def create(**kwargs): """ Creates a new certificate. """ from lemur.notifications import service as notification_service cert, private_key, cert_chain = mint(kwargs) cert.owner = kwargs["owner"] database.create(cert) cert.description = kwargs["description"] g.user.certificates.append(cert) database.update(g.user) # do this after the certificate has already been created because if it fails to upload to the third party # we do not want to lose the certificate information. database.update_list(cert, "destinations", Destination, kwargs.get("destinations")) database.update_list(cert, "notifications", Notification, kwargs.get("notifications")) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get("notifications"): notification_name = "DEFAULT_{0}".format(cert.owner.split("@")[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = "DEFAULT_SECURITY" notifications += notification_service.create_default_expiration_notifications( notification_name, current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") ) cert.notifications = notifications database.update(cert) return cert
def get_or_create_cipher(**kwargs): cipher = database.get(Cipher, kwargs['name'], field='name') if not cipher: cipher = Cipher(**kwargs) database.create(cipher) return cipher
def get_or_create_policy(**kwargs): policy = database.get(Policy, kwargs['name'], field='name') if not policy: policy = Policy(**kwargs) database.create(policy) return policy
def create(**kwargs): """ Creates a new rotation policy. :param kwargs: :return: """ policy = RotationPolicy(**kwargs) database.create(policy) return policy
def create(**kwargs): """ Creates a new endpoint. :param kwargs: :return: """ endpoint = Endpoint(**kwargs) database.create(endpoint) metrics.send('endpoint_added', 'counter', 1) return endpoint
def create(**kwargs): """ Creates a new endpoint. :param kwargs: :return: """ endpoint = Endpoint(**kwargs) database.create(endpoint) metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label}) return endpoint
def create(**kwargs): """ Creates a new authority. """ body, private_key, chain, roles = mint(**kwargs) kwargs['creator'].roles = list(set(list(kwargs['creator'].roles) + roles)) kwargs['body'] = body kwargs['private_key'] = private_key kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = upload(**kwargs) kwargs['authority_certificate'] = cert if kwargs.get('plugin', {}).get('plugin_options', []): kwargs['options'] = json.dumps(kwargs['plugin']['plugin_options']) authority = Authority(**kwargs) authority = database.create(authority) kwargs['creator'].authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs.get('private_key'): private_key = kwargs['private_key'] if not isinstance(private_key, bytes): kwargs['private_key'] = private_key.encode('utf-8') cert = Certificate(**kwargs) cert = database.create(cert) kwargs['creator'].certificates.append(cert) cert = database.update(cert) certificate_imported.send(certificate=cert, authority=cert.authority) return cert
def create(account_number, domains, dns_provider_type, options=None): """ Creates a new dns authorization. """ authorization = Authorization(account_number, domains, dns_provider_type, options) return database.create(authorization)
def import_certificate(**kwargs): """ Uploads already minted certificates and pulls the required information into Lemur. This is to be used for certificates that are created outside of Lemur but should still be tracked. Internally this is used to bootstrap Lemur with external certificates, and used when certificates are 'discovered' through various discovery techniques. was still in aws. :param kwargs: """ from lemur.users import service as user_service from lemur.notifications import service as notification_service cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate']) # TODO future source plugins might have a better understanding of who the 'owner' is we should support this cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0]) cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody')) # NOTE existing certs may not follow our naming standard we will # overwrite the generated name with the actual cert name if kwargs.get('name'): cert.name = kwargs.get('name') if kwargs.get('user'): cert.user = kwargs.get('user') notification_name = 'DEFAULT_SECURITY' notifications = notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications cert = database.create(cert) return cert
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, private_key, chain, roles = mint(**kwargs) g.user.roles = list(set(list(g.user.roles) + roles)) kwargs['body'] = body kwargs['private_key'] = private_key kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, chain, roles = mint(**kwargs) kwargs['body'] = body kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs['type'] == 'subca': description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format(kwargs.get('name'), kwargs.get('parent')) else: description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('name') ) kwargs['description'] = description cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def create(name, sensitive): """ Create a new domain :param name: :param sensitive: :return: """ domain = Domain(name=name, sensitive=sensitive) return database.create(domain)
