lemur Package

lemur Package

constants Module

database Module

lemur.database.add(model)

Helper to add a model to the current session.

Parameters:model – Returns:

lemur.database.clone(model)

Clones the given model and removes it’s primary key :param model: :return:

lemur.database.commit()

Helper to commit the current session.

lemur.database.create(model)

Helper that attempts to create a new instance of an object.

Parameters:model – Returns:

raise IntegrityError:  

lemur.database.create_query(model, kwargs)

Returns a SQLAlchemy query object for specified model. Model filtered by the kwargs passed.

Parameters:

• model –
• kwargs –

Returns:

lemur.database.delete(model)

Helper that attempts to delete a model.

Parameters:model –

lemur.database.filter(query, model, terms)

Helper that searched for ‘like’ strings in column values.

Parameters:

• query –
• model –
• terms –

Returns:

lemur.database.filter_none(kwargs)

Remove all None values froma given dict. SQLAlchemy does not like to have values that are None passed to it.

Parameters:kwargs – Dict to filter Returns:Dict without any ‘None’ values

lemur.database.find_all(query, model, kwargs)

Returns a query object that ensures that all kwargs are present.

Parameters:

• query –
• model –
• kwargs –

Returns:

lemur.database.find_any(query, model, kwargs)

Returns a query object that allows any kwarg to be present.

Parameters:

• query –
• model –
• kwargs –

Returns:

lemur.database.get(model, value, field='id')

Returns one object filtered by the field and value.

Parameters:

• model –
• value –
• field –

Returns:

lemur.database.get_all(model, value, field='id')

Returns query object with the fields and value filtered.

Parameters:

• model –
• value –
• field –

Returns:

lemur.database.paginate(query, page, count)

Returns the items given the count and page specified

Parameters:

• query –
• page –
• count –

lemur.database.session_query(model)

Returns a SQLAlchemy query object for the specified model.

If model has a query attribute already, that object will be returned. Otherwise a query will be created and returned based on session.

Parameters:model – sqlalchemy model Returns:query object for model

lemur.database.sort(query, model, field, direction)

Returns objects of the specified model in the field and direction given

Parameters:

• query –
• model –
• field –
• direction –

lemur.database.sort_and_page(query, model, args)

Helper that allows us to combine sorting and paging

Parameters:

• query –
• model –
• args –

Returns:

lemur.database.update(model)

Helper that attempts to update a model.

Parameters:model – Returns:

lemur.database.update_list(model, model_attr, item_model, items)

Helper that correctly updates a models items depending on what has changed

Parameters:

• model_attr –
• item_model –
• items –
• model –

Returns:

decorators Module

lemur.decorators.crossdomain(origin=None, methods=None, headers=None, max_age=21600, attach_to_all=True, automatic_options=True)

exceptions Module

exception lemur.exceptions.AttrNotFound(field)

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.AuthenticationFailedException(remote_ip, user_agent)

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.CertificateUnavailable

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.DuplicateError(key)

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.IntegrityError(message)

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.InvalidListener

Bases: lemur.exceptions.LemurException

exception lemur.exceptions.InvalidToken

Bases: exceptions.Exception

exception lemur.exceptions.LemurException

Bases: exceptions.Exception

exception lemur.exceptions.NoEncryptionKeyFound

Bases: exceptions.Exception

exception lemur.exceptions.NoPersistanceFound

Bases: exceptions.Exception

extensions Module

factory Module

lemur.factory.configure_app(app, config=None)

Different ways of configuration

Parameters:

• app –
• config –

Returns:

lemur.factory.configure_blueprints(app, blueprints)

We prefix our APIs with their given version so that we can support multiple concurrent API versions.

Parameters:

• app –
• blueprints –

lemur.factory.configure_extensions(app)

Attaches and configures any needed flask extensions to our app.

Parameters:app –

lemur.factory.configure_logging(app)

Sets up application wide logging.

Parameters:app –

lemur.factory.create_app(app_name=None, blueprints=None, config=None)

Lemur application factory

Parameters:

• config –
• app_name –
• blueprints –

Returns:

lemur.factory.from_file(file_path, silent=False)

Updates the values in the config from a Python file. This function behaves as if the file was imported as module with the

Parameters:

• file_path –
• silent –

lemur.factory.install_plugins(app)

Installs new issuers that are not currently bundled with Lemur.

Parameters:settings – Returns:

manage Module

class lemur.manage.CreateRole(func=None)

Bases: flask_script.commands.Command

This command allows for the creation of a new role within Lemur

option_list = (<flask_script.commands.Option object at 0x7fd1fb1ffe90>, <flask_script.commands.Option object at 0x7fd1fb1ffd90>, <flask_script.commands.Option object at 0x7fd1fb1ffe10>)

run(name, users, description)

class lemur.manage.CreateUser(func=None)

Bases: flask_script.commands.Command

This command allows for the creation of a new user within Lemur

option_list = (<flask_script.commands.Option object at 0x7fd1fb1fff50>, <flask_script.commands.Option object at 0x7fd1fb1fff90>, <flask_script.commands.Option object at 0x7fd1fb1ffdd0>, <flask_script.commands.Option object at 0x7fd1fb1ffe50>)

run(username, email, active, roles)

class lemur.manage.InitializeApp(func=None)

Bases: flask_script.commands.Command

This command will bootstrap our database with any destinations as specified by our config.

Additionally a Lemur user will be created as a default user and be used when certificates are discovered by Lemur.

option_list = (<flask_script.commands.Option object at 0x7fd1fb1ffed0>,)

run(password)

class lemur.manage.LemurServer(func=None)

Bases: flask_script.commands.Command

This is the main Lemur server, it runs the flask app with gunicorn and uses any configuration options passed to it.

