def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) certificates = [certificate_notification_output_schema.dump(certificate).data] template = env.get_template('{}.html'.format('expiration')) with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f: body = template.render(dict(certificates=certificates, hostname='lemur.test.example.com')) f.write(body) template = env.get_template('{}.html'.format('rotation')) certificate.endpoints.append(endpoint) with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f: body = template.render( dict( certificate=certificate_notification_output_schema.dump(certificate).data, hostname='lemur.test.example.com' ) ) f.write(body)
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) data = { 'certificates': [certificate_notification_output_schema.dump(certificate).data], 'options': [{'name': 'interval', 'value': 10}, {'name': 'unit', 'value': 'days'}] } template = env.get_template('{}.html'.format('expiration')) with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f: body = template.render(dict(message=data, hostname='lemur.test.example.com')) f.write(body) template = env.get_template('{}.html'.format('rotation')) certificate.endpoints.append(endpoint) with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f: body = template.render( dict( certificate=certificate_notification_output_schema.dump(certificate).data, hostname='lemur.test.example.com' ) ) f.write(body)
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) data = { 'certificates': [certificate_notification_output_schema.dump(certificate).data], 'options': [{ 'name': 'interval', 'value': 10 }, { 'name': 'unit', 'value': 'days' }] } template = env.get_template('{}.html'.format('expiration')) with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f: body = template.render( dict(message=data, hostname='lemur.test.example.com')) f.write(body) template = env.get_template('{}.html'.format('rotation')) certificate.endpoints.append(endpoint) with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f: body = template.render( dict(certificate=certificate_notification_output_schema.dump( certificate).data, hostname='lemur.test.example.com')) f.write(body)
def send_expiration_notifications(exclude): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ success = failure = 0 # security team gets all security_email = current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') security_data = [] for owner, notification_group in get_eligible_certificates(exclude=exclude).items(): for notification_label, certificates in notification_group.items(): notification_data = [] notification = certificates[0][0] for data in certificates: n, certificate = data cert_data = certificate_notification_output_schema.dump(certificate).data notification_data.append(cert_data) security_data.append(cert_data) if send_notification('expiration', notification_data, [owner], notification): success += 1 else: failure += 1 if send_notification('expiration', security_data, security_email, notification): success += 1 else: failure += 1 return success, failure
def send_expiration_notifications(exclude): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ success = failure = 0 # security team gets all security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") security_data = [] for owner, notification_group in get_eligible_certificates( exclude=exclude).items(): for notification_label, certificates in notification_group.items(): notification_data = [] notification = certificates[0][0] for data in certificates: n, certificate = data cert_data = certificate_notification_output_schema.dump( certificate).data notification_data.append(cert_data) security_data.append(cert_data) if send_notification("expiration", notification_data, [owner], notification): success += 1 else: failure += 1 notification_recipient = get_plugin_option("recipients", notification.options) if notification_recipient: notification_recipient = notification_recipient.split(",") # removing owner and security_email from notification_recipient notification_recipient = [ i for i in notification_recipient if i not in security_email and i != owner ] if (notification_recipient): if send_notification( "expiration", notification_data, notification_recipient, notification, ): success += 1 else: failure += 1 if send_notification("expiration", security_data, security_email, notification): success += 1 else: failure += 1 return success, failure
def test_render_reissued_with_no_endpoints(certificate): new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert render_html( "reissued_with_no_endpoints", get_options(), certificate_notification_output_schema.dump(new_cert).data)
