def rotate(new_certificate_name=False, old_certificate_name=False, message=False, commit=False): new_cert = old_cert = None if commit: print("[!] Running in COMMIT mode.") if old_certificate_name: old_cert = get_by_name(old_certificate_name) if not old_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if new_certificate_name: new_cert = get_by_name(new_certificate_name) if not new_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if old_cert and new_cert: reissue_and_rotate(old_cert, new_certificate=new_cert, commit=commit, message=message) else: for certificate in get_all_pending_rotation(): reissue_and_rotate(certificate, commit=commit, message=message)
def rotate(new_certificate_name, old_certificate_name, commit=False): from lemur.certificates.service import get_by_name, reissue_certificate, get_certificate_primitives from lemur.endpoints.service import rotate_certificate old_cert = get_by_name(old_certificate_name) if not old_cert: sys.stdout.write("[-] No certificate found with name: {0}\n".format( old_certificate_name)) sys.exit(1) if new_certificate_name: new_cert = get_by_name(new_certificate_name) if not new_cert: sys.stdout.write( "[-] No certificate found with name: {0}\n".format( old_certificate_name)) sys.exit(1) if commit: sys.stdout.write("[!] Running in COMMIT mode.\n") if not new_certificate_name: sys.stdout.write( "[!] No new certificate provided. Attempting to re-issue old certificate: {0}.\n" .format(old_certificate_name)) details = get_certificate_primitives(old_cert) print_certificate_details(details) if commit: new_cert = reissue_certificate(old_cert, replace=True) sys.stdout.write("[+] Issued new certificate named: {0}\n".format( new_cert.name)) sys.stdout.write("[+] Done! \n") if len(old_cert.endpoints) > 0: for endpoint in old_cert.endpoints: sys.stdout.write( "[+] Certificate deployed on endpoint: name:{name} dnsname:{dnsname} port:{port} type:{type}\n" .format(name=endpoint.name, dnsname=endpoint.dnsname, port=endpoint.port, type=endpoint.type)) sys.stdout.write( "[+] Rotating certificate from: {0} to: {1}\n".format( old_certificate_name, new_cert.name)) if commit: rotate_certificate(endpoint, new_cert) sys.stdout.write("[+] Done! \n") else: sys.stdout.write( "[!] Certificate not found on any existing endpoints. Nothing to rotate.\n" )
def rotate(new_certificate_name, old_certificate_name, message, commit): """ Rotates a certificate and reissues it if it has not already been replaced. If it has been replaced, will use the replacement certificate for the rotation. """ new_cert = old_cert = None if commit: print("[!] Running in COMMIT mode.") if old_certificate_name: old_cert = get_by_name(old_certificate_name) if not old_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if new_certificate_name: new_cert = get_by_name(new_certificate_name) if not new_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if old_cert and new_cert: try: reissue_and_rotate(old_cert, new_certificate=new_cert, commit=commit, message=message) if commit: metrics.send('certificate_rotation_success', 'counter', 1) except Exception as e: current_app.logger.exception(e) if commit: metrics.send('certificate_rotation_failure', 'counter', 1) else: for certificate in get_all_pending_rotation(): try: reissue_and_rotate(certificate, commit=commit, message=message) if commit: metrics.send('certificate_rotation_success', 'counter', 1) except Exception as e: current_app.logger.exception(e) if commit: metrics.send('certificate_rotation_failure', 'counter', 1)
def create_cert(name, dst_dir, export_type, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port): lem_cert = service.get_by_name(name) dst_dir = dst_dir + '/' + lem_cert.cn dst_file = 'cert.pem' if export_type == 'NGINX': dst_data = lem_cert.body + '\n' + lem_cert.chain chain_req = False elif export_type == '3File': dst_data = lem_cert.body chain_req = True else: dst_data = lem_cert.body copy_cert(dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) if chain_req is True: dst_file = 'chain.pem' dst_data = lem_cert.chain_req copy_cert(dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) dst_file = 'priv.key' dst_data = lem_cert.private_key copy_cert(dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data)
def create_cert(name, dst_dir, export_type, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port): lem_cert = service.get_by_name(name) dst_file = 'cert.pem' chain_req = False if export_type == 'NGINX': # This process will result in a cert.pem file with the body and chain in a single file if lem_cert.chain is None: dst_data = lem_cert.body else: dst_data = lem_cert.body + '\n' + lem_cert.chain chain_req = False elif export_type == '3File': # This process will results in three files. cert.pem, priv.key, chain.pem dst_data = lem_cert.body chain_req = True else: dst_data = lem_cert.body copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) if chain_req is True: dst_file = 'chain.pem' dst_data = lem_cert.chain_req copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data) dst_file = 'priv.key' dst_data = lem_cert.private_key copy_cert(lem_cert.cn, dst_user, dst_priv, dst_priv_key, dst_host, dst_host_port, dst_dir, dst_file, dst_data)
