authorities Package¶
models
Module¶
-
class
lemur.authorities.models.
Authority
(name, owner, plugin_name, body, roles=None, chain=None, description=None) Bases:
flask_sqlalchemy.Model
-
active
-
as_dict
()
-
bits
-
body
-
certificates
-
chain
-
cn
-
date_created
-
description
-
id
-
name
-
not_after
-
not_before
-
options
-
owner
-
plugin_name
-
roles
-
serialize
()
-
user_id
-
service
Module¶
-
lemur.authorities.service.
create
(kwargs) Create a new authority.
Returns:
-
lemur.authorities.service.
get
(authority_id) Retrieves an authority given it’s ID
Parameters: authority_id – Returns:
-
lemur.authorities.service.
get_all
() Get all authorities that are currently in Lemur.
:rtype : List :return:
-
lemur.authorities.service.
get_authority_role
(ca_name) Attempts to get the authority role for a given ca uses current_user as a basis for accomplishing that.
Parameters: ca_name –
-
lemur.authorities.service.
get_by_name
(authority_name) Retrieves an authority given it’s name.
Parameters: authority_name – Returns:
-
lemur.authorities.service.
render
(args) Helper that helps us render the REST Api responses. :param args: :return:
-
lemur.authorities.service.
update
(authority_id, description=None, owner=None, active=None, roles=None) Update a an authority with new values.
Parameters: - authority_id –
- roles – roles that are allowed to use this authority
Returns:
views
Module¶
-
class
lemur.authorities.views.
Authorities
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'authority'
-
get
(*args, **kwargs) One authority
Example request:
GET /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null }
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
-
mediatypes
(resource_cls)
-
methods
= ['GET', 'PUT']
-
put
(*args, **kwargs) Update a authority
Example request:
PUT /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "roles": [], "active": false, "owner": "bob@example.com", "description": "this is authority1" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----begin ...", "body": "-----begin ...", "active": false, "notBefore": "2015-06-05t17:09:39", "notAfter": "2015-06-10t17:09:39" "options": null }
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
-
-
class
lemur.authorities.views.
AuthoritiesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘authorities’ endpoint
-
endpoint
= 'authorities'
-
get
(*args, **kwargs) The current list of authorities
Example request:
GET /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null } ] "total": 1 }
Query Parameters: - sortBy – field to sort on
- sortDir – acs or desc
- page – int default is 1
- filter – key value pair. format is k;v
- limit – limit number default is 10
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
Note: this will only show certificates that the current user is authorized to use
-
mediatypes
(resource_cls)
-
methods
= ['GET', 'POST']
-
post
(*args, **kwargs) Create an authority
Example request:
POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "caDN": { "country": "US", "state": "CA", "location": "A Location", "organization": "ExampleInc", "organizationalUnit": "Operations", "commonName": "a common name" }, "caType": "root", "caSigningAlgo": "sha256WithRSA", "caSensitivity": "medium", "keyType": "RSA2048", "pluginName": "cloudca", "validityStart": "2015-06-11T07:00:00.000Z", "validityEnd": "2015-06-13T07:00:00.000Z", "caName": "DoctestCA", "ownerEmail": "jimbob@example.com", "caDescription": "Example CA", "extensions": { "subAltNames": { "names": [] } }, }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null }
Parameters: - caName – authority’s name
- caDescription – a sensible description about what the CA with be used for
- ownerEmail – the team or person who ‘owns’ this authority
- validityStart – when this authority should start issuing certificates
- validityEnd – when this authority should stop issuing certificates
- extensions – certificate extensions
- pluginName – name of the plugin to create the authority
- caType – the type of authority (root/subca)
- caParent – the parent authority if this is to be a subca
- caSigningAlgo – algorithm used to sign the authority
- keyType – key type
- caSensitivity – the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM :arg caKeyName: name of the key to store in the HSM (CloudCA) :arg caSerialNumber: serial number of the authority :arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error
-
-
class
lemur.authorities.views.
CertificateAuthority
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'certificateAuthority'
-
get
(*args, **kwargs) One authority for given certificate
Example request:
GET /certificates/1/authority HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null }
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
-
mediatypes
(resource_cls)
-
methods
= ['GET']
-