def test_format_nonexpiration(certificate, endpoint): data = [certificate_notification_output_schema.dump(certificate).data] for certificate in data: expected_message = { "notification_type": "not-expiration", "certificate_name": certificate["name"], "expires": arrow.get( certificate["validityEnd"]).format("YYYY-MM-DDTHH:mm:ss"), "issuer": certificate["issuer"], "id": certificate["id"], "endpoints_detected": 0, "owner": certificate["owner"], "details": "https://lemur.example.com/#/certificates/{name}".format( name=certificate["name"]) } # We don't currently support any SNS notifications besides expiration; # when we do, this test will probably need to be refactored. # For now, this is a placeholder proving empty options works as long as it's not "expiration" type assert expected_message == json.loads( format_message(certificate, "not-expiration", None))
def send_expiring_deployed_certificate_notifications(certificates): """ Send an email to the owner of all provided certificates indicating that the certs are still deployed but expiring soon. """ success = failure = 0 notification_type = "expiring_deployed_certificate" security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") for owner, owner_certs in certificates: notification_data = [] # eventually we also want to use the options configured on the cert's notification(s) to notify the owner # for now, we'll just email the security team email_recipients = security_email for certificate, domains_and_ports in owner_certs: cert_data = certificate_notification_output_schema.dump( certificate).data # we add the domain info into the cert dump in order to reuse existing common email formatting logic domain_and_port_data = [] for domain, ports in domains_and_ports.items(): domain_and_port_data.append({"domain": domain, "ports": ports}) cert_data["domains_and_ports"] = domain_and_port_data notification_data.append(cert_data) if send_default_notification(notification_type, notification_data, email_recipients): success += 1 else: failure += 1 return success, failure
def send_expiration_notifications(exclude, disabled_notification_plugins, disable_security_team_emails=False): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ success = failure = 0 # security team gets all expiration emails (if enabled) security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") # if disabled, don't explicitly include the security team here # note that you will ALSO need to disable the DEFAULT_SECURITY_X_DAY notifications to truly turn these off if disable_security_team_emails: security_email = [] for owner, notification_group in get_eligible_certificates(exclude=exclude).items(): for notification_label, certificates in notification_group.items(): notification_data = [] notification = certificates[0][0] # skip sending the notification if the plugin is marked as disabled if notification.plugin.slug not in disabled_notification_plugins: for data in certificates: n, certificate = data cert_data = certificate_notification_output_schema.dump( certificate ).data notification_data.append(cert_data) email_recipients = notification.plugin.get_recipients(notification.options, security_email + [owner]) # Plugin will ONLY use the provided recipients if it's email; any other notification plugin ignores them if send_plugin_notification( "expiration", notification_data, email_recipients, notification ): success += len(email_recipients) else: failure += len(email_recipients) # If we're using an email plugin, we're done, # since "security_email + [owner]" were added as email_recipients. # If we're not using an email plugin, we also need to send an email to the security team and owner, # since the plugin notification didn't send anything to them. if notification.plugin.slug != "email-notification": # If the plugin wasn't email, it only sent one notification, so set the success/failure # to the correct value (1) at this point if success: success, failure = 1, 0 else: success, failure = 0, 1 # If email-notification plugin is disabled, we won't sent these extra notifications. if "email-notification" not in disabled_notification_plugins: if send_default_notification( "expiration", notification_data, email_recipients, notification.options ): success += len(email_recipients) else: failure += len(email_recipients) return success, failure
def send_authority_expiration_notifications(): """ This function will check for upcoming certificate authority certificate expiration, and send out notification emails at configured intervals. """ success = failure = 0 # security team gets all security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") for owner, owner_cert_groups in get_eligible_authority_certificates().items(): for interval, certificates in owner_cert_groups.items(): notification_data = [] for certificate in certificates: cert_data = certificate_notification_output_schema.dump( certificate ).data cert_data['self_signed'] = is_selfsigned(certificate.parsed_cert) cert_data['issued_cert_count'] = certificates_service.get_issued_cert_count_for_authority(certificate.root_authority) notification_data.append(cert_data) email_recipients = security_email + [owner] if send_default_notification( "authority_expiration", notification_data, email_recipients, notification_options=[{'name': 'interval', 'value': interval}] ): success = len(email_recipients) else: failure = len(email_recipients) return success, failure
