lemur Package¶
lemur
Package¶
constants
Module¶
database
Module¶
-
lemur.database.
add
(model) Helper to add a model to the current session.
Parameters: model – Returns:
-
lemur.database.
clone
(model) Clones the given model and removes it’s primary key :param model: :return:
-
lemur.database.
commit
() Helper to commit the current session.
-
lemur.database.
create
(model) Helper that attempts to create a new instance of an object.
Parameters: model – Returns: raise IntegrityError:
-
lemur.database.
create_query
(model, kwargs) Returns a SQLAlchemy query object for specified model. Model filtered by the kwargs passed.
Parameters: - model –
- kwargs –
Returns:
-
lemur.database.
delete
(model) Helper that attempts to delete a model.
Parameters: model –
-
lemur.database.
filter
(query, model, terms) Helper that searched for ‘like’ strings in column values.
Parameters: - query –
- model –
- terms –
Returns:
-
lemur.database.
filter_none
(kwargs) Remove all None values froma given dict. SQLAlchemy does not like to have values that are None passed to it.
Parameters: kwargs – Dict to filter Returns: Dict without any ‘None’ values
-
lemur.database.
find_all
(query, model, kwargs) Returns a query object that ensures that all kwargs are present.
Parameters: - query –
- model –
- kwargs –
Returns:
-
lemur.database.
find_any
(query, model, kwargs) Returns a query object that allows any kwarg to be present.
Parameters: - query –
- model –
- kwargs –
Returns:
-
lemur.database.
get
(model, value, field='id') Returns one object filtered by the field and value.
Parameters: - model –
- value –
- field –
Returns:
-
lemur.database.
get_all
(model, value, field='id') Returns query object with the fields and value filtered.
Parameters: - model –
- value –
- field –
Returns:
-
lemur.database.
paginate
(query, page, count) Returns the items given the count and page specified
Parameters: - query –
- page –
- count –
-
lemur.database.
session_query
(model) Returns a SQLAlchemy query object for the specified model.
If model has a
query
attribute already, that object will be returned. Otherwise a query will be created and returned based on session.Parameters: model – sqlalchemy model Returns: query object for model
-
lemur.database.
sort
(query, model, field, direction) Returns objects of the specified model in the field and direction given
Parameters: - query –
- model –
- field –
- direction –
-
lemur.database.
sort_and_page
(query, model, args) Helper that allows us to combine sorting and paging
Parameters: - query –
- model –
- args –
Returns:
-
lemur.database.
update
(model) Helper that attempts to update a model.
Parameters: model – Returns:
-
lemur.database.
update_list
(model, model_attr, item_model, items) Helper that correctly updates a models items depending on what has changed
Parameters: - model_attr –
- item_model –
- items –
- model –
Returns:
decorators
Module¶
-
lemur.decorators.
crossdomain
(origin=None, methods=None, headers=None, max_age=21600, attach_to_all=True, automatic_options=True)
exceptions
Module¶
-
exception
lemur.exceptions.
AttrNotFound
(field) Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
AuthenticationFailedException
(remote_ip, user_agent) Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
CertificateUnavailable
Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
DuplicateError
(key) Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
IntegrityError
(message) Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
InvalidListener
Bases:
lemur.exceptions.LemurException
-
exception
lemur.exceptions.
InvalidToken
Bases:
exceptions.Exception
-
exception
lemur.exceptions.
LemurException
Bases:
exceptions.Exception
-
exception
lemur.exceptions.
NoEncryptionKeyFound
Bases:
exceptions.Exception
-
exception
lemur.exceptions.
NoPersistanceFound
Bases:
exceptions.Exception
extensions
Module¶
factory
Module¶
-
lemur.factory.
configure_app
(app, config=None) Different ways of configuration
Parameters: - app –
- config –
Returns:
-
lemur.factory.
configure_blueprints
(app, blueprints) We prefix our APIs with their given version so that we can support multiple concurrent API versions.
Parameters: - app –
- blueprints –
-
lemur.factory.
configure_extensions
(app) Attaches and configures any needed flask extensions to our app.
Parameters: app –
-
lemur.factory.
configure_logging
(app) Sets up application wide logging.
Parameters: app –
-
lemur.factory.
create_app
(app_name=None, blueprints=None, config=None) Lemur application factory
Parameters: - config –
- app_name –
- blueprints –
Returns:
-
lemur.factory.
from_file
(file_path, silent=False) Updates the values in the config from a Python file. This function behaves as if the file was imported as module with the
Parameters: - file_path –
- silent –
-
lemur.factory.
install_plugins
(app) Installs new issuers that are not currently bundled with Lemur.
Parameters: settings – Returns:
manage
Module¶
-
class
lemur.manage.
CreateRole
(func=None) Bases:
flask_script.commands.Command
This command allows for the creation of a new role within Lemur
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb1ffe90>, <flask_script.commands.Option object at 0x7fd1fb1ffd90>, <flask_script.commands.Option object at 0x7fd1fb1ffe10>)
-
run
(name, users, description)
-
-
class
lemur.manage.