def create(kwargs): """ Create a new authority. :rtype : Authority :return: """ issuer = plugins.get(kwargs.get('pluginName')) kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert = Certificate(cert_body, chain=intermediate) cert.owner = kwargs['ownerEmail'] cert.description = "This is the ROOT certificate for the {0} certificate authority".format(kwargs.get('caName')) cert.user = g.current_user cert.notifications = notification_service.create_default_expiration_notifications( 'DEFAULT_SECURITY', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') ) # we create and attach any roles that the issuer gives us role_objs = [] for r in issuer_roles: role = role_service.create( r['name'], password=r['password'], description="{0} auto generated role".format(kwargs.get('pluginName')), username=r['username']) # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) role_objs.append(role) authority = Authority( kwargs.get('caName'), kwargs['ownerEmail'], kwargs['pluginName'], cert_body, description=kwargs['caDescription'], chain=intermediate, roles=role_objs ) database.update(cert) authority = database.create(authority) g.current_user.authorities.append(authority) return authority
def create(label, plugin_name, options, description=None): """ Creates a new source, that can then be used as a source for certificates. :param label: Source common name :param description: :rtype : Source :return: New source """ source = Source(label=label, options=options, plugin_name=plugin_name, description=description) return database.create(source)
def create(label, plugin_name, options, description=None): """ Creates a new destination, that can then be used as a destination for certificates. :param label: Destination common name :param description: :rtype : Destination :return: New destination """ destination = Destination(label=label, options=options, plugin_name=plugin_name, description=description) return database.create(destination)
def run(self, elb_list, chain_path, cert_name, cert_prefix, description): for e in open(elb_list, 'r').readlines(): elb_name, account_id, region, from_port, to_port, protocol = e.strip().split(',') if cert_name: arn = "arn:aws:iam::{0}:server-certificate/{1}".format(account_id, cert_name) else: # if no cert name is provided we need to discover it listeners = elb.get_listeners(account_id, region, elb_name) # get the listener we care about for listener in listeners: if listener[0] == int(from_port) and listener[1] == int(to_port): arn = listener[4] name = get_name_from_arn(arn) certificate = cert_service.get_by_name(name) break else: sys.stdout.write("[-] Could not find ELB {0}".format(elb_name)) continue if not certificate: sys.stdout.write("[-] Could not find certificate {0} in Lemur".format(name)) continue dests = [] for d in certificate.destinations: dests.append({'id': d.id}) nots = [] for n in certificate.notifications: nots.append({'id': n.id}) new_certificate = database.clone(certificate) if cert_prefix: new_certificate.name = "{0}-{1}".format(cert_prefix, new_certificate.name) new_certificate.chain = open(chain_path, 'r').read() new_certificate.description = "{0} - {1}".format(new_certificate.description, description) new_certificate = database.create(new_certificate) database.update_list(new_certificate, 'destinations', Destination, dests) database.update_list(new_certificate, 'notifications', Notification, nots) database.update(new_certificate) arn = new_certificate.get_arn(account_id) elb.update_listeners(account_id, region, elb_name, [(from_port, to_port, protocol, arn)], [from_port]) sys.stdout.write("[+] Updated {0} to use {1}\n".format(elb_name, new_certificate.name))
def create(**kwargs): """ Creates a new certificate. """ from lemur.notifications import service as notification_service cert, private_key, cert_chain = mint(kwargs) cert.owner = kwargs['owner'] # we override the generated name if one is provided if kwargs.get('name'): cert.name = kwargs['name'] database.create(cert) cert.description = kwargs.get('description') g.user.certificates.append(cert) database.update(g.user) # do this after the certificate has already been created because if it fails to upload to the third party # we do not want to lose the certificate information. database.update_list(cert, 'destinations', Destination, kwargs['destinations']) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) database.update_list(cert, 'notifications', Notification, kwargs['notifications']) # create default notifications for this certificate if none are provided notifications = cert.notifications if not kwargs.get('notifications'): notification_name = "DEFAULT_{0}".format(cert.owner.split('@')[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = 'DEFAULT_SECURITY' notifications += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications database.update(cert) metrics.send('certificate_issued', 'counter', 1, metric_tags=dict(owner=cert.owner, issuer=cert.issuer)) return cert
