Contributing

Want to contribute back to Lemur? This page describes the general development flow, our philosophy, the test suite, and issue tracking.

Documentation

If you’re looking to help document Lemur, you can get set up with Sphinx, our documentation tool, but first you will want to make sure you have a few things on your local system:

  • python-dev (if you’re on OS X, you already have this)

  • pip

  • virtualenvwrapper

Once you’ve got all that, the rest is simple:

# If you have a fork, you'll want to clone it instead
git clone git://github.com/netflix/lemur.git

# Create and activate python virtualenv from within the lemur repo
python3 -m venv env
. env/bin/activate

# Install doc requirements

make dev-docs

# Make the docs
cd docs
make html

Running make dev-docs will install the basic requirements to get Sphinx running.

Building Documentation

Inside the docs directory, you can run make to build the documentation. See make help for available options and the Sphinx Documentation for more information.

Adding New Modules to Documentation

When a new module is added, it will need to be added to the documentation. Ideally, we might rely on sphinx-apidoc to autogenerate our documentation. Unfortunately, this causes some build problems. Instead, you’ll need to add new modules by hand.

Developing Against HEAD

We try to make it easy to get up and running in a development environment using a git checkout of Lemur. There are two ways to run Lemur locally: directly on your development machine, or in a Docker container.

Running in a Docker container

Look at the lemur-docker project. Usage instructions are self-contained in the README for that project.

Running directly on your development machine

You’ll want to make sure you have a few things on your local system first:

  • python-dev (if you’re on OS X, you already have this)

  • pip

  • virtualenv (ideally virtualenvwrapper)

  • node.js (for npm and building css/javascript)

  • PostgreSQL

Once you’ve got all that, the rest is simple:

# If you have a fork, you'll want to clone it instead
git clone git://github.com/lemur/lemur.git

# Create a python virtualenv
python3 -m venv env

# Make the magic happen
make

Running make will do several things, including:

  • Setting up any submodules (including Bootstrap)

  • Installing Python requirements

  • Installing NPM requirements

Note

You will want to store your virtualenv out of the lemur directory you cloned above, otherwise make will fail.

Create a default Lemur configuration just as if this were a production instance:

lemur create_config
lemur init

You’ll likely want to make some changes to the default configuration (we recommend developing against Postgres, for example). Once done, migrate your database using the following command:

lemur upgrade

Note

The upgrade shortcut is simply a shortcut to Alembic’s upgrade command.

Running tests with Docker and docker-compose

If you just want to run tests in a Docker container, you can use Docker and docker-compose for running the tests with docker-compose run test directly in the lemur project.

(For running the Lemur service in Docker, see lemur-docker.)

Coding Standards

Lemur follows the guidelines laid out in pep8 with a little bit of flexibility on things like line length. We always give way for the Zen of Python. We also use strict mode for JavaScript, enforced by jshint.

You can run all linters with make lint, or respectively lint-python or lint-js.

Spacing

Python:

4 Spaces

JavaScript:

2 Spaces

CSS:

2 Spaces

HTML:

2 Spaces

Git hooks

To help developers maintain the above standards, Lemur includes a configuration file for Yelp’s pre-commit. This is an optional dependency and is not required in order to contribute to Lemur.

Running the Test Suite

The test suite consists of multiple parts, testing both the Python and JavaScript components in Lemur. If you’ve setup your environment correctly, you can run the entire suite with the following command:

make test

If you only need to run the Python tests, you can do so with make test-python, as well as make test-js for the JavaScript tests.

You’ll notice that the test suite is structured based on where the code lives, and strongly encourages using the mock library to drive more accurate individual tests.

Note

We use py.test for the Python test suite, and a combination of phantomjs and jasmine for the JavaScript tests.

Static Media

Lemur uses a library that compiles its static media assets (LESS and JS files) automatically. If you’re developing using runserver you’ll see changes happen not only in the original files, but also the minified or processed versions of the file.

If you’ve made changes and need to compile them by hand for any reason, you can do so by running:

lemur compilestatic

The minified and processed files should be committed alongside the unprocessed changes.

It’s also important to note that Lemur’s frontend and API are not tied together. The API does not serve any of the static assets, we rely on nginx or some other file server to server all of the static assets. During development that means we need an additional server to serve those static files for the GUI.

This is accomplished with a Gulp task:

./node_modules/.bin/gulp serve

The gulp task compiles all the JS/CSS/HTML files and opens the Lemur welcome page in your default browsers. Additionally any changes to made to the JS/CSS/HTML with be reloaded in your browsers.

Developing with Flask

Because Lemur is just Flask, you can use all of the standard Flask functionality. The only difference is you’ll be accessing commands that would normally go through manage.py using the lemur CLI helper instead.

For example, you probably don’t want to use lemur start for development, as it doesn’t support anything like automatic reloading on code changes. For that you’d want to use the standard builtin runserver command:

lemur runserver

DDL (Schema Changes)

Schema changes should always introduce the new schema in a commit, and then introduce code relying on that schema in a followup commit. This also means that new columns must be NULLable.

Removing columns and tables requires a slightly more painful flow, and should resemble the follow multi-commit flow:

  • Remove all references to the column or table (but don’t remove the Model itself)

  • Remove the model code

  • Remove the table or column

Contributing Back Code

All patches should be sent as a pull request on GitHub, include tests, and documentation where needed. If you’re fixing a bug or making a large change the patch must include test coverage.

