in lemur/manage.py [0:0]
def initialize_app(password):
"""
This command will bootstrap our database with any destinations as
specified by our config.
Additionally a Lemur user will be created as a default user
and be used when certificates are discovered by Lemur.
"""
create_all()
user = user_service.get_by_username("lemur")
admin_role = role_service.get_by_name("admin")
if admin_role:
click.echo("[-] Admin role already created, skipping...!")
else:
# we create an admin role
admin_role = role_service.create(
"admin", description="This is the Lemur administrator role."
)
click.echo("[+] Created 'admin' role")
operator_role = role_service.get_by_name("operator")
if operator_role:
click.echo("[-] Operator role already created, skipping...!")
else:
# we create an operator role
operator_role = role_service.create(
"operator", description="This is the Lemur operator role."
)
click.echo("[+] Created 'operator' role")
global_cert_issuer_role = role_service.get_by_name("global_cert_issuer")
if global_cert_issuer_role:
click.echo("[-] global_cert_issuer role already created, skipping...!")
else:
# we create a global_cert_issuer role
global_cert_issuer_role = role_service.create(
"global_cert_issuer", description="This is the Lemur global_cert_issuer role."
)
click.echo("[+] Created 'global_cert_issuer' role")
read_only_role = role_service.get_by_name("read-only")
if read_only_role:
click.echo("[-] Read only role already created, skipping...!")
else:
# we create an read only role
read_only_role = role_service.create(
"read-only", description="This is the Lemur read only role."
)
click.echo("[+] Created 'read-only' role")
if not user:
if not password:
click.echo("We need to set Lemur's password to continue!")
password = click.prompt("Password", hide_input=True)
password1 = click.prompt("Confirm Password", hide_input=True)
if password != password1:
click.echo("[!] Passwords do not match!")
sys.exit(1)
user_service.create(
"lemur", password, "lemur@nobody.com", True, None, [admin_role]
)
click.echo(
"[+] Created the user 'lemur' and granted it the 'admin' role!\n"
)
else:
click.echo(
"[-] Default user has already been created, skipping...!\n"
)
intervals = current_app.config.get(
"LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS", []
)
click.echo(
"[!] Creating {num} notifications for {intervals} days as specified by LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS".format(
num=len(intervals), intervals=",".join([str(x) for x in intervals])
)
)
recipients = current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL")
click.echo("[+] Creating expiration email notifications!")
click.echo(
"[!] Using {} as specified by LEMUR_SECURITY_TEAM_EMAIL for notifications".format(
recipients
)
)
notification_service.create_default_expiration_notifications(
"DEFAULT_SECURITY", recipients=recipients
)
_DEFAULT_ROTATION_INTERVAL = "default"
default_rotation_interval = policy_service.get_by_name(
_DEFAULT_ROTATION_INTERVAL
)
if default_rotation_interval:
click.echo(
"[-] Default rotation interval policy already created, skipping...!\n"
)
else:
days = current_app.config.get("LEMUR_DEFAULT_ROTATION_INTERVAL", 30)
click.echo(
"[+] Creating default certificate rotation policy of {days} days before issuance.".format(
days=days
)
)
policy_service.create(days=days, name=_DEFAULT_ROTATION_INTERVAL)
click.echo("[/] Done!")