authorities Package¶
models
Module¶
-
class
lemur.authorities.models.
Authority
(**kwargs) Bases:
sqlalchemy.ext.declarative.api.Model
-
active
-
authority_certificate
-
authority_pending_certificate
-
body
-
certificates
-
chain
-
date_created
-
property
default_validity_days
-
description
-
id
-
property
is_cab_compliant
Parse the options to find whether authority is CAB Forum Compliant, i.e., adhering to the CA/Browser Forum Baseline Requirements. Returns None if option is not available
-
property
max_issuance_days
-
name
-
options
-
owner
-
pending_certificates
-
property
plugin
-
plugin_name
-
roles
-
user_id
-
service
Module¶
-
lemur.authorities.service.
create
(**kwargs) Creates a new authority.
-
lemur.authorities.service.
create_authority_roles
(roles, owner, plugin_title, creator) Creates all of the necessary authority roles. :param creator: :param roles: :return:
-
lemur.authorities.service.
get
(authority_id) Retrieves an authority given it’s ID
- Parameters
authority_id –
- Returns
-
lemur.authorities.service.
get_all
() Get all authorities that are currently in Lemur.
:rtype : List :return:
-
lemur.authorities.service.
get_authority_role
(ca_name, creator=None) Attempts to get the authority role for a given ca uses current_user as a basis for accomplishing that.
- Parameters
ca_name –
-
lemur.authorities.service.
get_by_name
(authority_name) Retrieves an authority given it’s name.
- Parameters
authority_name –
- Returns
-
lemur.authorities.service.
mint
(**kwargs) Creates the authority based on the plugin provided.
-
lemur.authorities.service.
render
(args) Helper that helps us render the REST Api responses. :param args: :return:
-
lemur.authorities.service.
update
(authority_id, description, owner, active, roles) Update an authority with new values.
- Parameters
authority_id –
roles – roles that are allowed to use this authority
- Returns
-
lemur.authorities.service.
update_options
(authority_id, options) Update an authority with new options.
- Parameters
authority_id –
options – the new options to be saved into the authority
- Returns
views
Module¶
-
class
lemur.authorities.views.
Authorities
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'authority'
-
get
(authority_id) One authority
Example request:
GET /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "active": true, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
- Parameters
description – a sensible description about what the CA with be used for
owner – the team or person who ‘owns’ this authority
active – set whether this authoritity is currently in use
- Request Headers
Authorization – OAuth token to authenticate
Authorization – OAuth token to authenticate
- Status Codes
403 Forbidden – unauthenticated
200 OK – no error
200 OK – no error
403 Forbidden – unauthenticated
-
mediatypes
()
-
methods
= {'GET', 'PUT'}
-
put
(authority_id, data=None) Update an authority
Example request:
PUT /authorities/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "TestAuthority5", "roles": [{ "id": 566, "name": "TestAuthority5_admin" }, { "id": 567, "name": "TestAuthority5_operator" }, { "id": 123, "name": "secure@example.com" }], "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----", "status": null, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority5 certificate authority.", "chain": "", "notBefore": "2016-06-03T00:00:51+00:00", "notAfter": "2036-06-03T23:59:51+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2280, "name": "TestAuthority5" }, "owner": "secure@example.com", "id": 44, "description": "This is the ROOT certificate for the TestAuthority5 certificate authority." }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
class
lemur.authorities.views.
AuthoritiesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘authorities’ endpoint
-
endpoint
= 'authorities'
-
get
() The current list of authorities
Example request:
GET /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair. format is k;v
count – count number default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
- Note
this will only show certificates that the current user is authorized to use
-
mediatypes
()
-
methods
= {'GET', 'POST'}
-
post
(data=None) Create an authority
Example request:
POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "country": "US", "state": "California", "location": "Los Gatos", "organization": "Netflix", "organizationalUnit": "Operations", "type": "root", "signingAlgorithm": "sha256WithRSA", "sensitivity": "medium", "keyType": "RSA2048", "plugin": { "slug": "cloudca-issuer" }, "name": "TimeTestAuthority5", "owner": "secure@example.com", "description": "test", "commonName": "AcommonName", "validityYears": "20", "extensions": { "subAltNames": { "names": [] }, "custom": [] } }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
- Parameters
name – authority’s name
description – a sensible description about what the CA with be used for
owner – the team or person who ‘owns’ this authority
validityStart – when this authority should start issuing certificates
validityEnd – when this authority should stop issuing certificates
validityYears – starting from now how many years into the future the authority should be valid
extensions – certificate extensions
plugin – name of the plugin to create the authority
type – the type of authority (root/subca)
parent – the parent authority if this is to be a subca
signingAlgorithm – algorithm used to sign the authority
keyType – key type
sensitivity – the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM :arg keyName: name of the key to store in the HSM (CloudCA) :arg serialNumber: serial number of the authority :arg firstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error
-
-
class
lemur.authorities.views.
AuthorityVisualizations
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'authority_visualizations'
-
get
(authority_id) {“name”: “flare”, “children”: [
- {
“name”: “analytics”, “children”: [
- {
“name”: “cluster”, “children”: [
{“name”: “AgglomerativeCluster”, “size”: 3938}, {“name”: “CommunityStructure”, “size”: 3812}, {“name”: “HierarchicalCluster”, “size”: 6714}, {“name”: “MergeEdge”, “size”: 743}
]
}
]
}
]}
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.authorities.views.
CertificateAuthority
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'certificateAuthority'
-
get
(certificate_id) One authority for given certificate
Example request:
GET /certificates/1/authority HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "secure@example.com" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "secure@example.com", "user": { "username": "joe@example.com", "active": true, "email": "joe@example.com", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "secure@example.com", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
mediatypes
()
-
methods
= {'GET'}
-