def test_formatting(certificate): from lemur.plugins.lemur_slack.plugin import create_expiration_attachments from lemur.certificates.schemas import certificate_notification_output_schema data = [certificate_notification_output_schema.dump(certificate).data] attachment = { 'title': certificate.name, 'color': 'danger', 'fields': [ { 'short': True, 'value': '*****@*****.**', 'title': 'Owner' }, { 'short': True, 'value': u'Wednesday, January 1, 2020', 'title': 'Expires' }, { 'short': True, 'value': 0, 'title': 'Endpoints Detected' } ], 'title_link': 'https://lemur.example.com/#/certificates/{name}'.format(name=certificate.name), 'mrkdwn_in': ['text'], 'text': '', 'fallback': '' } assert attachment == create_expiration_attachments(data)[0]
def send_rotation_notification(certificate, notification_plugin=None): """ Sends a report to certificate owners when their certificate has been rotated. :param certificate: :param notification_plugin: :return: """ status = FAILURE_METRIC_STATUS if not notification_plugin: notification_plugin = plugins.get(current_app.config.get('LEMUR_DEFAULT_NOTIFICATION_PLUGIN')) data = certificate_notification_output_schema.dump(certificate).data try: notification_plugin.send('rotation', data, [data['owner']]) status = SUCCESS_METRIC_STATUS except Exception as e: current_app.logger.error('Unable to send notification to {}.'.format(data['owner']), exc_info=True) sentry.captureException() metrics.send('notification', 'counter', 1, metric_tags={'status': status, 'event_type': 'rotation'}) if status == SUCCESS_METRIC_STATUS: return True
def test_render_expiration(certificate, endpoint): new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert render_html( "expiration", get_options(), [certificate_notification_output_schema.dump(certificate).data])
def send_expiration_notifications(exclude): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ success = failure = 0 # security team gets all security_email = current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') security_data = [] for owner, notification_group in get_eligible_certificates(exclude=exclude).items(): for notification_label, certificates in notification_group.items(): notification_data = [] notification = certificates[0][0] for data in certificates: n, certificate = data cert_data = certificate_notification_output_schema.dump(certificate).data notification_data.append(cert_data) security_data.append(cert_data) if send_notification('expiration', notification_data, [owner], notification): success += 1 else: failure += 1 if send_notification('expiration', security_data, security_email, notification): success += 1 else: failure += 1 return success, failure
def send_reissue_no_endpoints_notification(new_cert): data = certificate_notification_output_schema.dump(new_cert).data data["security_email"] = current_app.config.get( "LEMUR_SECURITY_TEAM_EMAIL") email_recipients = [data["owner"]] + data["security_email"] return send_default_notification("reissued_with_no_endpoints", data, email_recipients)
def send_reissue_no_endpoints_notification(old_cert, new_cert): # The notifications should not be able to cause a reissue failure, so surround with a try. try: # Endpoints get moved from old to new cert during rotation, so the new cert won't have endpoints yet; # instead, we have to check the old cert for endpoints. if not old_cert.endpoints: excluded_destinations = current_app.config.get( "LEMUR_REISSUE_NOTIFICATION_EXCLUDED_DESTINATIONS", []) has_excluded_destination = excluded_destinations and old_cert.destinations and \ [d for d in old_cert.destinations if d.label in excluded_destinations] if not has_excluded_destination: data = certificate_notification_output_schema.dump( new_cert).data data["security_email"] = current_app.config.get( "LEMUR_SECURITY_TEAM_EMAIL") email_recipients = [data["owner"]] + data["security_email"] email_tags = { "old_cert_id": old_cert.id, "new_cert_id": new_cert.id, "new_cert_name": new_cert.name, "new_cert_owner": new_cert.owner } return send_default_notification("reissued_with_no_endpoints", data, email_recipients, email_tags=email_tags) except Exception: current_app.logger.warn( f"Error sending reissue notification for certificate: {old_cert.name}", exc_info=True)
