def delete(destination_id):
"""
Deletes an destination.
:param destination_id: Lemur assigned ID
"""
database.delete(get(destination_id))
def delete(policy_id):
"""
Delete a rotation policy.
:param policy_id:
:return:
"""
database.delete(get(policy_id))
def delete(notification_id):
"""
Deletes an notification.
:param notification_id: Lemur assigned ID
"""
database.delete(get(notification_id))
def delete(dns_provider_id):
"""
Deletes a DNS provider.
:param dns_provider_id: Lemur assigned ID
"""
database.delete(get(dns_provider_id))
def delete(source_id):
"""
Deletes an source.
:param source_id: Lemur assigned ID
"""
database.delete(get(source_id))
def delete(access_key):
"""
Delete an access key. This is one way to remove a key, though you probably should just set revoked.
:param access_key:
:return:
"""
database.delete(access_key)
def delete(destination_id):
"""
Deletes an destination.
:param destination_id: Lemur assigned ID
"""
database.delete(get(destination_id))
def delete(policy_id):
"""
Delete a rotation policy.
:param policy_id:
:return:
"""
database.delete(get(policy_id))
def delete(notification_id):
"""
Deletes an notification.
:param notification_id: Lemur assigned ID
"""
database.delete(get(notification_id))
def delete(source_id):
"""
Deletes an source.
:param source_id: Lemur assigned ID
"""
database.delete(get(source_id))
def delete(cert_id):
"""
Delete's a certificate.
:param cert_id:
"""
database.delete(get(cert_id))
def delete(cert_id):
"""
Delete's a certificate.
:param cert_id:
"""
database.delete(get(cert_id))
def delete(access_key):
"""
Delete an access key. This is one way to remove a key, though you probably should just set revoked.
:param access_key:
:return:
"""
log_service.audit_log("delete_api_key", access_key.name,
"Deleting the API key")
database.delete(access_key)
def delete(notification_id):
"""
Deletes an notification.
:param notification_id: Lemur assigned ID
"""
notification = get(notification_id)
if notification:
log_service.audit_log("delete_notification", notification.label, "Deleting notification")
database.delete(notification)
def delete(source_id):
"""
Deletes an source.
:param source_id: Lemur assigned ID
"""
source = get(source_id)
if source:
log_service.audit_log("delete_source", source.label, "Deleting source")
database.delete(source)
def delete(dns_provider_id):
"""
Deletes a DNS provider.
:param dns_provider_id: Lemur assigned ID
"""
dns_provider = get(dns_provider_id)
if dns_provider:
log_service.audit_log("delete_dns_provider", dns_provider.name, "Deleting the DNS provider")
database.delete(dns_provider)
def expire(ttl):
"""
Removed all endpoints that have not been recently updated.
"""
now = arrow.utcnow()
expiration = now - timedelta(hours=ttl)
endpoints = database.session_query(Endpoint).filter(cast(Endpoint.last_updated, ArrowType) <= expiration)
for endpoint in endpoints:
database.delete(endpoint)
metrics.send('endpoint_expired', 'counter', 1)
def delete(destination_id):
"""
Deletes an destination.
:param destination_id: Lemur assigned ID
"""
destination = get(destination_id)
if destination:
log_service.audit_log("delete_destination", destination.label,
"Deleting destination")
database.delete(destination)
def _disassociate_endpoints_from_source(endpoints, source):
current_endpoints = endpoint_service.get_by_source(
source_label=source.label)
for ce in current_endpoints:
for fe in endpoints:
if ce.dnsname == fe['dnsname']:
break
else:
current_app.logger.info(
"Endpoint {dnsname} was not found during sync, removing from inventory."
.format(dnsname=ce.dnsname))
metrics.send('endpoint_removed', 'counter', 1)
database.delete(ce)
def expire(ttl):
"""
Removed all endpoints that have not been recently updated.