You can pass all standard gunicorn flags to this command as if you were running gunicorn itself.

For example:

lemur start -w 4 -b 127.0.0.0:8002

Will start gunicorn with 4 workers bound to 127.0.0.0:8002

description = u'Run the app within Gunicorn'

get_options()

run(*args, **kwargs)

class lemur.manage.ProvisionELB(func=None)

Bases: flask_script.commands.Command

Creates and provisions a certificate on an ELB based on command line arguments

build_cert_options(destinations, notifications, description, owner, dns, authority)

check_duplicate_listener(elb_name, region, account, sport, dport)

configure_user(owner)

get_destination_account(destinations)

get_destinations(destination_names)

option_list = (<flask_script.commands.Option object at 0x7fd1fb2073d0>, <flask_script.commands.Option object at 0x7fd1fb207310>, <flask_script.commands.Option object at 0x7fd1fb207790>, <flask_script.commands.Option object at 0x7fd1fb2077d0>, <flask_script.commands.Option object at 0x7fd1fb207810>, <flask_script.commands.Option object at 0x7fd1fb207750>, <flask_script.commands.Option object at 0x7fd1fb207290>, <flask_script.commands.Option object at 0x7fd1fb207210>, <flask_script.commands.Option object at 0x7fd1fb207250>, <flask_script.commands.Option object at 0x7fd1fb2072d0>, <flask_script.commands.Option object at 0x7fd1fb2071d0>)

run(dns, elb_name, owner, authority, description, notifications, destinations, region, dport, sport, dryrun)

class lemur.manage.Rolling(func=None)

Bases: flask_script.commands.Command

Rotates existing certificates to a new one on an ELB

option_list = (<flask_script.commands.Option object at 0x7fd1fb207a10>,)

run(window)

Simple function that queries verisign for API units and posts the mertics to Atlas API for other teams to consume. :return:

class lemur.manage.RotateELBs(func=None)

Bases: flask_script.commands.Command

Rotates existing certificates to a new one on an ELB

option_list = (<flask_script.commands.Option object at 0x7fd1fb2076d0>, <flask_script.commands.Option object at 0x7fd1fb207690>, <flask_script.commands.Option object at 0x7fd1fb207650>, <flask_script.commands.Option object at 0x7fd1fb207350>, <flask_script.commands.Option object at 0x7fd1fb207390>)

run(elb_list, chain_path, cert_name, cert_prefix, description)

lemur.manage.check_revoked()

Function attempts to update Lemur’s internal cache with revoked certificates. This is called periodically by Lemur. It checks both CRLs and OCSP to see if a certificate is revoked. If Lemur is unable encounters an issue with verification it marks the certificate status as unknown.

lemur.manage.create()

lemur.manage.create_config(config_path=None)

Creates a new configuration file if one does not already exist

lemur.manage.drop_all()

lemur.manage.generate_settings()

This command is run when default_path doesn’t exist, or init is run and returns a string representing the default data to put into their settings file.

lemur.manage.lock(path=None)

Encrypts a given path. This directory can be used to store secrets needed for normal Lemur operation. This is especially useful for storing secrets needed for communication with third parties (e.g. external certificate authorities).

Lemur does not assume anything about the contents of the directory and will attempt to encrypt all files contained within. Currently this has only been tested against plain text files.

Path defaults ~/.lemur/keys

Param:path

lemur.manage.main()

lemur.manage.make_shell_context()

Creates a python REPL with several default imports in the context of the current_app

Returns:

lemur.manage.notify()

Runs Lemur’s notification engine, that looks for expired certificates and sends notifications out to those that bave subscribed to them.

Returns:

lemur.manage.publish_verisign_units()

Simple function that queries verisign for API units and posts the mertics to Atlas API for other teams to consume. :return:

lemur.manage.sync_sources(labels)

Attempts to run several methods Certificate discovery. This is run on a periodic basis and updates the Lemur datastore with the information it discovers.

lemur.manage.unicode_(data)

lemur.manage.unlock(path=None)

Decrypts all of the files in a given directory with provided password. This is most commonly used during the startup sequence of Lemur allowing it to go from source code to something that can communicate with external services.

Path defaults ~/.lemur/keys

Param:path

models Module

Subpackages

• auth Package
  • permissions Module
  • service Module
  • views Module
• authorities Package
  • models Module
  • service Module
  • views Module
• certificates Package
  • exceptions Module
  • models Module
  • service Module
  • verify Module
  • views Module
• common Package
  • health Module
  • managers Module
  • utils Module
• destinations Package
  • models Module
  • service Module
  • views Module
• domains Package
  • models Module
  • service Module
  • views Module
• notifications Package
  • models Module
  • service Module
  • views Module
• plugins Package
  • plugins Package
  • views Module
  • Subpackages
    • base Package
      • base Package
      • manager Module
      • v1 Module
    • bases Package
      • bases Package
      • destination Module
      • issuer Module
      • notification Module
      • source Module
    • lemur_aws Package
      • lemur_aws Package
      • elb Module
      • iam Module
      • plugin Module
      • sts Module
    • lemur_email Package
      • lemur_email Package
      • plugin Module
      • Subpackages
        • templates Package
          • config Module
    • lemur_verisign Package
      • lemur_verisign Package
      • constants Module
      • plugin Module
• roles Package
  • models Module
  • service Module
  • views Module
• users Package
  • models Module
  • service Module
  • views Module