def sync_certificates(source, user): new, updated = 0, 0 current_app.logger.debug("Retrieving certificates from {0}".format(source.label)) s = plugins.get(source.plugin_name) certificates = s.get_certificates(source.options) for certificate in certificates: exists = certificate_service.get_by_name(certificate['name']) if not certificate.get('owner'): certificate['owner'] = user.email certificate['creator'] = user if not exists: current_app.logger.debug("Creating Certificate. Name: {name}".format(name=certificate['name'])) certificate_create(certificate, source) new += 1 else: current_app.logger.debug("Updating Certificate. Name: {name}".format(name=certificate['name'])) certificate_update(exists, source) updated += 1 assert len(certificates) == new + updated return new, updated
def sync_certificates(source, user): new, updated = 0, 0 current_app.logger.debug("Retrieving certificates from {0}".format( source.label)) s = plugins.get(source.plugin_name) certificates = s.get_certificates(source.options) for certificate in certificates: exists = certificate_service.get_by_name(certificate['name']) certificate['owner'] = user.email certificate['creator'] = user if not exists: current_app.logger.debug( "Creating Certificate. Name: {name}".format( name=certificate['name'])) certificate_create(certificate, source) new += 1 else: current_app.logger.debug( "Updating Certificate. Name: {name}".format( name=certificate['name'])) certificate_update(exists, source) updated += 1 assert len(certificates) == new + updated return new, updated
def test_sync_certificates_same_cert_same_name(user, source, sync_source_plugin): from lemur.sources.service import sync_certificates, certificate_create from lemur.certificates import service as cert_service from lemur.plugins.base import plugins # create an existing cert with same body data = { "name": "WildcardCert2", "body": WILDCARD_CERT_STR, "private_key": WILDCARD_CERT_KEY, "owner": "*****@*****.**", "creator": user["user"], } certificate_create(data, source) # sync a certificate with same body s = plugins.get(source.plugin_name) s.certificates = [ { "name": "WildcardCert2", "body": WILDCARD_CERT_STR, }, ] res = sync_certificates(source, user["user"]) assert res == (0, 1, 1) assert cert_service.get_by_name("WildcardCert2") is not None
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return for endpoint in endpoints: exists = endpoint_service.get_by_dnsname(endpoint['dnsname']) certificate_name = endpoint.pop('certificate_name', None) certificate = endpoint.pop('certificate', None) if certificate_name: current_app.logger.debug(certificate_name) cert = cert_service.get_by_name(certificate_name) elif certificate: cert = cert_service.get_by_body(certificate['body']) if not cert: cert = cert_service.import_certificate(**certificate) if not cert: current_app.logger.error( "Unable to find associated certificate, be sure that certificates are sync'ed before endpoints" ) continue endpoint['certificate'] = cert policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) endpoint['source'] = source if not exists: endpoint_service.create(**endpoint) new += 1 else: endpoint_service.update(exists.id, **endpoint) updated += 1 _disassociate_endpoints_from_source(endpoints, source)
def run(self, elb_list, chain_path, cert_name, cert_prefix, description): for e in open(elb_list, 'r').readlines(): elb_name, account_id, region, from_port, to_port, protocol = e.strip().split(',') if cert_name: arn = "arn:aws:iam::{0}:server-certificate/{1}".format(account_id, cert_name) else: # if no cert name is provided we need to discover it listeners = elb.get_listeners(account_id, region, elb_name) # get the listener we care about for listener in listeners: if listener[0] == int(from_port) and listener[1] == int(to_port): arn = listener[4] name = get_name_from_arn(arn) certificate = cert_service.get_by_name(name) break else: sys.stdout.write("[-] Could not find ELB {0}".format(elb_name)) continue if not certificate: sys.stdout.write("[-] Could not find certificate {0} in Lemur".format(name)) continue dests = [] for d in certificate.destinations: dests.append({'id': d.id}) nots = [] for n in certificate.notifications: nots.append({'id': n.id}) new_certificate = database.clone(certificate) if cert_prefix: new_certificate.name = "{0}-{1}".format(cert_prefix, new_certificate.name) new_certificate.chain = open(chain_path, 'r').read() new_certificate.description = "{0} - {1}".format(new_certificate.description, description) new_certificate = database.create(new_certificate) database.update_list(new_certificate, 'destinations', Destination, dests) database.update_list(new_certificate, 'notifications', Notification, nots) database.update(new_certificate) arn = new_certificate.get_arn(account_id) elb.update_listeners(account_id, region, elb_name, [(from_port, to_port, protocol, arn)], [from_port]) sys.stdout.write("[+] Updated {0} to use {1}\n".format(elb_name, new_certificate.name))