"""
print("[+] Staring expiration of old endpoints.")
now = arrow.utcnow()
expiration = now - timedelta(hours=ttl)
endpoints = database.session_query(Endpoint).filter(cast(Endpoint.last_updated, ArrowType) <= expiration)
for endpoint in endpoints:
print("[!] Expiring endpoint: {name} Last Updated: {last_updated}".format(name=endpoint.name, last_updated=endpoint.last_updated))
database.delete(endpoint)
metrics.send('endpoint_expired', 'counter', 1)
print("[+] Finished expiration.")
def _disassociate_endpoints_from_source(found_endpoints, source_label):
current_endpoints = endpoint_service.get_by_source(source_label=source_label)
for ce in current_endpoints:
for fe in found_endpoints:
if ce.dnsname == fe['dnsname']:
break
else:
current_app.logger.info(
"Endpoint {dnsname} was not found during sync, removing from inventory.".format(
dnsname=ce.dnsname
)
)
metrics.send('endpoint_removed', 'counter', 1)
database.delete(ce)
def delete(role_id):
"""
Remove a role
:param role_id:
:return:
"""
return database.delete(get(role_id))
def delete(role_id):
"""
Remove a role
:param role_id:
:return:
"""
return database.delete(get(role_id))
def expire(ttl):
"""
Removed all endpoints that have not been recently updated.
"""
print("[+] Staring expiration of old endpoints.")
try:
now = arrow.utcnow()
expiration = now - timedelta(hours=ttl)
endpoints = database.session_query(Endpoint).filter(cast(Endpoint.last_updated, ArrowType) <= expiration)
for endpoint in endpoints:
print("[!] Expiring endpoint: {name} Last Updated: {last_updated}".format(name=endpoint.name, last_updated=endpoint.last_updated))
database.delete(endpoint)
metrics.send('endpoint_expired', 'counter', 1)
print("[+] Finished expiration.")
except Exception as e:
sentry.captureException()
def expire_endpoints(source, ttl_hours):
now = arrow.utcnow()
expiration = now - timedelta(hours=ttl_hours)
endpoints = database.session_query(Endpoint).filter(
Endpoint.source_id == source.id).filter(
cast(Endpoint.last_updated, ArrowType) <= expiration)
expired = 0
for endpoint in endpoints:
current_app.logger.debug(
"Expiring endpoint from source {source}: {name} Last Updated: {last_updated}"
.format(source=source.label,
name=endpoint.name,
last_updated=endpoint.last_updated))
database.delete(endpoint)
metrics.send("endpoint_expired",
"counter",
1,
metric_tags={"source": source.label})
expired += 1
return expired
def delete(source_id):
"""
Deletes an source.
:param source_id: Lemur assigned ID
"""
source = get(source_id)
if source:
# remove association of this source from all valid certificates
certificates = certificate_service.get_all_valid_certificates_with_source(
source_id)
for certificate in certificates:
certificate_service.remove_source_association(certificate, source)
current_app.logger.warning(
f"Removed source {source.label} for {certificate.name} during source delete"
)
# proceed with source delete
log_service.audit_log("delete_source", source.label, "Deleting source")
database.delete(source)
def delete(role_id):
"""
Remove a role
:param role_id:
:return:
"""
role = get(role_id)
log_service.audit_log("delete_role", role.name, "Deleting role")
return database.delete(role)
def delete(destination_id):
"""
Deletes an destination.