def create(label, plugin_name, options, description, certificates): """ Creates a new destination, that can then be used as a destination for certificates. :param label: Notification common name :param plugin_name: :param options: :param description: :rtype : Notification :return: """ notification = Notification(label=label, options=options, plugin_name=plugin_name, description=description) notification = database.update_list(notification, 'certificates', Certificate, certificates) return database.create(notification)
def create(label, plugin_name, options, description, certificates): """ Creates a new notification. :param label: Notification label :param plugin_name: :param options: :param description: :param certificates: :rtype : Notification :return: """ notification = Notification(label=label, options=options, plugin_name=plugin_name, description=description) notification.certificates = certificates return database.create(notification)
def create(label, plugin_name, options, description=None): """ Creates a new destination, that can then be used as a destination for certificates. :param label: Destination common name :param description: :rtype : Destination :return: New destination """ # remove any sub-plugin objects before try to save the json options for option in options: if 'plugin' in option['type']: del option['value']['plugin_object'] destination = Destination(label=label, options=options, plugin_name=plugin_name, description=description) return database.create(destination)
def create(name, password=None, description=None, username=None, users=None): """ Create a new role :param name: :param users: :param description: :param username: :param password: :return: """ role = Role(name=name, description=description, username=username, password=password) if users: role.users = users return database.create(role)
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = Certificate(**kwargs) cert = database.create(cert) g.user.certificates.append(cert) database.update(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get("roles"): kwargs["roles"] += roles else: kwargs["roles"] = roles cert = Certificate(**kwargs) cert.authority = kwargs.get("authority") cert = database.create(cert) kwargs["creator"].certificates.append(cert) cert = database.update(cert) certificate_imported.send(certificate=cert, authority=cert.authority) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = Certificate(**kwargs) cert.authority = kwargs.get('authority') cert = database.create(cert) kwargs['creator'].certificates.append(cert) cert = database.update(cert) certificate_imported.send(certificate=cert, authority=cert.authority) return cert
def import_certificate(**kwargs): """ Uploads already minted certificates and pulls the required information into Lemur. This is to be used for certificates that are created outside of Lemur but should still be tracked. Internally this is used to bootstrap Lemur with external certificates, and used when certificates are 'discovered' through various discovery techniques. was still in aws. :param kwargs: """ from lemur.users import service as user_service from lemur.notifications import service as notification_service cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate']) # TODO future source plugins might have a better understanding of who the 'owner' is we should support this cert.owner = kwargs.get( 'owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0]) cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody')) # NOTE existing certs may not follow our naming standard we will # overwrite the generated name with the actual cert name if kwargs.get('name'): cert.name = kwargs.get('name') if kwargs.get('user'): cert.user = kwargs.get('user') notification_name = 'DEFAULT_SECURITY' notifications = notification_service.create_default_expiration_notifications( notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) cert.notifications = notifications cert = database.create(cert) return cert
def create(**kwargs): """ Creates a new authority. """ ca_name = kwargs.get("name") if get_by_name(ca_name): raise Exception(f"Authority with name {ca_name} already exists") if role_service.get_by_name( f"{ca_name}_admin") or role_service.get_by_name( f"{ca_name}_operator"): raise Exception( f"Admin and/or operator roles for authority {ca_name} already exist" ) body, private_key, chain, roles = mint(**kwargs) kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles)) kwargs["body"] = body kwargs["private_key"] = private_key kwargs["chain"] = chain if kwargs.get("roles"): kwargs["roles"] += roles else: kwargs["roles"] = roles cert = upload(**kwargs) kwargs["authority_certificate"] = cert if kwargs.get("plugin", {}).get("plugin_options", []): kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"]) authority = Authority(**kwargs) authority = database.create(authority) kwargs["creator"].authorities.append(authority) metrics.send("authority_created", "counter", 1, metric_tags=dict(owner=authority.owner)) return authority
