authorities Package¶
models
Module¶
-
class
lemur.authorities.models.
Authority
(**kwargs) Bases:
flask_sqlalchemy.Model
-
active
-
authority_certificate
-
body
-
certificates
-
chain
-
date_created
-
description
-
id
-
name
-
options
-
owner
-
plugin
-
plugin_name
-
roles
-
user_id
-
service
Module¶
-
lemur.authorities.service.
create
(**kwargs) Creates a new authority.
-
lemur.authorities.service.
create_authority_roles
(roles, owner, plugin_title, creator) Creates all of the necessary authority roles. :param creator: :param roles: :return:
-
lemur.authorities.service.
get
(authority_id) Retrieves an authority given it’s ID
Parameters: authority_id – Returns:
-
lemur.authorities.service.
get_all
() Get all authorities that are currently in Lemur.
:rtype : List :return:
-
lemur.authorities.service.
get_authority_role
(ca_name, creator=None) Attempts to get the authority role for a given ca uses current_user as a basis for accomplishing that.
Parameters: ca_name –
-
lemur.authorities.service.
get_by_name
(authority_name) Retrieves an authority given it’s name.
Parameters: authority_name – Returns:
-
lemur.authorities.service.
mint
(**kwargs) Creates the authority based on the plugin provided.
-
lemur.authorities.service.
render
(args) Helper that helps us render the REST Api responses. :param args: :return:
-
lemur.authorities.service.
update
(authority_id, description=None, owner=None, active=None, roles=None) Update an authority with new values.
Parameters: - authority_id –
- roles – roles that are allowed to use this authority
Returns:
views
Module¶
-
class
lemur.authorities.views.
Authorities
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'authority'
-
get
(authority_id) One authority
Example request:
GET /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "active": true, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
Parameters: - description – a sensible description about what the CA with be used for
- owner – the team or person who ‘owns’ this authority
- active – set whether this authoritity is currently in use
Request Headers: - Authorization – OAuth token to authenticate
- Authorization – OAuth token to authenticate
Status Codes: - 403 Forbidden – unauthenticated
- 200 OK – no error
- 200 OK – no error
- 403 Forbidden – unauthenticated
-
mediatypes
(resource_cls)
-
methods
= ['GET', 'PUT']
-
put
(authority_id, data=None) Update an authority
Example request:
PUT /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "TestAuthority5", "roles": [{ "id": 566, "name": "TestAuthority5_admin" }, { "id": 567, "name": "TestAuthority5_operator" }, { "id": 123, "name": "secure@example.com" }], "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----", "status": null, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority5 certificate authority.", "chain": "", "notBefore": "2016-06-03T00:00:51+00:00", "notAfter": "2036-06-03T23:59:51+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2280, "name": "TestAuthority5" }, "owner": "secure@example.com", "id": 44, "description": "This is the ROOT certificate for the TestAuthority5 certificate authority." }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
-
-
class
lemur.authorities.views.
AuthoritiesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘authorities’ endpoint
-
endpoint
= 'authorities'
-
get
() The current list of authorities
Example request:
GET /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." } "total": 1 }
Query Parameters: - sortBy – field to sort on
- sortDir – asc or desc
- page – int default is 1
- filter – key value pair. format is k;v
- count – count number default is 10
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
Note: this will only show certificates that the current user is authorized to use
-
mediatypes
(resource_cls)
-
methods
= ['GET', 'POST']
-
post
(data=None) Create an authority
Example request:
POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "country": "US", "state": "California", "location": "Los Gatos", "organization": "Netflix", "organizationalUnit": "Operations", "type": "root", "signingAlgorithm": "sha256WithRSA", "sensitivity": "medium", "keyType": "RSA2048", "plugin": { "slug": "cloudca-issuer", }, "name": "TimeTestAuthority5", "owner": "secure@example.com", "description": "test", "commonName": "AcommonName", "validityYears": "20", "extensions": { "subAltNames": { "names": [] }, "custom": [] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
Parameters: - name – authority’s name
- description – a sensible description about what the CA with be used for
- owner – the team or person who ‘owns’ this authority
- validityStart – when this authority should start issuing certificates
- validityEnd – when this authority should stop issuing certificates
- validityYears – starting from now how many years into the future the authority should be valid
- extensions – certificate extensions
- plugin – name of the plugin to create the authority
- type – the type of authority (root/subca)
- parent – the parent authority if this is to be a subca
- signingAlgorithm – algorithm used to sign the authority
- keyType – key type
- sensitivity – the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM :arg keyName: name of the key to store in the HSM (CloudCA) :arg serialNumber: serial number of the authority :arg firstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error
-
-
class
lemur.authorities.views.
AuthorityVisualizations
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'authority_visualizations'
-
get
(authority_id) {“name”: “flare”, “children”: [
- {
“name”: “analytics”, “children”: [
- {
“name”: “cluster”, “children”: [
{“name”: “AgglomerativeCluster”, “size”: 3938}, {“name”: “CommunityStructure”, “size”: 3812}, {“name”: “HierarchicalCluster”, “size”: 6714}, {“name”: “MergeEdge”, “size”: 743}]
}
}
]}
-
mediatypes
(resource_cls)
-
methods
= ['GET']
-
-
class
lemur.authorities.views.
CertificateAuthority
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'certificateAuthority'
-
get
(certificate_id) One authority for given certificate
Example request:
GET /certificates/1/authority HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
Request Headers: - Authorization – OAuth token to authenticate
Status Codes: - 200 OK – no error
- 403 Forbidden – unauthenticated
-
mediatypes
(resource_cls)
-
methods
= ['GET']
-