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return new, updated for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port( endpoint["dnsname"], endpoint["port"]) certificate_name = endpoint.pop("certificate_name") endpoint["certificate"] = certificate_service.get_by_name( certificate_name) if not endpoint["certificate"]: current_app.logger.error( "Certificate Not Found. Name: {0} Endpoint: {1}".format( certificate_name, endpoint["name"])) continue policy = endpoint.pop("policy") policy_ciphers = [] for nc in policy["ciphers"]: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy["ciphers"] = policy_ciphers endpoint["policy"] = endpoint_service.get_or_create_policy(**policy) endpoint["source"] = source if not exists: current_app.logger.debug( "Endpoint Created: Name: {name}".format(name=endpoint["name"])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format(source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning("Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'".format(source.label)) return for endpoint in endpoints: exists = endpoint_service.get_by_dnsname(endpoint['dnsname']) certificate_name = endpoint.pop('certificate_name', None) certificate = endpoint.pop('certificate', None) if certificate_name: current_app.logger.debug(certificate_name) cert = cert_service.get_by_name(certificate_name) elif certificate: cert = cert_service.get_by_body(certificate['body']) if not cert: cert = cert_service.import_certificate(**certificate) if not cert: current_app.logger.error( "Unable to find associated certificate, be sure that certificates are sync'ed before endpoints") continue endpoint['certificate'] = cert policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append(endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) if not exists: endpoint_service.create(**endpoint) new += 1 else: endpoint_service.update(exists.id, **endpoint) updated += 1 _disassociate_endpoints_from_source(endpoints, source)
def validate_certificate(certificate_name): """ Ensuring that the specified certificate exists. :param certificate_name: :return: """ if certificate_name: cert = get_by_name(certificate_name) if not cert: print("[-] No certificate found with name: {0}".format(certificate_name)) sys.exit(1) return cert
def sync_certificates(source, user): new, updated = 0, 0 current_app.logger.debug("Retrieving certificates from {0}".format( source.label)) s = plugins.get(source.plugin_name) certificates = s.get_certificates(source.options) for certificate in certificates: exists = False if certificate.get("search", None): conditions = certificate.pop("search") exists = certificate_service.get_by_attributes(conditions) if not exists and certificate.get("name"): result = certificate_service.get_by_name(certificate["name"]) if result: exists = [result] if not exists and certificate.get("serial"): exists = certificate_service.get_by_serial(certificate["serial"]) if not exists: cert = parse_certificate(certificate["body"]) matching_serials = certificate_service.get_by_serial(serial(cert)) exists = find_matching_certificates_by_hash(cert, matching_serials) if not certificate.get("owner"): certificate["owner"] = user.email certificate["creator"] = user exists = [x for x in exists if x] if not exists: certificate_create(certificate, source) new += 1 else: for e in exists: if certificate.get("external_id"): e.external_id = certificate["external_id"] if certificate.get("authority_id"): e.authority_id = certificate["authority_id"] certificate_update(e, source) updated += 1 return new, updated
def sync_certificates(source, user): new, updated = 0, 0 current_app.logger.debug("Retrieving certificates from {0}".format(source.label)) s = plugins.get(source.plugin_name) certificates = s.get_certificates(source.options) for certificate in certificates: exists = False if certificate.get('search', None): conditions = certificate.pop('search') exists = certificate_service.get_by_attributes(conditions) if not exists and certificate.get('name'): result = certificate_service.get_by_name(certificate['name']) if result: exists = [result] if not exists and certificate.get('serial'): exists = certificate_service.get_by_serial(certificate['serial']) if not exists: cert = parse_certificate(certificate['body']) matching_serials = certificate_service.get_by_serial(serial(cert)) exists = find_matching_certificates_by_hash(cert, matching_serials) if not certificate.get('owner'): certificate['owner'] = user.email certificate['creator'] = user exists = [x for x in exists if x] if not exists: certificate_create(certificate, source) new += 1 else: for e in exists: if certificate.get('external_id'): e.external_id = certificate['external_id'] if certificate.get('authority_id'): e.authority_id = certificate['authority_id'] certificate_update(e, source) updated += 1 return new, updated
