def request_rotation(endpoint, certificate, message, commit): """ Rotates a certificate and handles any exceptions during execution. :param endpoint: :param certificate: :param message: :param commit: :return: """ if commit: try: deployment_service.rotate_certificate(endpoint, certificate) metrics.send('endpoint_rotation_success', 'counter', 1) if message: send_rotation_notification(certificate) except Exception as e: metrics.send('endpoint_rotation_failure', 'counter', 1) print( "[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format( endpoint.name, certificate.name, e ) )
def request_rotation(endpoint, certificate, message, commit): """ Rotates a certificate and handles any exceptions during execution. :param endpoint: :param certificate: :param message: :param commit: :return: """ status = FAILURE_METRIC_STATUS if commit: try: deployment_service.rotate_certificate(endpoint, certificate) if message: send_rotation_notification(certificate) status = SUCCESS_METRIC_STATUS except Exception as e: print( "[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}" .format(endpoint.name, certificate.name, e)) metrics.send("endpoint_rotation", "counter", 1, metric_tags={"status": status})
def request_rotation(endpoint, certificate, message, commit): """ Rotates a certificate and handles any exceptions during execution. :param endpoint: :param certificate: :param message: :param commit: :return: """ if commit: try: deployment_service.rotate_certificate(endpoint, certificate) metrics.send('endpoint_rotation_success', 'counter', 1) if message: send_rotation_notification(certificate) except Exception as e: metrics.send('endpoint_rotation_failure', 'counter', 1) print( "[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format( endpoint.name, certificate.name, e ) )
def request_rotation(endpoint, certificate, message, commit): """ Rotates a certificate and handles any exceptions during execution. :param endpoint: :param certificate: :param message: :param commit: :return: """ status = FAILURE_METRIC_STATUS if commit: try: deployment_service.rotate_certificate(endpoint, certificate) if message: send_rotation_notification(certificate) status = SUCCESS_METRIC_STATUS except Exception as e: print( "[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}".format( endpoint.name, certificate.name, e ) ) metrics.send('endpoint_rotation', 'counter', 1, metric_tags={'status': status})
def test_send_rotation_notification(notification_plugin, certificate): from lemur.notifications.messaging import send_rotation_notification verify_sender_email() new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert send_rotation_notification(new_cert) new_cert.endpoints = [EndpointFactory()] assert send_rotation_notification(new_cert)
def reissue_and_rotate(old_certificate, new_certificate=None, commit=False, message=False): if not new_certificate: # we don't want to re-issue if it's already been replaced if not old_certificate.replaced: details = get_certificate_primitives(old_certificate) print_certificate_details(details) if commit: new_certificate = reissue_certificate(old_certificate, replace=True) print("[+] Issued new certificate named: {0}".format( new_certificate.name)) time.sleep(10) print( "[!] Sleeping to ensure that certificate propagates before rotating." ) else: new_certificate = old_certificate print("[+] Done!") else: if len(old_certificate.replaced) > 1: raise Exception( "Unable to rotate certificate based on replacement, found more than one!" ) else: new_certificate = old_certificate.replaced[0] print("[!] Certificate has been replaced by: {0}".format( old_certificate.replaced[0].name)) if len(old_certificate.endpoints) > 0: for endpoint in old_certificate.endpoints: print( "[+] Certificate deployed on endpoint: name:{name} dnsname:{dnsname} port:{port} type:{type}" .format(name=endpoint.name, dnsname=endpoint.dnsname, port=endpoint.port, type=endpoint.type)) print("[+] Rotating certificate from: {0} to: {1}".format( old_certificate.name, new_certificate.name)) if commit: rotate_certificate(endpoint, new_certificate) print("[+] Done!") if message: send_rotation_notification(old_certificate)
def test_send_rotation_notification(certificate, endpoint, source_plugin): from lemur.notifications.messaging import send_rotation_notification from lemur.deployment.service import rotate_certificate new_certificate = CertificateFactory() rotate_certificate(endpoint, new_certificate) new_certificate.replaces.append(certificate) assert endpoint.certificate == new_certificate verify_sender_email() assert send_rotation_notification(new_certificate) new_certificate.endpoints = [EndpointFactory()] assert send_rotation_notification(new_certificate)
def reissue_and_rotate(old_certificate, new_certificate=None, commit=False, message=False): if not new_certificate: # we don't want to re-issue if it's already been replaced if not old_certificate.replaced: details = get_certificate_primitives(old_certificate) print_certificate_details(details) if commit: new_certificate = reissue_certificate(old_certificate, replace=True) print("[+] Issued new certificate named: {0}".format( new_certificate.name)) print("[+] Done!") else: new_certificate = old_certificate.replaced print("[!] Certificate has been replaced by: {0}".format( old_certificate.replaced.name)) if len(old_certificate.endpoints) > 0: for endpoint in old_certificate.endpoints: print( "[+] Certificate deployed on endpoint: name:{name} dnsname:{dnsname} port:{port} type:{type}" .format(name=endpoint.name, dnsname=endpoint.dnsname, port=endpoint.port, type=endpoint.type)) print("[+] Rotating certificate from: {0} to: {1}".format( old_certificate.name, new_certificate.name)) if commit: rotate_certificate(endpoint, new_certificate) print("[+] Done!") if message: send_rotation_notification(old_certificate)
def request_rotation(endpoint, certificate, message, commit): """ Rotates a certificate and handles any exceptions during execution. :param endpoint: :param certificate: :param message: :param commit: :return: """ status = FAILURE_METRIC_STATUS if commit: try: deployment_service.rotate_certificate(endpoint, certificate) if message: send_rotation_notification(certificate) status = SUCCESS_METRIC_STATUS except Exception as e: sentry.captureException( extra={ "certificate_name": str(certificate.name), "endpoint": str(endpoint.dnsname) }) current_app.logger.exception( f"Error rotating certificate: {certificate.name}", exc_info=True) print( "[!] Failed to rotate endpoint {0} to certificate {1} reason: {2}" .format(endpoint.name, certificate.name, e)) metrics.send("endpoint_rotation", "counter", 1, metric_tags={ "status": status, "certificate_name": str(certificate.name), "endpoint": str(endpoint.dnsname) })
def test_send_rotation_notification(notification_plugin, certificate): from lemur.notifications.messaging import send_rotation_notification assert send_rotation_notification(certificate, notification_plugin=notification_plugin)
def test_send_rotation_notification(notification_plugin, certificate): from lemur.notifications.messaging import send_rotation_notification verify_sender_email() assert send_rotation_notification(certificate)
def test_send_rotation_notification(notification_plugin, certificate): from lemur.notifications.messaging import send_rotation_notification send_rotation_notification(certificate, notification_plugin=notification_plugin)