Uncertain about how to write tests? Take a look at some existing tests that are similar to the code you’re changing, and go from there.

You can see a list of open pull requests (pending changes) by visiting https://github.com/netflix/lemur/pulls

Pull requests should be against master and pass all TravisCI checks

Writing a Plugin

REST API

Lemur’s front end is entirely API driven. Any action that you can accomplish via the UI can also be accomplished by the API. The following is documents and provides examples on how to make requests to the Lemur API.

Authentication

class lemur.auth.views.Google

Bases: flask_restful.Resource

endpoint = 'google'
mediatypes()
methods = {'POST'}

A list of methods this view can handle.

post()
class lemur.auth.views.Login

Bases: flask_restful.Resource

Provides an endpoint for Lemur’s basic authentication. It takes a username and password combination and returns a JWT token.

This token token is required for each API request and must be provided in the Authorization Header for the request.

Authorization:Bearer <token>

Tokens have a set expiration date. You can inspect the token expiration by base64 decoding the token and inspecting it’s contents.

Note

It is recommended that the token expiration is fairly short lived (hours not days). This will largely depend on your uses cases but. It is important to not that there is currently no build in method to revoke a users token and force re-authentication.

endpoint = 'login'
mediatypes()
methods = {'POST'}

A list of methods this view can handle.

post()
POST /auth/login

Login with username:password

Example request:

POST /auth/login HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "username": "test",
  "password": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "token": "12343243243"
}
Parameters
  • username – username

  • password – password

Status Codes
class lemur.auth.views.OAuth2

Bases: flask_restful.Resource

endpoint = 'oauth2'
get()
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post()
class lemur.auth.views.Ping

Bases: flask_restful.Resource

This class serves as an example of how one might implement an SSO provider for use with Lemur. In this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an OAuth2 provider you want to use Lemur there would be two steps:

  1. Define your own class that inherits from flask_restful.Resource and create the HTTP methods the provider uses for its callbacks.

  2. Add or change the Lemur AngularJS Configuration to point to your new provider

endpoint = 'ping'
get()
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post()
class lemur.auth.views.Providers

Bases: flask_restful.Resource

endpoint = 'providers'
get()
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

lemur.auth.views.build_hmac()
lemur.auth.views.create_user_roles(profile)

Creates new roles based on profile information.

Parameters

profile

Returns

lemur.auth.views.exchange_for_access_token(code, redirect_uri, client_id, secret, access_token_url=None, verify_cert=True)

Exchanges authorization code for access token.

Parameters
  • code

  • redirect_uri

  • client_id

  • secret

  • access_token_url

  • verify_cert

Returns

Returns

lemur.auth.views.generate_state_token()
lemur.auth.views.retrieve_user(user_api_url, access_token)

Fetch user information from provided user api_url.

Parameters
  • user_api_url

  • access_token

Returns

lemur.auth.views.retrieve_user_memberships(user_api_url, user_membership_provider, access_token)
lemur.auth.views.update_user(user, profile, roles)

Updates user with current profile information and associated roles.

Parameters
  • user

  • profile

  • roles

lemur.auth.views.validate_id_token(id_token, client_id, jwks_url)

Ensures that the token we receive is valid.

Parameters
  • id_token

  • client_id

  • jwks_url

Returns

lemur.auth.views.verify_state_token(token)

Destinations

class lemur.destinations.views.CertificateDestinations

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificate/<int:certificate_id/destinations’’ endpoint

endpoint = 'certificateDestinations'
get(certificate_id)
GET /certificates/1/destinations

The current account list for a given certificates

Example request:

GET /certificates/1/destinations HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "description": "test",
      "options": [{
          "name": "accountNumber",
          "required": true,
          "value": "111111111111111",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "id": 4,
      "plugin": {
          "pluginOptions": [{
              "name": "accountNumber",
              "required": true,
              "value": "111111111111111",
              "helpMessage": "Must be a valid AWS account number!",
              "validation": "^[0-9]{12,12}$",
              "type": "str"
          }],
          "description": "Allow the uploading of certificates to AWS IAM",
          "slug": "aws-destination",
          "title": "AWS"
      },
      "label": "test546"
  }
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.destinations.views.Destinations

Bases: lemur.auth.service.AuthenticatedResource

delete(destination_id)
endpoint = 'destination'
get(destination_id)
GET /destinations/1

Get a specific account

Example request:

GET /destinations/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "description": "test",
  "options": [{
      "name": "accountNumber",
      "required": true,
      "value": "111111111111111",
      "helpMessage": "Must be a valid AWS account number!",
      "validation": "^[0-9]{12,12}$",
      "type": "str"
  }],
  "id": 4,
  "plugin": {
      "pluginOptions": [{
          "name": "accountNumber",
          "required": true,
          "value": "111111111111111",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "description": "Allow the uploading of certificates to AWS IAM",
      "slug": "aws-destination",
      "title": "AWS"
  },
  "label": "test546"
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'PUT'}

A list of methods this view can handle.

put(destination_id, data=None)
PUT /destinations/1

Updates an account

Example request:

POST /destinations/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8


{
  "description": "test33",
  "options": [{
      "name": "accountNumber",
      "required": true,
      "value": "34324324",
      "helpMessage": "Must be a valid AWS account number!",
      "validation": "^[0-9]{12,12}$",
      "type": "str"
  }],
  "id": 4,
  "plugin": {
      "pluginOptions": [{
          "name": "accountNumber",
          "required": true,
          "value": "34324324",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "description": "Allow the uploading of certificates to AWS IAM",
      "slug": "aws-destination",
      "title": "AWS"
  },
  "label": "test546"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "description": "test",
  "options": [{
      "name": "accountNumber",
      "required": true,
      "value": "111111111111111",
      "helpMessage": "Must be a valid AWS account number!",
      "validation": "^[0-9]{12,12}$",
      "type": "str"
  }],
  "id": 4,
  "plugin": {
      "pluginOptions": [{
          "name": "accountNumber",
          "required": true,
          "value": "111111111111111",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "description": "Allow the uploading of certificates to AWS IAM",
      "slug": "aws-destination",
      "title": "AWS"
  },
  "label": "test546"
}
Parameters
  • accountNumber – aws account number

  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes
class lemur.destinations.views.DestinationsList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘destinations’ endpoint

endpoint = 'destinations'
get()
GET /destinations

The current account list

Example request:

GET /destinations HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "description": "test",
      "options": [{
          "name": "accountNumber",
          "required": true,
          "value": "111111111111111",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "id": 4,
      "plugin": {
          "pluginOptions": [{
              "name": "accountNumber",
              "required": true,
              "value": "111111111111111",
              "helpMessage": "Must be a valid AWS account number!",
              "validation": "^[0-9]{12,12}$",
              "type": "str"
          }],
          "description": "Allow the uploading of certificates to AWS IAM",
          "slug": "aws-destination",
          "title": "AWS"
      },
      "label": "test546"
  }
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int. default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /destinations

Creates a new account

Example request:

POST /destinations HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "description": "test33",
  "options": [{
      "name": "accountNumber",
      "required": true,
      "value": "34324324",
      "helpMessage": "Must be a valid AWS account number!",
      "validation": "^[0-9]{12,12}$",
      "type": "str"
  }],
  "id": 4,
  "plugin": {
      "pluginOptions": [{
          "name": "accountNumber",
          "required": true,
          "value": "34324324",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "description": "Allow the uploading of certificates to AWS IAM",
      "slug": "aws-destination",
      "title": "AWS"
  },
  "label": "test546"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "description": "test33",
  "options": [{
      "name": "accountNumber",
      "required": true,
      "value": "34324324",
      "helpMessage": "Must be a valid AWS account number!",
      "validation": "^[0-9]{12,12}$",
      "type": "str"
  }],
  "id": 4,
  "plugin": {
      "pluginOptions": [{
          "name": "accountNumber",
          "required": true,
          "value": "111111111111111",
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "str"
      }],
      "description": "Allow the uploading of certificates to AWS IAM",
      "slug": "aws-destination",
      "title": "AWS"
  },
  "label": "test546"
}
Parameters
  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes
class lemur.destinations.views.DestinationsStats

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘destinations’ stats endpoint

endpoint = 'destinationStats'
get()
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Notifications

class lemur.notifications.views.CertificateNotifications

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificate/<int:certificate_id/notifications’’ endpoint

endpoint = 'certificateNotifications'
get(certificate_id)
GET /certificates/1/notifications

The current account list for a given certificates

Example request:

GET /certificates/1/notifications HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "description": "An example",
          "options": [
              {
                  "name": "interval",
                  "required": true,
                  "value": 555,
                  "helpMessage": "Number of days to be alert before expiration.",
                  "validation": "^\d+$",
                  "type": "int"
              },
              {
                  "available": [
                      "days",
                      "weeks",
                      "months"
                  ],
                  "name": "unit",
                  "required": true,
                  "value": "weeks",
                  "helpMessage": "Interval unit",
                  "validation": "",
                  "type": "select"
              },
              {
                  "name": "recipients",
                  "required": true,
                  "value": "kglisson@netflix.com,example@netflix.com",
                  "helpMessage": "Comma delimited list of email addresses",
                  "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$",
                  "type": "str"
              }
          ],
          "label": "example",
          "pluginName": "email-notification",
          "active": true,
          "id": 2
      }
  ],
  "total": 1
 }
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.notifications.views.Notifications

Bases: lemur.auth.service.AuthenticatedResource

delete(notification_id)
endpoint = 'notification'
get(notification_id)
GET /notifications/1

Get a specific notification

Example request:

GET /notifications/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "description": "a test",
  "options": [
      {
          "name": "interval",
          "required": true,
          "value": 5,
          "helpMessage": "Number of days to be alert before expiration.",
          "validation": "^\d+$",
          "type": "int"
      },
      {
          "available": [
              "days",
              "weeks",
              "months"
          ],
          "name": "unit",
          "required": true,
          "value": "weeks",
          "helpMessage": "Interval unit",
          "validation": "",
          "type": "select"
      },
      {
          "name": "recipients",
          "required": true,
          "value": "kglisson@netflix.com,example@netflix.com",
          "helpMessage": "Comma delimited list of email addresses",
          "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$",
          "type": "str"
      }
  ],
  "label": "test",
  "pluginName": "email-notification",
  "active": true,
  "id": 2
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'PUT'}

A list of methods this view can handle.

put(notification_id, data=None)
PUT /notifications/1

Updates a notification

Example request:

