def cleanup_after_revoke(certificate):
"""
Perform the needed cleanup for a revoked certificate. This includes -
1. Notify (if enabled)
2. Disabling notification
3. Disabling auto-rotation
4. Update certificate status to 'revoked'
5. Remove from AWS
:param certificate: Certificate object to modify and update in DB
:return: None
"""
try:
if certificate.notify:
send_revocation_notification(certificate)
except Exception:
capture_exception()
current_app.logger.warn(
f"Error sending revocation notification for certificate: {certificate.name}", exc_info=True
)
certificate.notify = False
certificate.rotation = False
certificate.status = 'revoked'
error_message = ""
for destination in list(certificate.destinations):
try:
remove_from_destination(certificate, destination)
certificate.destinations.remove(destination)
except Exception as e:
# This cleanup is the best-effort since certificate is already revoked at this point.
# We will capture the exception and move on to the next destination
capture_exception()
error_message = error_message + f"Failed to remove destination: {destination.label}. {str(e)}. "
database.update(certificate)
return error_message
def test_send_evocation_notification(notification_plugin, certificate):
from lemur.notifications.messaging import send_revocation_notification
verify_sender_email()
certificate.endpoints = [EndpointFactory()]
assert send_revocation_notification(certificate)
def test_send_revocation_notification(certificate, endpoint):
from lemur.notifications.messaging import send_revocation_notification
verify_sender_email()
certificate.endpoints = [endpoint]
assert send_revocation_notification(certificate)