def test_format_expiration(certificate, endpoint): data = [certificate_notification_output_schema.dump(certificate).data] options = get_options() for certificate in data: expected_message = { "notification_type": "expiration", "certificate_name": certificate["name"], "expires": arrow.get( certificate["validityEnd"]).format("YYYY-MM-DDTHH:mm:ss"), "issuer": certificate["issuer"], "id": certificate["id"], "endpoints_detected": 0, "owner": certificate["owner"], "details": "https://lemur.example.com/#/certificates/{name}".format( name=certificate["name"]), "notification_interval_days": 10 # 10 days specified in options } assert expected_message == json.loads( format_message(certificate, "expiration", options))
def test_send_expiration_notification(): from lemur.notifications.messaging import send_expiration_notifications verify_sender_email( ) # emails are sent to owner and security; SNS only used for configured notification topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic() notification = NotificationFactory(plugin_name="aws-sns") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta( days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification) assert send_expiration_notifications([], []) == (3, 0 ) # owner, SNS, and security received_messages = sqs_client.receive_message( QueueUrl=queue_url)["Messages"] assert len(received_messages) == 1 expected_message = format_message( certificate_notification_output_schema.dump(certificate).data, "expiration", notification.options) actual_message = json.loads(received_messages[0]["Body"])["Message"] assert actual_message == expected_message
def send_rotation_notification(certificate, notification_plugin=None): """ Sends a report to certificate owners when their certificate has been rotated. :param certificate: :param notification_plugin: :return: """ status = FAILURE_METRIC_STATUS if not notification_plugin: notification_plugin = plugins.get( current_app.config.get('LEMUR_DEFAULT_NOTIFICATION_PLUGIN')) data = certificate_notification_output_schema.dump(certificate).data try: notification_plugin.send('rotation', data, [data['owner']]) status = SUCCESS_METRIC_STATUS except Exception as e: sentry.captureException() metrics.send('notification', 'counter', 1, metric_tags={ 'status': status, 'event_type': 'rotation' }) if status == SUCCESS_METRIC_STATUS: return True
def test_formatting(certificate): from lemur.plugins.lemur_slack.plugin import create_expiration_attachments from lemur.certificates.schemas import certificate_notification_output_schema data = [certificate_notification_output_schema.dump(certificate).data] attachment = { 'title': certificate.name, 'color': 'danger', 'fields': [ { 'short': True, 'value': '*****@*****.**', 'title': 'Owner' }, { 'short': True, 'value': u'Tuesday, December 31, 2047', 'title': 'Expires' }, { 'short': True, 'value': 0, 'title': 'Endpoints Detected' } ], 'title_link': 'https://lemur.example.com/#/certificates/{name}'.format(name=certificate.name), 'mrkdwn_in': ['text'], 'text': '', 'fallback': '' } assert attachment == create_expiration_attachments(data)[0]
def send_expiration_notifications(): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ sent = 0 for plugin in plugins.all(plugin_type='notification'): notifications = database.db.session.query(Notification)\ .filter(Notification.plugin_name == plugin.slug)\ .filter(Notification.active == True).all() # noqa messages = [] for n in notifications: for certificate in n.certificates: if needs_notification(certificate): data = certificate_notification_output_schema.dump( certificate).data messages.append((data, n.options)) for data, options in messages: try: plugin.send('expiration', data, [data['owner']], options) metrics.send('expiration_notification_sent', 'counter', 1) sent += 1 except Exception as e: metrics.send('expiration_notification_failure', 'counter', 1) current_app.logger.exception(e) return sent
def test_render_expiring_deployed_certificate(certificate): verify_sender_email() cert_data = certificate_notification_output_schema.dump(certificate).data cert_data['domains_and_ports'] = [{'domain': 'subdomain.example.com', 'ports': [443]}, {'domain': 'example.com', 'ports': [443, 444]}] assert render_html("expiring_deployed_certificate", get_options(), [cert_data])
def test_render_rotation(certificate, endpoint): new_cert = CertificateFactory() new_cert.replaces.append(certificate) new_cert.endpoints.append(endpoint) assert render_html( "rotation", get_options(), certificate_notification_output_schema.dump(new_cert).data)
def send_reissue_failed_notification(certificate): try: data = certificate_notification_output_schema.dump(certificate).data data["security_email"] = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") email_recipients = [data["owner"]] + data["security_email"] return send_default_notification("reissue_failed", data, email_recipients) except Exception: current_app.logger.warn( f"Error sending reissue failed notification for certificate: {certificate.name}", exc_info=True )