PUT /notifications/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "label": "labelChanged",
  "plugin": {
      "slug": "email-notification",
      "plugin_options": "???"
    },
  "description": "Sample notification",
  "active": "true",
  "added_certificates": "???",
  "removed_certificates": "???"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "label": "labelChanged",
  "plugin": {
      "slug": "email-notification",
      "plugin_options": "???"
    },
  "description": "Sample notification",
  "active": "true",
  "added_certificates": "???",
  "removed_certificates": "???"
}
Label label

notification name

Label slug

notification plugin slug

Label plugin_options

notification plugin options

Label description

notification description

Label active

whether or not the notification is active/enabled

Label added_certificates

certificates to add

Label removed_certificates

certificates to remove

Request Headers
Status Codes
class lemur.notifications.views.NotificationsList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘notifications’ endpoint

endpoint = 'notifications'
get()
GET /notifications

The current account list

Example request:

GET /notifications HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "description": "An example",
          "options": [
              {
                  "name": "interval",
                  "required": true,
                  "value": 5,
                  "helpMessage": "Number of days to be alert before expiration.",
                  "validation": "^\d+$",
                  "type": "int"
              },
              {
                  "available": [
                      "days",
                      "weeks",
                      "months"
                  ],
                  "name": "unit",
                  "required": true,
                  "value": "weeks",
                  "helpMessage": "Interval unit",
                  "validation": "",
                  "type": "select"
              },
              {
                  "name": "recipients",
                  "required": true,
                  "value": "kglisson@netflix.com,example@netflix.com",
                  "helpMessage": "Comma delimited list of email addresses",
                  "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$",
                  "type": "str"
              }
          ],
          "label": "example",
          "pluginName": "email-notification",
          "active": true,
          "id": 2
      }
  ],
  "total": 1
 }
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /notifications

Creates a new notification

Example request:

POST /notifications HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "description": "a test",
  "options": [
      {
          "name": "interval",
          "required": true,
          "value": 5,
          "helpMessage": "Number of days to be alert before expiration.",
          "validation": "^\d+$",
          "type": "int"
      },
      {
          "available": [
              "days",
              "weeks",
              "months"
          ],
          "name": "unit",
          "required": true,
          "value": "weeks",
          "helpMessage": "Interval unit",
          "validation": "",
          "type": "select"
      },
      {
          "name": "recipients",
          "required": true,
          "value": "kglisson@netflix.com,example@netflix.com",
          "helpMessage": "Comma delimited list of email addresses",
          "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$",
          "type": "str"
      }
  ],
  "label": "test",
  "pluginName": "email-notification",
  "active": true,
  "id": 2
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "description": "a test",
  "options": [
      {
          "name": "interval",
          "required": true,
          "value": 5,
          "helpMessage": "Number of days to be alert before expiration.",
          "validation": "^\d+$",
          "type": "int"
      },
      {
          "available": [
              "days",
              "weeks",
              "months"
          ],
          "name": "unit",
          "required": true,
          "value": "weeks",
          "helpMessage": "Interval unit",
          "validation": "",
          "type": "select"
      },
      {
          "name": "recipients",
          "required": true,
          "value": "kglisson@netflix.com,example@netflix.com",
          "helpMessage": "Comma delimited list of email addresses",
          "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$",
          "type": "str"
      }
  ],
  "label": "test",
  "pluginName": "email-notification",
  "active": true,
  "id": 2
}
Label label

notification name

Label slug

notification plugin slug

Label plugin_options

notification plugin options

Label description

notification description

Label active

whether or not the notification is active/enabled

Label certificates

certificates to attach to notification

Request Headers
Status Codes

Users

class lemur.users.views.CertificateUsers

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'certificateCreator'
get(certificate_id)
GET /certificates/1/creator

Get a certificate’s creator

Example request:

GET /certificates/1/creator HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "active": false,
    "email": "user1@example.com",
    "username": "user1",
    "profileImage": null
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.users.views.Me

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'me'
get()
GET /auth/me

Get the currently authenticated user

Example request:

GET /auth/me HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "active": false,
    "email": "user1@example.com",
    "username": "user1",
    "profileImage": null
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.users.views.RoleUsers

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'roleUsers'
get(role_id)
GET /roles/1/users

Get all users associated with a role

Example request:

GET /roles/1/users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 2,
        "active": True,
        "email": "user2@example.com",
        "username": "user2",
        "profileImage": null
      },
      {
        "id": 1,
        "active": False,
        "email": "user1@example.com",
        "username": "user1",
        "profileImage": null
      }
    ]
  "total": 2
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.users.views.Users

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'user'
get(user_id)
GET /users/1

Get a specific user

Example request:

GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "active": false,
    "email": "user1@example.com",
    "username": "user1",
    "profileImage": null
}
Request Headers
Status Codes
mediatypes()
methods = {'GET', 'PUT'}

A list of methods this view can handle.

put(user_id, data=None)
PUT /users/1

Update a user

Example request with ID:

PUT /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "username": "user1",
   "email": "user1@example.com",
   "active": false,
   "roles": [
       {"id": 1}
   ]
}

Example request with name:

PUT /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "username": "user1",
   "email": "user1@example.com",
   "active": false,
   "roles": [
       {"name": "myRole"}
   ]
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "id": 1,
   "username": "user1",
   "email": "user1@example.com",
   "active": false,
   "profileImage": null
}
Request Headers
Status Codes
class lemur.users.views.UsersList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘users’ endpoint

endpoint = 'users'
get()
GET /users

The current user list

Example request:

GET /users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "items": [
      {
         "id": 2,
         "active": True,
         "email": "user2@example.com",
         "username": "user2",
         "profileImage": null
      },
      {
         "id": 1,
         "active": False,
         "email": "user1@example.com",
         "username": "user1",
         "profileImage": null
      }
   ]
   "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /users

Creates a new user

Example request with ID:

POST /users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "username": "user3",
   "email": "user3@example.com",
   "active": true,
   "roles": [
      {"id": 1}
   ]
}

Example request with name:

POST /users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "username": "user3",
   "email": "user3@example.com",
   "active": true,
   "roles": [
      {"name": "myRole"}
   ]
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 3,
    "active": True,
    "email": "user3@example.com",
    "username": "user3",
    "profileImage": null
}
Parameters
  • username – username for new user

  • email – email address for new user

  • password – password for new user

  • active – boolean, if the user is currently active

  • roles – list, roles that the user should be apart of

Request Headers
Status Codes

Roles

class lemur.roles.views.AuthorityRolesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'authorityRoles'
get(authority_id)
GET /authorities/1/roles

List of roles for a given authority

Example request:

GET /authorities/1/roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.roles.views.RoleViewCredentials

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'roleCredentials`'
get(role_id)
GET /roles/1/credentials

View a roles credentials

Example request:

GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "username": "ausername",
    "password": "apassword"
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.roles.views.Roles

Bases: lemur.auth.service.AuthenticatedResource

delete(role_id)
DELETE /roles/1

Delete a role

Example request:

DELETE /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "message": "ok"
}
Request Headers
Status Codes
endpoint = 'role'
get(role_id)
GET /roles/1

Get a particular role

Example request:

GET /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "name": "role1",
    "description": "this is role1"
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'PUT'}

A list of methods this view can handle.

put(role_id, data=None)
PUT /roles/1

Update a role

Example request:

PUT /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "name": "role1",
   "description": "This is a new description"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "id": 1,
   "name": "role1",
   "description": "this is a new description"
}
Request Headers
Status Codes
class lemur.roles.views.RolesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'roles'
get()
GET /roles

The current role list

Example request:

GET /roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /roles

Creates a new role

Example request:

POST /roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "name": "role3",
   "description": "this is role3",
   "username": null,
   "password": null,
   "users": [
      {"id": 1}
   ]
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 3,
    "description": "this is role3",
    "name": "role3"
}
Parameters
  • name – name for new role

  • description – description for new role

  • password – password for new role

  • username – username for new role

  • users – list, of users to associate with role

Request Headers
Status Codes
class lemur.roles.views.UserRolesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'userRoles'
get(user_id)
GET /users/1/roles

List of roles for a given user

Example request:

GET /users/1/roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Certificates

class lemur.certificates.views.CertificateExport

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'exportCertificate'
mediatypes()
methods = {'POST'}

A list of methods this view can handle.

post(certificate_id, data=None)
POST /certificates/1/export

Export a certificate

Example request:

PUT /certificates/1/export HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "export": {
      "plugin": {
          "pluginOptions": [{
              "available": ["Java Key Store (JKS)"],
              "required": true,
              "type": "select",
              "name": "type",
              "helpMessage": "Choose the format you wish to export",
              "value": "Java Key Store (JKS)"
          }, {
              "required": false,
              "type": "str",
              "name": "passphrase",
              "validation": "^(?=.*[A-Za-z])(?=.*\d)(?=.*[$@$!%*#?&])[A-Za-z\d$@$!%*#?&]{8,}$",
              "helpMessage": "If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8."
          }, {
              "required": false,
              "type": "str",
              "name": "alias",
              "helpMessage": "Enter the alias you wish to use for the keystore."
          }],
          "version": "unknown",
          "description": "Attempts to generate a JKS keystore or truststore",
          "title": "Java",
          "author": "Kevin Glisson",
          "type": "export",
          "slug": "java-export"
      }
  }
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "data": "base64encodedstring",
  "passphrase": "UAWOHW#&@_%!tnwmxh832025",
  "extension": "jks"
}
Request Headers
Status Codes
class lemur.certificates.views.CertificatePrivateKey

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'privateKeyCertificates'
get(certificate_id)
GET /certificates/1/key

Retrieves the private key for a given certificate

Example request:

GET /certificates/1/key HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "key": "-----BEGIN ..."
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.certificates.views.CertificateRevoke

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'revokeCertificate'
mediatypes()
methods = {'PUT'}

A list of methods this view can handle.

put(certificate_id, data=None)
PUT /certificates/1/revoke

Revoke a certificate. One can mention the reason of revocation using crlReason (optional) as per RFC 5280 section 5.3.1 The allowed values for crlReason can also be found in Lemur in constants.py/CRLReason Additional information can be captured using comments (optional).