def sync_endpoints(source): new, updated = 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format(source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning("Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'".format(source.label)) return new, updated for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port(endpoint['dnsname'], endpoint['port']) certificate_name = endpoint.pop('certificate_name') endpoint['certificate'] = certificate_service.get_by_name(certificate_name) if not endpoint['certificate']: current_app.logger.error( "Certificate Not Found. Name: {0} Endpoint: {1}".format(certificate_name, endpoint['name'])) continue policy = endpoint.pop('policy') policy_ciphers = [] for nc in policy['ciphers']: policy_ciphers.append(endpoint_service.get_or_create_cipher(name=nc)) policy['ciphers'] = policy_ciphers endpoint['policy'] = endpoint_service.get_or_create_policy(**policy) endpoint['source'] = source if not exists: current_app.logger.debug("Endpoint Created: Name: {name}".format(name=endpoint['name'])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated
def reissue(old_certificate_name, commit=False): old_cert = get_by_name(old_certificate_name) if not old_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if commit: print("[!] Running in COMMIT mode.") details = get_certificate_primitives(old_cert) print_certificate_details(details) if commit: new_cert = reissue_certificate(old_cert, replace=True) print("[+] Issued new certificate named: {0}".format(new_cert.name)) print("[+] Done!")
def clean(source): s = plugins.get(source.plugin_name) try: certificates = s.clean(source.options) except NotImplementedError: current_app.logger.warning( "Cannot clean source: {0}, source plugin does not implement 'clean()'" .format(source.label)) return for certificate in certificates: cert = cert_service.get_by_name(certificate) if cert: current_app.logger.warning( "Removed {0} from source {1} during cleaning".format( cert.name, source.label)) cert.sources.remove(source)
def find_cert(certificate): if not certificate.get("name"): # certificate must have a name return False, 0 matched_cert = certificate_service.get_by_name(certificate["name"]) if not matched_cert: # no cert with the same name found return False, 0 # check hash of matched cert cert = parse_certificate(certificate["body"]) exists = find_matching_certificates_by_hash(cert, [matched_cert]) if not exists: raise Exception( f"A certificate with the same name {certificate['name']} already exists with a different hash" ) return exists, len(exists)
def sync_certificates(source, user): new, updated = 0, 0 current_app.logger.debug("Retrieving certificates from {0}".format( source.label)) s = plugins.get(source.plugin_name) certificates = s.get_certificates(source.options) for certificate in certificates: exists = False if certificate.get('name'): result = certificate_service.get_by_name(certificate['name']) if result: exists = [result] if not exists and certificate.get('serial'): exists = certificate_service.get_by_serial(certificate['serial']) if not exists: cert = parse_certificate(certificate['body']) exists = certificate_service.get_by_serial(serial(cert)) if not certificate.get('owner'): certificate['owner'] = user.email certificate['creator'] = user exists = [x for x in exists if x] if not exists: certificate_create(certificate, source) new += 1 else: for e in exists: if certificate.get('external_id'): e.external_id = certificate['external_id'] if certificate.get('authority_id'): e.authority_id = certificate['authority_id'] certificate_update(e, source) updated += 1 return new, updated
def clean(source): s = plugins.get(source.plugin_name) try: certificates = s.clean(source.options) except NotImplemented: current_app.logger.warning("Cannot clean source: {0}, source plugin does not implement 'clean()'".format( source.label )) return for certificate in certificates: current_app.logger.debug(certificate) cert = cert_service.get_by_name(certificate) if cert: current_app.logger.warning("Removed {0} from source {1} during cleaning".format( cert.name, source.label )) cert.sources.remove(source)