def send_security_expiration_summary(exclude=None): """ Sends a report to the security team with a summary of all expiring certificates. All expiring certificates are included here, regardless of notification configuration. Certificates with notifications disabled are omitted. :param exclude: :return: """ function = f"{__name__}.{sys._getframe().f_code.co_name}" status = FAILURE_METRIC_STATUS notification_plugin = plugins.get( current_app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification") ) notification_type = "expiration_summary" log_data = { "function": function, "message": "Sending expiration summary notification for to security team", "notification_type": notification_type, "notification_plugin": notification_plugin.slug, } intervals_and_certs = get_eligible_security_summary_certs(exclude) security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") try: current_app.logger.debug(log_data) message_data = [] for interval, certs in intervals_and_certs.items(): cert_data = [] for certificate in certs: cert_data.append(certificate_notification_output_schema.dump(certificate).data) interval_data = {"interval": interval, "certificates": cert_data} message_data.append(interval_data) notification_plugin.send(notification_type, message_data, security_email, None) status = SUCCESS_METRIC_STATUS except Exception: log_data["message"] = f"Unable to send {notification_type} notification for certificates " \ f"{intervals_and_certs} to targets {security_email}" current_app.logger.error(log_data, exc_info=True) sentry.captureException() metrics.send( "notification", "counter", 1, metric_tags={"status": status, "event_type": notification_type, "plugin": notification_plugin.slug}, ) if status == SUCCESS_METRIC_STATUS: return True
def send_rotation_notification(certificate): data = certificate_notification_output_schema.dump(certificate).data data["security_email"] = current_app.config.get( "LEMUR_SECURITY_TEAM_EMAIL") email_tags = { "cert_id": certificate.id, "cert_name": certificate.name, "owner": certificate.owner } return send_default_notification("rotation", data, [data["owner"]], email_tags=email_tags)
def test_send_expiration_notification_email_disabled(): from lemur.notifications.messaging import send_expiration_notifications topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic() notification, certificate = prepare_test() assert send_expiration_notifications([], ['email-notification']) == (1, 0) # SNS only received_messages = sqs_client.receive_message(QueueUrl=queue_url)["Messages"] assert len(received_messages) == 1 expected_message = format_message(certificate_notification_output_schema.dump(certificate).data, "expiration", notification.options) actual_message = json.loads(received_messages[0]["Body"])["Message"] assert actual_message == expected_message
def get_eligible_security_summary_certs(exclude=None): message_data = [] all_certs = get_certificates_for_security_summary_email(exclude=exclude) now = arrow.utcnow() # group by expiration interval for interval, interval_certs in groupby(sorted(all_certs, key=lambda x: (x.not_after - now).days), lambda x: (x.not_after - now).days): cert_data = [] for certificate in interval_certs: cert_data.append(certificate_notification_output_schema.dump(certificate).data) interval_data = {"interval": interval, "certificates": cert_data} message_data.append(interval_data) return message_data
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) data = { "certificates": [certificate_notification_output_schema.dump(certificate).data], "options": [ { "name": "interval", "value": 10 }, { "name": "unit", "value": "days" }, ], } template = env.get_template("{}.html".format("expiration")) body = template.render( dict(message=data, hostname="lemur.test.example.com")) template = env.get_template("{}.html".format("rotation")) certificate.endpoints.append(endpoint) body = template.render( dict( certificate=certificate_notification_output_schema.dump( certificate).data, hostname="lemur.test.example.com", ))
def test_publish(certificate, endpoint): data = [certificate_notification_output_schema.dump(certificate).data] topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic() message_ids = publish(topic_arn, data, "expiration", get_options(), region_name="us-east-1") assert len(message_ids) == len(data) received_messages = sqs_client.receive_message(QueueUrl=queue_url)["Messages"] for certificate in data: expected_message_id = message_ids[certificate["name"]] actual_message = next( (m for m in received_messages if json.loads(m["Body"])["MessageId"] == expected_message_id), None) actual_json = json.loads(actual_message["Body"]) assert actual_json["Message"] == format_message(certificate, "expiration", get_options()) assert actual_json["Subject"] == "Lemur: Expiration Notification"
