def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email(
) # emails are sent to owner and security; SNS only used for configured notification
topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic()
notification = NotificationFactory(plugin_name="aws-sns")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(
days=10,
hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
assert send_expiration_notifications([],
[]) == (3, 0
) # owner, SNS, and security
received_messages = sqs_client.receive_message(
QueueUrl=queue_url)["Messages"]
assert len(received_messages) == 1
expected_message = format_message(
certificate_notification_output_schema.dump(certificate).data,
"expiration", notification.options)
actual_message = json.loads(received_messages[0]["Body"])["Message"]
assert actual_message == expected_message
def test_render_expiration_summary(certificate, notification, notification_plugin):
from lemur.notifications.messaging import get_eligible_security_summary_certs
verify_sender_email()
expected_certs = defaultdict(list)
# weird order to ensure they're not all sequential in the DB
expected_certs["14"].append(create_cert_that_expires_in_days(14))
expected_certs["12"].append(create_cert_that_expires_in_days(12))
expected_certs["1"].append(create_cert_that_expires_in_days(1))
expected_certs["3"].append(create_cert_that_expires_in_days(3))
expected_certs["2"].append(create_cert_that_expires_in_days(2))
expected_certs["9"].append(create_cert_that_expires_in_days(9))
expected_certs["7"].append(create_cert_that_expires_in_days(7))
expected_certs["12"].append(create_cert_that_expires_in_days(12))
expected_certs["7"].append(create_cert_that_expires_in_days(7))
expected_certs["2"].append(create_cert_that_expires_in_days(2))
expected_certs["2"].append(create_cert_that_expires_in_days(2))
expected_certs["3"].append(create_cert_that_expires_in_days(3))
expected_certs["2"].append(create_cert_that_expires_in_days(2))
create_cert_that_expires_in_days(15) # over the limit, won't be included
expected_certs["1"].append(create_cert_that_expires_in_days(1))
message_data = get_eligible_security_summary_certs(None)
assert len(message_data) == len(expected_certs) # verify the expected number of intervals
for interval in expected_certs:
message_data_for_interval = [x for x in message_data if x['interval'] == int(interval)]
assert len(message_data_for_interval) > 0 # verify the interval is present in the message data
message_data_for_interval = message_data_for_interval[0]
assert message_data_for_interval['certificates'] # verify the interval in the message data has a certs field
for cert in expected_certs[interval]:
message_data_for_cert = [x for x in message_data_for_interval['certificates'] if x['name'] == cert.name]
assert message_data_for_cert # verify the expected cert is present for the expected interval
def test_render_expiring_deployed_certificate(certificate):
verify_sender_email()
cert_data = certificate_notification_output_schema.dump(certificate).data
cert_data['domains_and_ports'] = [{'domain': 'subdomain.example.com', 'ports': [443]},
{'domain': 'example.com', 'ports': [443, 444]}]
assert render_html("expiring_deployed_certificate", get_options(), [cert_data])
def test_send_reissue_no_endpoints_notification(certificate):
from lemur.notifications.messaging import send_reissue_no_endpoints_notification
verify_sender_email()
new_certificate = CertificateFactory()
new_certificate.replaces.append(certificate)
verify_sender_email()
assert send_reissue_no_endpoints_notification(certificate, new_certificate)
def test_send_pending_failure_notification(user, pending_certificate, async_issuer_plugin):
from lemur.notifications.messaging import send_pending_failure_notification
verify_sender_email()
assert send_pending_failure_notification(pending_certificate)
assert send_pending_failure_notification(pending_certificate, True, True)
assert send_pending_failure_notification(pending_certificate, True, False)
assert send_pending_failure_notification(pending_certificate, False, True)
assert send_pending_failure_notification(pending_certificate, False, False)
def test_send_rotation_notification(endpoint, source_plugin):
from lemur.notifications.messaging import send_rotation_notification
from lemur.deployment.service import rotate_certificate
new_certificate = CertificateFactory()
rotate_certificate(endpoint, new_certificate)
assert endpoint.certificate == new_certificate
verify_sender_email()
assert send_rotation_notification(new_certificate)
def prepare_test():
verify_sender_email() # emails are sent to owner and security; Slack only used for configured notification
notification = NotificationFactory(plugin_name="slack-notification")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
def test_send_expiration_notification_disabled():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
assert send_expiration_notifications([], ['email-notification']) == (0, 0)
def test_send_expiration_notification_no_security_team():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory(name="TEST1")
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
assert send_expiration_notifications([], [], True) == (3, 0) # owner (1) and recipients (2)
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
verify_sender_email() # emails are sent to owner and security; Slack only used for configured notification
notification = NotificationFactory(plugin_name="slack-notification")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
assert send_expiration_notifications([]) == (3, 0) # owner, Slack, and security
def test_send_expiration_notification():
from lemur.notifications.messaging import send_expiration_notifications
from lemur.tests.factories import CertificateFactory
from lemur.tests.factories import NotificationFactory
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
notification = NotificationFactory(plugin_name="email-notification")
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
certificate.notifications[0].options = get_options()
verify_sender_email()
# exclude "TEST1" certs so we don't pick up certs from the last test tests
assert send_expiration_notifications(["TEST1"], []) == (4, 0) # owner (1), recipients (2), and security (1)
def prepare_test():
verify_sender_email() # emails are sent to owner and security; SNS only used for configured notification
# set all existing notifications to disabled so we don't have multiple conflicting in the tests
for prior_notification in service.get_all():
service.update(prior_notification.id, prior_notification.label, prior_notification.plugin_name,
prior_notification.options, prior_notification.description, False, [], [])
notification = NotificationFactory(plugin_name="aws-sns")
notification.options = get_options()
now = arrow.utcnow()
in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future
certificate = CertificateFactory()
certificate.not_after = in_ten_days
certificate.notifications.append(notification)
return notification, certificate
def test_send_reissue_failed_notification(certificate):
from lemur.notifications.messaging import send_reissue_failed_notification
verify_sender_email()
certificate.endpoints = [EndpointFactory()]
assert send_reissue_failed_notification(certificate)
def test_send_revocation_notification(certificate, endpoint):
from lemur.notifications.messaging import send_revocation_notification
verify_sender_email()
certificate.endpoints = [endpoint]
assert send_revocation_notification(certificate)