Example request:

PUT /certificates/1/revoke HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "crlReason": "affiliationChanged",
  "comments": "Additional details if any"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1
}
Request Headers
Status Codes
class lemur.certificates.views.CertificateUpdateOwner

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'certificateUpdateOwner'
mediatypes()
methods = {'POST'}

A list of methods this view can handle.

post(certificate_id, data=None)
POST /certificates/1/update/owner

Update certificate owner

Example request:

POST /certificates/1/update/owner HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "owner": "joan@example.com"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notify": false,
  "rotation": false,
  "notifications": [{
      "id": 1
  }]
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "replaces": [],
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "san": null
}
Request Headers
Status Codes
class lemur.certificates.views.Certificates

Bases: lemur.auth.service.AuthenticatedResource

delete(certificate_id, data=None)
DELETE /certificates/1

Delete a certificate

Example request:

DELETE /certificates/1 HTTP/1.1
Host: example.com

Example response:

HTTP/1.1 204 OK
Request Headers
Status Codes
endpoint = 'certificateUpdateSwitches'
get(certificate_id)
GET /certificates/1

One certificate

Example request:

GET /certificates/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "csr": "-----BEGIN CERTIFICATE REQUEST-----"
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notifications": [{
      "id": 1
  }],
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "replaces": [],
  "replaced": [],
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "san": null
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'POST', 'PUT'}

A list of methods this view can handle.

post(certificate_id, data=None)
POST /certificates/1/update/switches

Update certificate boolean switches for notification or rotation

Example request:

POST /certificates/1/update/switches HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "notify": false,
   "rotation": false
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notify": false,
  "rotation": false,
  "notifications": [{
      "id": 1
  }]
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "replaces": [],
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "san": null
}
Request Headers
Status Codes
put(certificate_id, data=None)
PUT /certificates/1

Update a certificate

Example request:

PUT /certificates/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "owner": "jimbob@example.com",
   "active": false
   "notifications": [],
   "destinations": [],
   "replacements": []
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notifications": [{
      "id": 1
  }]
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "replaces": [],
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "san": null
}
Request Headers
Status Codes
class lemur.certificates.views.CertificatesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates’ endpoint

endpoint = 'certificates'
get()
GET /certificates

The current list of certificates. This API supports additional params like

Pagination, sorting:

/certificates?count=10&page=1&short=true&sortBy=id&sortDir=desc

Filters, mentioned as url param filter=field;value

/certificates?filter=cn;lemur.test.com /certificates?filter=notify;true /certificates?filter=rotation;true /certificates?filter=name;lemur.test.cert /certificates?filter=issuer;Digicert

Request expired certs

/certificates?showExpired=1

Search by Serial Number

Decimal: /certificates?serial=218243997808053074560741989466015229225 Hex: /certificates?serial=0xA43043DAB7F6F8AE115E94854EEB6529 /certificates?serial=a4:30:43:da:b7:f6:f8:ae:11:5e:94:85:4e:eb:65:29

Example request:

GET /certificates?serial=82311058732025924142789179368889309156 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "status": null,
      "cn": "*.test.example.net",
      "chain": "",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----"
      "authority": {
          "active": true,
          "owner": "secure@example.com",
          "id": 1,
          "description": "verisign test authority",
          "name": "verisign"
      },
      "owner": "joe@example.com",
      "serial": "82311058732025924142789179368889309156",
      "id": 2288,
      "issuer": "SymantecCorporation",
      "dateCreated": "2016-06-03T06:09:42.133769+00:00",
      "notBefore": "2016-06-03T00:00:00+00:00",
      "notAfter": "2018-01-12T23:59:59+00:00",
      "destinations": [],
      "bits": 2048,
      "body": "-----BEGIN CERTIFICATE-----...",
      "description": null,
      "deleted": null,
      "notifications": [{
          "id": 1
      }],
      "signingAlgorithm": "sha256",
      "user": {
          "username": "jane",
          "active": true,
          "email": "jane@example.com",
          "id": 2
      },
      "active": true,
      "domains": [{
          "sensitive": false,
          "id": 1090,
          "name": "*.test.example.net"
      }],
      "replaces": [],
      "replaced": [],
      "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
      "roles": [{
          "id": 464,
          "description": "This is a google group based role created by Lemur",
          "name": "joe@example.com"
      }],
      "san": null
  }],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int. default is 1

  • filter – key value pair format is k;v

  • count – count number. default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /certificates

Creates a new certificate

Example request:

POST /certificates HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
    "owner": "secure@example.net",
    "commonName": "test.example.net",
    "country": "US",
    "extensions": {
      "subAltNames": {
        "names": [
          {
            "nameType": "DNSName",
            "value": "*.test.example.net"
          },
          {
            "nameType": "DNSName",
            "value": "www.test.example.net"
          }
        ]
      }
    },
    "replacements": [{
      "id": 1
    }],
    "notify": true,
    "validityEnd": "2026-01-01T08:00:00.000Z",
    "authority": {
      "name": "verisign"
    },
    "organization": "Netflix, Inc.",
    "location": "Los Gatos",
    "state": "California",
    "validityStart": "2016-11-11T04:19:48.000Z",
    "organizationalUnit": "Operations"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notifications": [{
      "id": 1
  }],
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "replaces": [{
      "id": 1
  }],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "san": null
}
Request Headers
Status Codes
class lemur.certificates.views.CertificatesListValid

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates/valid’ endpoint

endpoint = 'certificatesListValid'
get()
GET /certificates/valid/<query>

The current list of not-expired certificates for a given common name, and owner. The API offers optional pagination. One can send page number(>=1) and desired count per page. The returned data contains total number of certificates which can help in determining the last page. Pagination will not be offered if page or count info is not sent or if it is zero.