def reissue(old_certificate_name, commit=False): from lemur.certificates.service import get_by_name, reissue_certificate, get_certificate_primitives old_cert = get_by_name(old_certificate_name) if not old_cert: sys.stdout.write("[-] No certificate found with name: {0}\n".format( old_certificate_name)) sys.exit(1) if commit: sys.stdout.write("[!] Running in COMMIT mode.\n") details = get_certificate_primitives(old_cert) print_certificate_details(details) if commit: new_cert = reissue_certificate(old_cert, replace=True) sys.stdout.write("[+] Issued new certificate named: {0}\n".format( new_cert.name)) sys.stdout.write("[+] Done! \n")
def find_cert(certificate): updated_by_hash = 0 exists = False if certificate.get("search", None): conditions = certificate.pop("search") exists = certificate_service.get_by_attributes(conditions) if not exists and certificate.get("name"): result = certificate_service.get_by_name(certificate["name"]) if result: exists = [result] if not exists and certificate.get("serial"): exists = certificate_service.get_by_serial(certificate["serial"]) if not exists: cert = parse_certificate(certificate["body"]) matching_serials = certificate_service.get_by_serial(serial(cert)) exists = find_matching_certificates_by_hash(cert, matching_serials) updated_by_hash += 1 exists = [x for x in exists if x] return exists, updated_by_hash
def reissue(old_certificate_name, validity_start, validity_end, commit): """ Reissues certificate with the same parameters as it was originally issued with. If not time period is provided, reissues certificate as valid from today to today + length of original. """ old_cert = get_by_name(old_certificate_name) if not old_cert: print("[-] No certificate found with name: {0}".format( old_certificate_name)) sys.exit(1) if commit: print("[!] Running in COMMIT mode.") details = get_certificate_primitives(old_cert) print_certificate_details(details) if commit: new_cert = reissue_certificate(old_cert, replace=True) print("[+] Issued new certificate named: {0}".format(new_cert.name)) print("[+] Done!")
def sync_endpoints(source): new, updated, updated_by_hash = 0, 0, 0 current_app.logger.debug("Retrieving endpoints from {0}".format( source.label)) s = plugins.get(source.plugin_name) try: endpoints = s.get_endpoints(source.options) except NotImplementedError: current_app.logger.warning( "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'" .format(source.label)) return new, updated, updated_by_hash for endpoint in endpoints: exists = endpoint_service.get_by_dnsname_and_port( endpoint["dnsname"], endpoint["port"]) certificate_name = endpoint.pop("certificate_name") endpoint["certificate"] = certificate_service.get_by_name( certificate_name) # if get cert by name failed, we attempt a search via serial number and hash comparison # and link the endpoint certificate to Lemur certificate if not endpoint["certificate"]: certificate_attached_to_endpoint = None try: certificate_attached_to_endpoint = s.get_certificate_by_name( certificate_name, source.options) except NotImplementedError: current_app.logger.warning( "Unable to describe server certificate for endpoints in source {0}:" " plugin has not implemented 'get_certificate_by_name'". format(source.label)) sentry.captureException() if certificate_attached_to_endpoint: lemur_matching_cert, updated_by_hash_tmp = find_cert( certificate_attached_to_endpoint) updated_by_hash += updated_by_hash_tmp if lemur_matching_cert: endpoint["certificate"] = lemur_matching_cert[0] if len(lemur_matching_cert) > 1: current_app.logger.error( "Too Many Certificates Found{0}. Name: {1} Endpoint: {2}" .format(len(lemur_matching_cert), certificate_name, endpoint["name"])) metrics.send("endpoint.certificate.conflict", "gauge", len(lemur_matching_cert), metric_tags={ "cert": certificate_name, "endpoint": endpoint["name"], "acct": s.get_option("accountNumber", source.options) }) if not endpoint["certificate"]: current_app.logger.error({ "message": "Certificate Not Found", "certificate_name": certificate_name, "endpoint_name": endpoint["name"], "dns_name": endpoint.get("dnsname"), "account": s.get_option("accountNumber", source.options), }) metrics.send("endpoint.certificate.not.found", "counter", 1, metric_tags={ "cert": certificate_name, "endpoint": endpoint["name"], "acct": s.get_option("accountNumber", source.options), "dnsname": endpoint.get("dnsname") }) continue policy = endpoint.pop("policy") policy_ciphers = [] for nc in policy["ciphers"]: policy_ciphers.append( endpoint_service.get_or_create_cipher(name=nc)) policy["ciphers"] = policy_ciphers endpoint["policy"] = endpoint_service.get_or_create_policy(**policy) endpoint["source"] = source if not exists: current_app.logger.debug( "Endpoint Created: Name: {name}".format(name=endpoint["name"])) endpoint_service.create(**endpoint) new += 1 else: current_app.logger.debug("Endpoint Updated: {}".format(endpoint)) endpoint_service.update(exists.id, **endpoint) updated += 1 return new, updated, updated_by_hash
def test_get_by_name(session, certificate): from lemur.certificates.service import get_by_name found = get_by_name(certificate.name) assert found