def test_send_expiration_notification(certificate, notification, notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
notification.options = [{'name': 'interval', 'value': 10}, {'name': 'unit', 'value': 'days'}]
certificate.notifications.append(notification)
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
sent = send_expiration_notifications()
assert sent == 1
certificate.notify = False
sent = send_expiration_notifications()
assert sent == 0
def test_send_expiration_notification_slack_disabled():
from lemur.notifications.messaging import send_expiration_notifications
prepare_test()
# though email is not disabled, we don't send the owner/security notifications via email if
# the main notification's plugin is disabled
assert send_expiration_notifications([], ['slack-notification']) == (0, 0)
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email(
) # emails are sent to owner and security; SNS only used for configured notification
topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()
notification = NotificationFactory(plugin_name="aws-sns")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(
days=10,
hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
assert send_expiration_notifications([],
[]) == (3, 0
) # owner, SNS, and security
received_messages = sqs_client.receive_message(
QueueUrl=queue_url)["Messages"]
assert len(received_messages) == 1
expected_message = format_message(
certificate_notification_output_schema.dump(certificate).data,
"expiration", notification.options)
actual_message = json.loads(received_messages[0]["Body"])["Message"]
assert actual_message == expected_message
def expirations(exclude):
"""
Runs Lemur's notification engine, that looks for expired certificates and sends
notifications out to those that have subscribed to them.
Every certificate receives notifications by default. When expiration notifications are handled outside of Lemur
we exclude their names (or matching) from expiration notifications.
It performs simple subset matching and is case insensitive.
:return:
"""
status = FAILURE_METRIC_STATUS
try:
print("Starting to notify subscribers about expiring certificates!")
success, failed = send_expiration_notifications(exclude)
print(
"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}".format(
success=success,
failed=failed
)
)
status = SUCCESS_METRIC_STATUS
except Exception as e:
sentry.captureException()
metrics.send('expiration_notification_job', 'counter', 1, metric_tags={'status': status})
def expirations(exclude, disabled_notification_plugins):
"""
Runs Lemur's notification engine, that looks for expiring certificates and sends
notifications out to those that have subscribed to them.
Every certificate receives notifications by default. When expiration notifications are handled outside of Lemur
we exclude their names (or matching) from expiration notifications.
It performs simple subset matching and is case insensitive.
:return:
"""
status = FAILURE_METRIC_STATUS
try:
print("Starting to notify subscribers about expiring certificates!")
success, failed = send_expiration_notifications(
exclude, disabled_notification_plugins)
print(
f"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}"
)
status = SUCCESS_METRIC_STATUS
except Exception as e:
sentry.captureException()
metrics.send("expiration_notification_job",
"counter",
1,
metric_tags={"status": status})
def test_send_expiration_notification_with_no_notifications(
certificate, notification, notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
assert send_expiration_notifications([], []) == (0, 0)
def test_send_expiration_notification(certificate, notification, notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
certificate.notifications.append(notification)
certificate.notifications[0].options = [{'name': 'interval', 'value': 10}, {'name': 'unit', 'value': 'days'}]
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
assert send_expiration_notifications([]) == (2, 0)
def test_send_expiration_notification_both_disabled():
from lemur.notifications.messaging import send_expiration_notifications
topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()
prepare_test()
assert send_expiration_notifications([], ['aws-sns', 'email-notification']) == (0, 0)
received_messages = sqs_client.receive_message(QueueUrl=queue_url)
assert "Messages" not in received_messages
def expirations():
"""
Runs Lemur's notification engine, that looks for expired certificates and sends
notifications out to those that have subscribed to them.
:return:
"""
print("Starting to notify subscribers about expiring certificates!")
count = send_expiration_notifications()
print(
"Finished notifying subscribers about expiring certificates! Sent {count} notifications!"
.format(count=count))
def expirations():
"""
Runs Lemur's notification engine, that looks for expired certificates and sends
notifications out to those that have subscribed to them.