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = Certificate(**kwargs) cert = database.create(cert) try: g.user.certificates.append(cert) except AttributeError: current_app.logger.debug("No user to associate uploaded certificate to.") return database.update(cert)
def create(username, password, email, active, profile_picture, roles): """ Create a new user :param username: :param password: :param email: :param active: :param profile_picture: :param roles: :return: """ user = User( password=password, username=username, email=email, active=active, profile_picture=profile_picture, ) user.roles = roles return database.create(user)
def create(label, plugin_name, options, description=None): """ Creates a new destination, that can then be used as a destination for certificates. :param label: Destination common name :param description: :rtype : Destination :return: New destination """ # remove any sub-plugin objects before try to save the json options for option in options: if 'plugin' in option['type']: del option['value']['plugin_object'] destination = Destination(label=label, options=options, plugin_name=plugin_name, description=description) current_app.logger.info("Destination: %s created", label) # add the destination as source, to avoid new destinations that are not in source, as long as an AWS destination if add_aws_destination_to_sources(destination): current_app.logger.info("Source: %s created", label) return database.create(destination)
def create(username, password, email, active, profile_picture, roles): """ Create a new user :param username: :param password: :param email: :param active: :param profile_picture: :param roles: :return: """ user = User( password=password, username=username, email=email, active=active, profile_picture=profile_picture, ) user.roles = roles log_service.audit_log("create_user", username, "Creating new user") return database.create(user)
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs.get('private_key'): private_key = kwargs['private_key'] if not isinstance(private_key, bytes): kwargs['private_key'] = private_key.encode('utf-8') cert = Certificate(**kwargs) cert = database.create(cert) kwargs['creator'].certificates.append(cert) return database.update(cert)
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate( kwargs.get('public_cert'), kwargs.get('private_key'), kwargs.get('intermediate_cert'), ) # we override the generated name if one is provided if kwargs.get('name'): cert.name = kwargs['name'] cert.description = kwargs.get('description') cert.owner = kwargs['owner'] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, 'destinations', Destination, kwargs.get('destinations')) database.update_list(cert, 'notifications', Notification, kwargs.get('notifications')) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get('notifications'): notification_name = "DEFAULT_{0}".format(cert.owner.split('@')[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = 'DEFAULT_SECURITY' notifications += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications database.update(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate( kwargs.get('public_cert'), kwargs.get('private_key'), kwargs.get('intermediate_cert'), ) # we override the generated name if one is provided if kwargs.get('name'): cert.name = kwargs['name'] cert.description = kwargs.get('description') cert.owner = kwargs['owner'] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, 'destinations', Destination, kwargs['destinations']) database.update_list(cert, 'notifications', Notification, kwargs['notifications']) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get('notifications'): notification_name = "DEFAULT_{0}".format(cert.owner.split('@')[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = 'DEFAULT_SECURITY' notifications += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications database.update(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.users import service as user_service roles = create_certificate_roles(**kwargs) if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = Certificate(**kwargs) cert = database.create(cert) try: g.user.certificates.append(cert) except AttributeError: user = user_service.get_by_email('lemur@nobody') user.certificates.append(cert) return database.update(cert)
