -08:00
kevgliss
d53f64890c Adding max notification constraint. (#704) 
* Adds additional constraints to the max notification time. With an increasing number of certificates we need to limit the max notification time to reduce the number of certificates that need to be analyzed for notification eligibility.
 2017-03-03 12:59:16 -08:00
Neil Schelly
5f5583e2cb UI adjustments for mutually exclusive (radio button version) encipher/decipher-only Key Usage #664 (#692) 
* UI adjustments to make Key Agreement, Encipher Only, and Decipher Only relationship more user-friendly

* whitespace typo

* Issue #663 switching Encipher/Decipher Only options to be mutually exclusive and un-checkable radio buttons.

* Found a bug in the fields schema that was dropping Key Agreement bit if encipher/decipher only weren't checked
 2017-02-16 13:26:56 -08:00
kevgliss
cf6ad94509 Adjusting the way that certificates are requested. (#643) 
* Adjusting the way that certificates are requested.

* Fixing tests.
 2017-02-16 13:24:05 -08:00
Gus E
08bb9c73a0 allow attributes to be excluded from a cert subject (#690) 
* allow more flexibility in cert subject name

* clean up logic/remove unnecessary code
 2017-02-16 13:21:52 -08:00