CreateUser
(func=None) Bases:
flask_script.commands.Command
This command allows for the creation of a new user within Lemur
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb1fff50>, <flask_script.commands.Option object at 0x7fd1fb1fff90>, <flask_script.commands.Option object at 0x7fd1fb1ffdd0>, <flask_script.commands.Option object at 0x7fd1fb1ffe50>)
-
run
(username, email, active, roles)
-
-
class
lemur.manage.
InitializeApp
(func=None) Bases:
flask_script.commands.Command
This command will bootstrap our database with any destinations as specified by our config.
Additionally a Lemur user will be created as a default user and be used when certificates are discovered by Lemur.
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb1ffed0>,)
-
run
(password)
-
-
class
lemur.manage.
LemurServer
(func=None) Bases:
flask_script.commands.Command
This is the main Lemur server, it runs the flask app with gunicorn and uses any configuration options passed to it.
You can pass all standard gunicorn flags to this command as if you were running gunicorn itself.
For example:
lemur start -w 4 -b 127.0.0.0:8002
Will start gunicorn with 4 workers bound to 127.0.0.0:8002
-
description
= u'Run the app within Gunicorn'
-
get_options
()
-
run
(*args, **kwargs)
-
-
class
lemur.manage.
ProvisionELB
(func=None) Bases:
flask_script.commands.Command
Creates and provisions a certificate on an ELB based on command line arguments
-
build_cert_options
(destinations, notifications, description, owner, dns, authority)
-
check_duplicate_listener
(elb_name, region, account, sport, dport)
-
configure_user
(owner)
-
get_destination_account
(destinations)
-
get_destinations
(destination_names)
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb2073d0>, <flask_script.commands.Option object at 0x7fd1fb207310>, <flask_script.commands.Option object at 0x7fd1fb207790>, <flask_script.commands.Option object at 0x7fd1fb2077d0>, <flask_script.commands.Option object at 0x7fd1fb207810>, <flask_script.commands.Option object at 0x7fd1fb207750>, <flask_script.commands.Option object at 0x7fd1fb207290>, <flask_script.commands.Option object at 0x7fd1fb207210>, <flask_script.commands.Option object at 0x7fd1fb207250>, <flask_script.commands.Option object at 0x7fd1fb2072d0>, <flask_script.commands.Option object at 0x7fd1fb2071d0>)
-
run
(dns, elb_name, owner, authority, description, notifications, destinations, region, dport, sport, dryrun)
-
-
class
lemur.manage.
Rolling
(func=None) Bases:
flask_script.commands.Command
Rotates existing certificates to a new one on an ELB
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb207a10>,)
-
run
(window) Simple function that queries verisign for API units and posts the mertics to Atlas API for other teams to consume. :return:
-
-
class
lemur.manage.
RotateELBs
(func=None) Bases:
flask_script.commands.Command
Rotates existing certificates to a new one on an ELB
-
option_list
= (<flask_script.commands.Option object at 0x7fd1fb2076d0>, <flask_script.commands.Option object at 0x7fd1fb207690>, <flask_script.commands.Option object at 0x7fd1fb207650>, <flask_script.commands.Option object at 0x7fd1fb207350>, <flask_script.commands.Option object at 0x7fd1fb207390>)
-
run
(elb_list, chain_path, cert_name, cert_prefix, description)
-
-
lemur.manage.
check_revoked
() Function attempts to update Lemur’s internal cache with revoked certificates. This is called periodically by Lemur. It checks both CRLs and OCSP to see if a certificate is revoked. If Lemur is unable encounters an issue with verification it marks the certificate status as unknown.
-
lemur.manage.
create
()
-
lemur.manage.
create_config
(config_path=None) Creates a new configuration file if one does not already exist
-
lemur.manage.
drop_all
()
-
lemur.manage.
generate_settings
() This command is run when
default_path
doesn’t exist, orinit
is run and returns a string representing the default data to put into their settings file.
-
lemur.manage.
lock
(path=None) Encrypts a given path. This directory can be used to store secrets needed for normal Lemur operation. This is especially useful for storing secrets needed for communication with third parties (e.g. external certificate authorities).
Lemur does not assume anything about the contents of the directory and will attempt to encrypt all files contained within. Currently this has only been tested against plain text files.
Path defaults ~/.lemur/keys
Param: path
-
lemur.manage.
main
()
-
lemur.manage.
make_shell_context
() Creates a python REPL with several default imports in the context of the current_app
Returns:
-
lemur.manage.
notify
() Runs Lemur’s notification engine, that looks for expired certificates and sends notifications out to those that bave subscribed to them.
Returns:
-
lemur.manage.
publish_verisign_units
() Simple function that queries verisign for API units and posts the mertics to Atlas API for other teams to consume. :return:
-
lemur.manage.
sync_sources
(labels) Attempts to run several methods Certificate discovery. This is run on a periodic basis and updates the Lemur datastore with the information it discovers.
-
lemur.manage.
unicode_
(data)
-
lemur.manage.
unlock
(path=None) Decrypts all of the files in a given directory with provided password. This is most commonly used during the startup sequence of Lemur allowing it to go from source code to something that can communicate with external services.
Path defaults ~/.lemur/keys
Param: path
models
Module¶
Subpackages¶
- auth Package
- authorities Package
- certificates Package
- common Package
- destinations Package
- domains Package
- notifications Package
- plugins Package
- roles Package
- users Package