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, chain, roles = mint(**kwargs) kwargs['body'] = body kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs['type'] == 'subca': description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format( kwargs.get('name'), kwargs.get('parent')) else: description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('name')) kwargs['description'] = description cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate(kwargs.get("public_cert"), kwargs.get("private_key"), kwargs.get("intermediate_cert")) # we override the generated name if one is provided if kwargs.get("name"): cert.name = kwargs["name"] cert.description = kwargs.get("description") cert.owner = kwargs["owner"] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, "destinations", Destination, kwargs.get("destinations")) database.update_list(cert, "notifications", Notification, kwargs.get("notifications")) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get("notifications"): notification_name = "DEFAULT_{0}".format(cert.owner.split("@")[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = "DEFAULT_SECURITY" notifications += notification_service.create_default_expiration_notifications( notification_name, current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") ) cert.notifications = notifications database.update(cert) return cert
def create(label, plugin_name, options, description=None): """ Creates a new destination, that can then be used as a destination for certificates. :param label: Destination common name :param description: :rtype : Destination :return: New destination """ # remove any sub-plugin objects before try to save the json options for option in options: if "plugin" in option["type"]: del option["value"]["plugin_object"] destination = Destination( label=label, options=options, plugin_name=plugin_name, description=description ) current_app.logger.info("Destination: %s created", label) # add the destination as source, to avoid new destinations that are not in source, as long as an AWS destination if add_aws_destination_to_sources(destination): current_app.logger.info("Source: %s created", label) return database.create(destination)
def run(self, elb_list, chain_path, cert_name, cert_prefix, description): for e in open(elb_list, 'r').readlines(): elb_name, account_id, region, from_port, to_port, protocol = e.strip( ).split(',') if cert_name: arn = "arn:aws:iam::{0}:server-certificate/{1}".format( account_id, cert_name) else: # if no cert name is provided we need to discover it listeners = elb.get_listeners(account_id, region, elb_name) # get the listener we care about for listener in listeners: if listener[0] == int(from_port) and listener[1] == int( to_port): arn = listener[4] name = get_name_from_arn(arn) certificate = cert_service.get_by_name(name) break else: sys.stdout.write( "[-] Could not find ELB {0}".format(elb_name)) continue if not certificate: sys.stdout.write( "[-] Could not find certificate {0} in Lemur".format( name)) continue dests = [] for d in certificate.destinations: dests.append({'id': d.id}) nots = [] for n in certificate.notifications: nots.append({'id': n.id}) new_certificate = database.clone(certificate) if cert_prefix: new_certificate.name = "{0}-{1}".format( cert_prefix, new_certificate.name) new_certificate.chain = open(chain_path, 'r').read() new_certificate.description = "{0} - {1}".format( new_certificate.description, description) new_certificate = database.create(new_certificate) database.update_list(new_certificate, 'destinations', Destination, dests) database.update_list(new_certificate, 'notifications', Notification, nots) database.update(new_certificate) arn = new_certificate.get_arn(account_id) elb.update_listeners(account_id, region, elb_name, [(from_port, to_port, protocol, arn)], [from_port]) sys.stdout.write("[+] Updated {0} to use {1}\n".format( elb_name, new_certificate.name))
def create(kwargs): """ Create a new authority. :rtype : Authority :return: """ issuer = plugins.get(kwargs.get('pluginName')) kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert = Certificate(cert_body, chain=intermediate) cert.owner = kwargs['ownerEmail'] if kwargs['caType'] == 'subca': cert.description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format(kwargs.get('caName'), kwargs.get('caParent')) else: cert.description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('caName') ) cert.user = g.current_user cert.notifications = notification_service.create_default_expiration_notifications( 'DEFAULT_SECURITY', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') ) # we create and attach any roles that the issuer gives us role_objs = [] for r in issuer_roles: role = role_service.create( r['name'], password=r['password'], description="{0} auto generated role".format(kwargs.get('pluginName')), username=r['username']) # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) role_objs.append(role) authority = Authority( kwargs.get('caName'), kwargs['ownerEmail'], kwargs['pluginName'], cert_body, description=kwargs['caDescription'], chain=intermediate, roles=role_objs ) database.update(cert) authority = database.create(authority) g.current_user.authorities.append(authority) return authority