:param destination_id: Lemur assigned ID
"""
destination = get(destination_id)
if destination:
# remove association of this source from all valid certificates
certificates = certificate_service.get_all_valid_certificates_with_destination(
destination_id)
for certificate in certificates:
certificate_service.remove_destination_association(
certificate, destination)
current_app.logger.warning(
f"Removed destination {destination.label} for {certificate.name} during destination delete"
)
# proceed with destination delete
log_service.audit_log("delete_destination", destination.label,
"Deleting destination")
database.delete(destination)
def delete_by_id(id):
database.delete(get(id))
def sync_endpoints(source):
new, updated, updated_by_hash, removed = 0, 0, 0, 0
current_app.logger.debug("Retrieving endpoints from {0}".format(
source.label))
s = plugins.get(source.plugin_name)
seen_endpoints = set()
try:
endpoints = s.get_endpoints(source.options)
except NotImplementedError:
current_app.logger.warning(
"Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'"
.format(source.label))
return new, updated, updated_by_hash
for endpoint in endpoints:
exists = endpoint_service.get_by_dnsname_and_port(
endpoint["dnsname"], endpoint["port"])
certificate_name = endpoint.pop("certificate_name")
endpoint["certificate"] = certificate_service.get_by_name(
certificate_name)
# if get cert by name failed, we attempt a search via serial number and hash comparison
# and link the endpoint certificate to Lemur certificate
if not endpoint["certificate"]:
certificate_attached_to_endpoint = None
try:
certificate_attached_to_endpoint = s.get_certificate_by_name(
certificate_name, source.options)
except NotImplementedError:
current_app.logger.warning(
"Unable to describe server certificate for endpoints in source {0}:"
" plugin has not implemented 'get_certificate_by_name'".
format(source.label))
sentry.captureException()
if certificate_attached_to_endpoint:
lemur_matching_cert, updated_by_hash_tmp = find_cert(
certificate_attached_to_endpoint)
updated_by_hash += updated_by_hash_tmp
if lemur_matching_cert:
endpoint["certificate"] = lemur_matching_cert[0]
if len(lemur_matching_cert) > 1:
current_app.logger.error(
"Too Many Certificates Found{0}. Name: {1} Endpoint: {2}"
.format(len(lemur_matching_cert), certificate_name,
endpoint["name"]))
metrics.send("endpoint.certificate.conflict",
"gauge",
len(lemur_matching_cert),
metric_tags={
"cert":
certificate_name,
"endpoint":
endpoint["name"],
"acct":
s.get_option("accountNumber",
source.options)
})
if not endpoint["certificate"]:
current_app.logger.error({
"message":
"Certificate Not Found",
"certificate_name":
certificate_name,
"endpoint_name":
endpoint["name"],
"dns_name":
endpoint.get("dnsname"),
"account":
s.get_option("accountNumber", source.options),
})
metrics.send("endpoint.certificate.not.found",
"counter",
1,
metric_tags={
"cert": certificate_name,
"endpoint": endpoint["name"],
"acct": s.get_option("accountNumber",
source.options),
"dnsname": endpoint.get("dnsname")
})
continue
policy = endpoint.pop("policy")
policy_ciphers = []
for nc in policy["ciphers"]:
policy_ciphers.append(
endpoint_service.get_or_create_cipher(name=nc))
policy["ciphers"] = policy_ciphers
endpoint["policy"] = endpoint_service.get_or_create_policy(**policy)
endpoint["source"] = source
if not exists:
current_app.logger.debug(
"Endpoint Created: Name: {name}".format(name=endpoint["name"]))
seen_endpoints.add(endpoint_service.create(**endpoint).id)
new += 1
else:
current_app.logger.debug("Endpoint Updated: {}".format(endpoint))
seen_endpoints.add(
endpoint_service.update(exists.id, **endpoint).id)
updated += 1
# remove
for endpoint in source.endpoints:
if endpoint.id not in seen_endpoints:
current_app.logger.info(
f"removing endpoint {endpoint.name} from database")
database.delete(endpoint)
removed += 1
return new, updated, updated_by_hash, removed
def delete(pending_certificate):
log_service.audit_log("delete_pending_certificate",
pending_certificate.name,
"Deleting the pending certificate")
database.delete(pending_certificate)
def delete(pending_certificate):
database.delete(pending_certificate)
def delete_by_id(id):
database.delete(get(id))
def delete(pending_certificate):
database.delete(pending_certificate)
