def request_rotation(endpoint, certificate, message, commit):
"""
Rotates a certificate and handles any exceptions during
execution.
:param endpoint:
:param certificate:
:param message:
:param commit:
:return:
"""
if commit:
try:
deployment_service.rotate_certificate(endpoint, certificate)
metrics.send('endpoint_rotation_success', 'counter', 1)
if message:
send_rotation_notification(certificate)
except Exception as e:
metrics.send('endpoint_rotation_failure', 'counter', 1)
print(
"[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format(
endpoint.name,
certificate.name,
e
)
)
def request_rotation(endpoint, certificate, message, commit):
"""
Rotates a certificate and handles any exceptions during
execution.
:param endpoint:
:param certificate:
:param message:
:param commit:
:return:
"""
status = FAILURE_METRIC_STATUS
if commit:
try:
deployment_service.rotate_certificate(endpoint, certificate)
if message:
send_rotation_notification(certificate)
status = SUCCESS_METRIC_STATUS
except Exception as e:
print(
"[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}"
.format(endpoint.name, certificate.name, e))
metrics.send("endpoint_rotation",
"counter",
1,
metric_tags={"status": status})
def request_rotation(endpoint, certificate, message, commit):
"""
Rotates a certificate and handles any exceptions during
execution.
:param endpoint:
:param certificate:
:param message:
:param commit:
:return:
"""
if commit:
try:
deployment_service.rotate_certificate(endpoint, certificate)
metrics.send('endpoint_rotation_success', 'counter', 1)
if message:
send_rotation_notification(certificate)
except Exception as e:
metrics.send('endpoint_rotation_failure', 'counter', 1)
print(
"[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format(
endpoint.name,
certificate.name,
e
)
)
def request_rotation(endpoint, certificate, message, commit):
"""
Rotates a certificate and handles any exceptions during
execution.
:param endpoint:
:param certificate:
:param message:
:param commit:
:return:
"""
status = FAILURE_METRIC_STATUS
if commit:
try:
deployment_service.rotate_certificate(endpoint, certificate)
if message:
send_rotation_notification(certificate)
status = SUCCESS_METRIC_STATUS
except Exception as e:
print(
"[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format(
endpoint.name,
certificate.name,
e
)
)
metrics.send('endpoint_rotation', 'counter', 1, metric_tags={'status': status})
def test_send_rotation_notification(notification_plugin, certificate):
from lemur.notifications.messaging import send_rotation_notification
verify_sender_email()
new_cert = CertificateFactory()
new_cert.replaces.append(certificate)
assert send_rotation_notification(new_cert)
new_cert.endpoints = [EndpointFactory()]
assert send_rotation_notification(new_cert)
def reissue_and_rotate(old_certificate,
new_certificate=None,
commit=False,
message=False):
if not new_certificate:
# we don't want to re-issue if it's already been replaced
if not old_certificate.replaced:
details = get_certificate_primitives(old_certificate)
print_certificate_details(details)
if commit:
new_certificate = reissue_certificate(old_certificate,
replace=True)
print("[+] Issued new certificate named: {0}".format(
new_certificate.name))
time.sleep(10)
print(
"[!] Sleeping to ensure that certificate propagates before rotating."
)
else:
new_certificate = old_certificate
print("[+] Done!")
else:
if len(old_certificate.replaced) > 1:
raise Exception(
"Unable to rotate certificate based on replacement, found more than one!"
)
else:
new_certificate = old_certificate.replaced[0]
print("[!] Certificate has been replaced by: {0}".format(
old_certificate.replaced[0].name))
if len(old_certificate.endpoints) > 0:
for endpoint in old_certificate.endpoints:
print(
"[+] Certificate deployed on endpoint: name:{name} dnsname:{dnsname} port:{port} type:{type}"
.format(name=endpoint.name,
dnsname=endpoint.dnsname,
port=endpoint.port,
type=endpoint.type))
print("[+] Rotating certificate from: {0} to: {1}".format(
old_certificate.name, new_certificate.name))
if commit:
rotate_certificate(endpoint, new_certificate)
print("[+] Done!")
if message:
send_rotation_notification(old_certificate)
def test_send_rotation_notification(certificate, endpoint, source_plugin):
from lemur.notifications.messaging import send_rotation_notification
from lemur.deployment.service import rotate_certificate
new_certificate = CertificateFactory()
rotate_certificate(endpoint, new_certificate)
new_certificate.replaces.append(certificate)
assert endpoint.certificate == new_certificate
verify_sender_email()
assert send_rotation_notification(new_certificate)
new_certificate.endpoints = [EndpointFactory()]
assert send_rotation_notification(new_certificate)
def reissue_and_rotate(old_certificate,
new_certificate=None,
commit=False,
message=False):
if not new_certificate:
# we don't want to re-issue if it's already been replaced
if not old_certificate.replaced:
details = get_certificate_primitives(old_certificate)
print_certificate_details(details)
if commit:
new_certificate = reissue_certificate(old_certificate,
replace=True)
print("[+] Issued new certificate named: {0}".format(
new_certificate.name))
print("[+] Done!")
else:
new_certificate = old_certificate.replaced
print("[!] Certificate has been replaced by: {0}".format(
old_certificate.replaced.name))
if len(old_certificate.endpoints) > 0:
for endpoint in old_certificate.endpoints:
print(
"[+] Certificate deployed on endpoint: name:{name} dnsname:{dnsname} port:{port} type:{type}"
.format(name=endpoint.name,
dnsname=endpoint.dnsname,
port=endpoint.port,
type=endpoint.type))
print("[+] Rotating certificate from: {0} to: {1}".format(
old_certificate.name, new_certificate.name))
if commit:
rotate_certificate(endpoint, new_certificate)
print("[+] Done!")
if message:
send_rotation_notification(old_certificate)
def request_rotation(endpoint, certificate, message, commit):
"""
Rotates a certificate and handles any exceptions during
execution.
:param endpoint:
:param certificate:
:param message:
:param commit:
:return:
"""
status = FAILURE_METRIC_STATUS
if commit:
try:
deployment_service.rotate_certificate(endpoint, certificate)
if message:
send_rotation_notification(certificate)
status = SUCCESS_METRIC_STATUS
except Exception as e:
sentry.captureException(
extra={
"certificate_name": str(certificate.name),
"endpoint": str(endpoint.dnsname)
})
current_app.logger.exception(
f"Error rotating certificate: {certificate.name}",
exc_info=True)
print(
"[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}"
.format(endpoint.name, certificate.name, e))
metrics.send("endpoint_rotation",
"counter",
1,
metric_tags={
"status": status,
"certificate_name": str(certificate.name),
"endpoint": str(endpoint.dnsname)
})
def test_send_rotation_notification(notification_plugin, certificate):
from lemur.notifications.messaging import send_rotation_notification
assert send_rotation_notification(certificate,
notification_plugin=notification_plugin)
def test_send_rotation_notification(notification_plugin, certificate):
from lemur.notifications.messaging import send_rotation_notification
verify_sender_email()
assert send_rotation_notification(certificate)
def test_send_rotation_notification(notification_plugin, certificate):
from lemur.notifications.messaging import send_rotation_notification
send_rotation_notification(certificate, notification_plugin=notification_plugin)
