def state(self): return defaults.state(self.parsed_cert)
def state(self): cert = lemur.common.utils.parse_certificate(self.body) return defaults.state(cert)
def upload(self, name, body, private_key, cert_chain, options, **kwargs): """ Upload certificate and private key :param private_key: :param cert_chain: :return: """ cert = parse_certificate(body) cname = common_name(cert) url = self.get_option("vaultUrl", options) auth_method = self.get_option("authenticationMethod", options) auth_key = self.get_option("tokenFileOrVaultRole", options) mount = self.get_option("vaultMount", options) path = self.get_option("vaultPath", options) bundle = self.get_option("bundleChain", options) obj_name = self.get_option("objectName", options) api_version = self.get_option("vaultKvApiVersion", options) san_filter = self.get_option("sanFilter", options) san_list = get_san_list(body) if san_filter: for san in san_list: try: if not re.match(san_filter, san, flags=re.IGNORECASE): current_app.logger.exception( "Exception uploading secret to vault: invalid SAN: {}" .format(san), exc_info=True, ) os._exit(1) except re.error: current_app.logger.exception( "Exception compiling regex filter: invalid filter", exc_info=True, ) client = hvac.Client(url=url) if auth_method == 'token': with open(auth_key, "r") as tfile: token = tfile.readline().rstrip("\n") client.token = token if auth_method == 'kubernetes': token_path = '/var/run/secrets/kubernetes.io/serviceaccount/token' with open(token_path, 'r') as f: jwt = f.read() client.auth_kubernetes(auth_key, jwt) client.secrets.kv.default_kv_version = api_version t_path = path.format( CN=cname, OU=organizational_unit(cert), O=organization(cert), # noqa: E741 L=location(cert), S=state(cert), C=country(cert)) if not obj_name: obj_name = '{CN}' f_obj_name = obj_name.format( CN=cname, OU=organizational_unit(cert), O=organization(cert), # noqa: E741 L=location(cert), S=state(cert), C=country(cert)) path = "{0}/{1}".format(t_path, f_obj_name) secret = get_secret(client, mount, path) secret["data"][cname] = {} if not cert_chain: chain = '' else: chain = cert_chain if bundle == "Nginx": secret["data"][cname]["crt"] = "{0}\n{1}".format(body, chain) secret["data"][cname]["key"] = private_key elif bundle == "Apache": secret["data"][cname]["crt"] = body secret["data"][cname]["chain"] = chain secret["data"][cname]["key"] = private_key elif bundle == "PEM": secret["data"][cname]["pem"] = "{0}\n{1}\n{2}".format( body, chain, private_key) else: secret["data"][cname]["crt"] = body secret["data"][cname]["key"] = private_key if isinstance(san_list, list): secret["data"][cname]["san"] = san_list try: client.secrets.kv.create_or_update_secret(path=path, mount_point=mount, secret=secret["data"]) except ConnectionError as err: current_app.logger.exception( "Exception uploading secret to vault: {0}".format(err), exc_info=True)