:return:
"""
print("Starting to notify subscribers about expiring certificates!")
success, failed = send_expiration_notifications()
print(
"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}"
.format(success=success, failed=failed))
def test_send_expiration_notification_sns_disabled():
from lemur.notifications.messaging import send_expiration_notifications
topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()
prepare_test()
# though email is not disabled, we don't send the owner/security notifications via email if
# the main notification's plugin is disabled
assert send_expiration_notifications([], ['aws-sns']) == (0, 0)
received_messages = sqs_client.receive_message(QueueUrl=queue_url)
assert "Messages" not in received_messages
def test_send_expiration_notification_email_disabled():
from lemur.notifications.messaging import send_expiration_notifications
topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()
notification, certificate = prepare_test()
assert send_expiration_notifications([], ['email-notification']) == (1, 0) # SNS only
received_messages = sqs_client.receive_message(QueueUrl=queue_url)["Messages"]
assert len(received_messages) == 1
expected_message = format_message(certificate_notification_output_schema.dump(certificate).data, "expiration",
notification.options)
actual_message = json.loads(received_messages[0]["Body"])["Message"]
assert actual_message == expected_message
def test_send_expiration_notification(certificate, notification, notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email()
certificate.notifications.append(notification)
certificate.notifications[0].options = [
{"name": "interval", "value": 10},
{"name": "unit", "value": "days"},
]
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
# this will only send owner and security emails (no additional recipients),
# but it executes 3 successful send attempts
assert send_expiration_notifications([]) == (3, 0)
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email() # emails are sent to owner and security; Slack only used for configured notification
notification = NotificationFactory(plugin_name="slack-notification")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
assert send_expiration_notifications([]) == (3, 0) # owner, Slack, and security
def test_send_expiration_notification(certificate, notification,
notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
certificate.notifications.append(notification)
certificate.notifications[0].options = [{
'name': 'interval',
'value': 10
}, {
'name': 'unit',
'value': 'days'
}]
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
assert send_expiration_notifications() == (2, 0)
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
notification = NotificationFactory(plugin_name="slack-notification")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(
days=10,
hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
assert send_expiration_notifications([]) == (2, 0)
def test_send_expiration_notification_no_security_team():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory(name="TEST1")
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
assert send_expiration_notifications([], [], True) == (3, 0) # owner (1) and recipients (2)
def test_send_expiration_notification_disabled():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
assert send_expiration_notifications([], ['email-notification']) == (0, 0)
def expirations(exclude):
"""
Runs Lemur's notification engine, that looks for expired certificates and sends
notifications out to those that have subscribed to them.
Every certificate receives notifications by default. When expiration notifications are handled outside of Lemur
we exclude their names (or matching) from expiration notifications.
It performs simple subset matching and is case insensitive.
:return:
"""
print("Starting to notify subscribers about expiring certificates!")
success, failed = send_expiration_notifications(exclude)
print(
"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}"
.format(success=success, failed=failed))
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
# exclude "TEST1" certs so we don't pick up certs from the last test tests
assert send_expiration_notifications(["TEST1"], []) == (4, 0) # owner (1), recipients (2), and security (1)
def test_send_expiration_notification(certificate, notification,
notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
certificate.notifications.append(notification)
certificate.notifications[0].options = [
{
"name": "interval",
"value": 10
},
{
"name": "unit",
"value": "days"
},
]
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
assert send_expiration_notifications([]) == (2, 0)
def expirations(exclude):
"""
Runs Lemur's notification engine, that looks for expired certificates and sends
notifications out to those that have subscribed to them.
Every certificate receives notifications by default. When expiration notifications are handled outside of Lemur
we exclude their names (or matching) from expiration notifications.
It performs simple subset matching and is case insensitive.
:return:
"""
print("Starting to notify subscribers about expiring certificates!")
success, failed = send_expiration_notifications(exclude)
print(
"Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed}".format(
success=success,
failed=failed
)
)
def test_send_expiration_notification_email_disabled(certificate, notification,
notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email()
certificate.notifications.append(notification)
certificate.notifications[0].options = [
{
"name": "interval",
"value": 10
},
{
"name": "unit",
"value": "days"
},
]
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
# no notifications sent since the "test-notification" plugin is disabled
assert send_expiration_notifications([],
['test-notification']) == (0, 0)
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
prepare_test()
assert send_expiration_notifications([], []) == (3, 0) # owner, Slack, and security
def test_send_expiration_notification_with_no_notifications(certificate, notification, notification_plugin):
from lemur.notifications.messaging import send_expiration_notifications
delta = certificate.not_after - timedelta(days=10)
with freeze_time(delta.datetime):
assert send_expiration_notifications([]) == (0, 0)
def test_send_expiration_notification_both_disabled():
from lemur.notifications.messaging import send_expiration_notifications
prepare_test()
assert send_expiration_notifications([], ['slack-notification', 'email-notification']) == (0, 0)
def test_send_expiration_notification_email_disabled():
from lemur.notifications.messaging import send_expiration_notifications
prepare_test()
assert send_expiration_notifications([], ['email-notification']) == (1, 0) # Slack only