def send_expiration_notifications(exclude): """ This function will check for upcoming certificate expiration, and send out notification emails at given intervals. """ success = failure = 0 # security team gets all security_email = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") for owner, notification_group in get_eligible_certificates(exclude=exclude).items(): for notification_label, certificates in notification_group.items(): notification_data = [] notification = certificates[0][0] for data in certificates: n, certificate = data cert_data = certificate_notification_output_schema.dump( certificate ).data notification_data.append(cert_data) email_recipients = notification.plugin.get_recipients(notification.options, security_email + [owner]) # Plugin will ONLY use the provided recipients if it's email; any other notification plugin ignores them if send_plugin_notification( "expiration", notification_data, email_recipients, notification ): success += len(email_recipients) else: failure += len(email_recipients) # If we're using an email plugin, we're done, # since "security_email + [owner]" were added as email_recipients. # If we're not using an email plugin, we also need to send an email to the security team and owner, # since the plugin notification didn't send anything to them. if notification.plugin.slug != "email-notification": if send_default_notification( "expiration", notification_data, email_recipients, notification.options ): success = 1 + len(email_recipients) else: failure = 1 + len(email_recipients) return success, failure
def send_rotation_notification(certificate, notification_plugin=None): """ Sends a report to certificate owners when their certificate has been rotated. :param certificate: :param notification_plugin: :return: """ function = f"{__name__}.{sys._getframe().f_code.co_name}" log_data = { "function": function, "message": f"Sending rotation notification for certificate {certificate.name}", "notification_type": "rotation", "certificate_name": certificate.name, "certificate_owner": certificate.owner, } status = FAILURE_METRIC_STATUS if not notification_plugin: notification_plugin = plugins.get( current_app.config.get("LEMUR_DEFAULT_NOTIFICATION_PLUGIN", "email-notification") ) data = certificate_notification_output_schema.dump(certificate).data try: notification_plugin.send("rotation", data, [data["owner"]], []) status = SUCCESS_METRIC_STATUS except Exception as e: log_data["message"] = f"Unable to send rotation notification for certificate {certificate.name} " \ f"to owner {data['owner']}" current_app.logger.error(log_data, exc_info=True) sentry.captureException() metrics.send( "notification", "counter", 1, metric_tags={"status": status, "event_type": "rotation"}, ) if status == SUCCESS_METRIC_STATUS: return True
def send_rotation_notification(certificate, notification_plugin=None): """ Sends a report to certificate owners when their certificate as been rotated. :param certificate: :return: """ if not notification_plugin: notification_plugin = plugins.get(current_app.config.get('LEMUR_DEFAULT_NOTIFICATION_PLUGIN')) data = certificate_notification_output_schema.dump(certificate).data try: notification_plugin.send('rotation', data, [data['owner']]) metrics.send('rotation_notification_sent', 'counter', 1) return True except Exception as e: metrics.send('rotation_notification_failure', 'counter', 1) current_app.logger.exception(e)
def send_rotation_notification(certificate, notification_plugin=None): """ Sends a report to certificate owners when their certificate as been rotated. :param certificate: :return: """ if not notification_plugin: notification_plugin = plugins.get(current_app.config.get('LEMUR_DEFAULT_NOTIFICATION_PLUGIN')) data = certificate_notification_output_schema.dump(certificate).data try: notification_plugin.send('rotation', data, [data['owner']]) metrics.send('rotation_notification_sent', 'counter', 1) return True except Exception as e: sentry.captureException() metrics.send('rotation_notification_failure', 'counter', 1) current_app.logger.exception(e)
def test_formatting(certificate): from lemur.plugins.lemur_slack.plugin import create_expiration_attachments from lemur.certificates.schemas import certificate_notification_output_schema data = [certificate_notification_output_schema.dump(certificate).data] attachment = { "title": certificate.name, "color": "danger", "fields": [ { "short": True, "value": "*****@*****.**", "title": "Owner" }, { "short": True, "value": u"Tuesday, December 31, 2047", "title": "Expires" }, { "short": True, "value": 0, "title": "Endpoints Detected" }, ], "title_link": "https://lemur.example.com/#/certificates/{name}".format( name=certificate.name), "mrkdwn_in": ["text"], "text": "", "fallback": "", } assert attachment == create_expiration_attachments(data)[0]