Example request:

GET /certificates/valid?filter=cn;*.test.example.net&owner=joe@example.com&page=1&count=20 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response (with single cert to be concise):

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "status": null,
      "cn": "*.test.example.net",
      "chain": "",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----"
      "authority": {
          "active": true,
          "owner": "secure@example.com",
          "id": 1,
          "description": "verisign test authority",
          "name": "verisign"
      },
      "owner": "joe@example.com",
      "serial": "82311058732025924142789179368889309156",
      "id": 2288,
      "issuer": "SymantecCorporation",
      "dateCreated": "2016-06-03T06:09:42.133769+00:00",
      "notBefore": "2016-06-03T00:00:00+00:00",
      "notAfter": "2018-01-12T23:59:59+00:00",
      "destinations": [],
      "bits": 2048,
      "body": "-----BEGIN CERTIFICATE-----...",
      "description": null,
      "deleted": null,
      "notifications": [{
          "id": 1
      }],
      "signingAlgorithm": "sha256",
      "user": {
          "username": "jane",
          "active": true,
          "email": "jane@example.com",
          "id": 2
      },
      "active": true,
      "domains": [{
          "sensitive": false,
          "id": 1090,
          "name": "*.test.example.net"
      }],
      "replaces": [],
      "replaced": [],
      "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
      "roles": [{
          "id": 464,
          "description": "This is a google group based role created by Lemur",
          "name": "joe@example.com"
      }],
      "san": null
  }],
  "total": 1
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.certificates.views.CertificatesNameQuery

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates/name’ endpoint

endpoint = 'certificatesNameQuery'
get(certificate_name)
GET /certificates/name/<query>

The current list of certificates

Example request:

GET /certificates/name/WILDCARD.test.example.net-SymantecCorporation-20160603-20180112 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "status": null,
      "cn": "*.test.example.net",
      "chain": "",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----"
      "authority": {
          "active": true,
          "owner": "secure@example.com",
          "id": 1,
          "description": "verisign test authority",
          "name": "verisign"
      },
      "owner": "joe@example.com",
      "serial": "82311058732025924142789179368889309156",
      "id": 2288,
      "issuer": "SymantecCorporation",
      "dateCreated": "2016-06-03T06:09:42.133769+00:00",
      "notBefore": "2016-06-03T00:00:00+00:00",
      "notAfter": "2018-01-12T23:59:59+00:00",
      "destinations": [],
      "bits": 2048,
      "body": "-----BEGIN CERTIFICATE-----...",
      "description": null,
      "deleted": null,
      "notifications": [{
          "id": 1
      }],
      "signingAlgorithm": "sha256",
      "user": {
          "username": "jane",
          "active": true,
          "email": "jane@example.com",
          "id": 2
      },
      "active": true,
      "domains": [{
          "sensitive": false,
          "id": 1090,
          "name": "*.test.example.net"
      }],
      "replaces": [],
      "replaced": [],
      "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
      "roles": [{
          "id": 464,
          "description": "This is a google group based role created by Lemur",
          "name": "joe@example.com"
      }],
      "san": null
  }],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int. default is 1

  • filter – key value pair format is k;v

  • count – count number. default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.certificates.views.CertificatesReplacementsList

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'replacements'
get(certificate_id)
GET /certificates/1/replacements

One certificate

Example request:

GET /certificates/1/replacements HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "status": null,
      "cn": "*.test.example.net",
      "chain": "",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----",
      "authority": {
          "active": true,
          "owner": "secure@example.com",
          "id": 1,
          "description": "verisign test authority",
          "name": "verisign"
      },
      "owner": "joe@example.com",
      "serial": "82311058732025924142789179368889309156",
      "id": 2288,
      "issuer": "SymantecCorporation",
      "dateCreated": "2016-06-03T06:09:42.133769+00:00",
      "notBefore": "2016-06-03T00:00:00+00:00",
      "notAfter": "2018-01-12T23:59:59+00:00",
      "destinations": [],
      "bits": 2048,
      "body": "-----BEGIN CERTIFICATE-----...",
      "description": null,
      "deleted": null,
      "notifications": [{
          "id": 1
      }]
      "signingAlgorithm": "sha256",
      "user": {
          "username": "jane",
          "active": true,
          "email": "jane@example.com",
          "id": 2
      },
      "active": true,
      "domains": [{
          "sensitive": false,
          "id": 1090,
          "name": "*.test.example.net"
      }],
      "replaces": [],
      "replaced": [],
      "rotation": true,
      "rotationPolicy": {"name": "default"},
      "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
      "roles": [{
          "id": 464,
          "description": "This is a google group based role created by Lemur",
          "name": "joe@example.com"
      }],
      "san": null
  }],
  "total": 1
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.certificates.views.CertificatesStats

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates’ stats endpoint

endpoint = 'certificateStats'
get()
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.certificates.views.CertificatesUpload

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates’ upload endpoint

endpoint = 'certificateUpload'
mediatypes()
methods = {'POST'}

A list of methods this view can handle.

post(data=None)
POST /certificates/upload

Upload a certificate

Example request:

POST /certificates/upload HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "owner": "joe@example.com",
   "body": "-----BEGIN CERTIFICATE-----...",
   "chain": "-----BEGIN CERTIFICATE-----...",
   "privateKey": "-----BEGIN RSA PRIVATE KEY-----..."
   "csr": "-----BEGIN CERTIFICATE REQUEST-----..."
   "destinations": [],
   "notifications": [],
   "replacements": [],
   "roles": [],
   "notify": true,
   "name": "cert1"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "status": null,
  "cn": "*.test.example.net",
  "chain": "",
  "authority": {
      "active": true,
      "owner": "secure@example.com",
      "id": 1,
      "description": "verisign test authority",
      "name": "verisign"
  },
  "owner": "joe@example.com",
  "serial": "82311058732025924142789179368889309156",
  "id": 2288,
  "issuer": "SymantecCorporation",
  "dateCreated": "2016-06-03T06:09:42.133769+00:00",
  "notBefore": "2016-06-03T00:00:00+00:00",
  "notAfter": "2018-01-12T23:59:59+00:00",
  "destinations": [],
  "bits": 2048,
  "body": "-----BEGIN CERTIFICATE-----...",
  "description": null,
  "deleted": null,
  "notifications": [{
      "id": 1
  }],
  "signingAlgorithm": "sha256",
  "user": {
      "username": "jane",
      "active": true,
      "email": "jane@example.com",
      "id": 2
  },
  "active": true,
  "domains": [{
      "sensitive": false,
      "id": 1090,
      "name": "*.test.example.net"
  }],
  "replaces": [],
  "rotation": true,
  "rotationPolicy": {"name": "default"},
  "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
  "roles": [{
      "id": 464,
      "description": "This is a google group based role created by Lemur",
      "name": "joe@example.com"
  }],
  "san": null
}
Request Headers
Status Codes
class lemur.certificates.views.NotificationCertificatesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificates’ endpoint

endpoint = 'notificationCertificates'
get(notification_id)
GET /notifications/1/certificates

The current list of certificates for a given notification

Example request:

GET /notifications/1/certificates HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "status": null,
      "cn": "*.test.example.net",
      "chain": "",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----"
      "authority": {
          "active": true,
          "owner": "secure@example.com",
          "id": 1,
          "description": "verisign test authority",
          "name": "verisign"
      },
      "owner": "joe@example.com",
      "serial": "82311058732025924142789179368889309156",
      "id": 2288,
      "issuer": "SymantecCorporation",
      "dateCreated": "2016-06-03T06:09:42.133769+00:00",
      "notBefore": "2016-06-03T00:00:00+00:00",
      "notAfter": "2018-01-12T23:59:59+00:00",
      "destinations": [],
      "bits": 2048,
      "body": "-----BEGIN CERTIFICATE-----...",
      "description": null,
      "deleted": null,
      "notifications": [{
          "id": 1
      }],
      "signingAlgorithm": "sha256",
      "user": {
          "username": "jane",
          "active": true,
          "email": "jane@example.com",
          "id": 2
      },
      "active": true,
      "domains": [{
          "sensitive": false,
          "id": 1090,
          "name": "*.test.example.net"
      }],
      "replaces": [],
      "replaced": [],
      "rotation": true,
      "rotationPolicy": {"name": "default"},
      "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
      "roles": [{
          "id": 464,
          "description": "This is a google group based role created by Lemur",
          "name": "joe@example.com"
      }],
      "san": null
  }],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Authorities

class lemur.authorities.views.Authorities

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'authority'
get(authority_id)
GET /authorities/1

One authority

Example request:

GET /authorities/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "roles": [{
      "id": 123,
      "name": "secure@example.com"
  }, {
      "id": 564,
      "name": "TestAuthority_admin"
  }, {
      "id": 565,
      "name": "TestAuthority_operator"
  }],
  "active": true,
  "owner": "secure@example.com",
  "id": 43,
  "description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
Parameters
  • description – a sensible description about what the CA with be used for

  • owner – the team or person who ‘owns’ this authority

  • active – set whether this authoritity is currently in use

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'PUT'}

A list of methods this view can handle.

put(authority_id, data=None)
PUT /authorities/1

Update an authority

Example request:

PUT /authorities/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "name": "TestAuthority5",
  "roles": [{
      "id": 566,
      "name": "TestAuthority5_admin"
  }, {
      "id": 567,
      "name": "TestAuthority5_operator"
  }, {
      "id": 123,
      "name": "secure@example.com"
  }],
  "active": true,
  "authorityCertificate": {
      "body": "-----BEGIN CERTIFICATE-----",
      "status": null,
      "cn": "AcommonName",
      "description": "This is the ROOT certificate for the TestAuthority5 certificate authority.",
      "chain": "",
      "notBefore": "2016-06-03T00:00:51+00:00",
      "notAfter": "2036-06-03T23:59:51+00:00",
      "owner": "secure@example.com",
      "user": {
          "username": "joe@example.com",
          "active": true,
          "email": "joe@example.com",
          "id": 3
      },
      "active": true,
      "bits": 2048,
      "id": 2280,
      "name": "TestAuthority5"
  },
  "owner": "secure@example.com",
  "id": 44,
  "description": "This is the ROOT certificate for the TestAuthority5 certificate authority."
 }

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "name": "TestAuthority",
  "roles": [{
      "id": 123,
      "name": "secure@example.com"
  }, {
      "id": 564,
      "name": "TestAuthority_admin"
  }, {
      "id": 565,
      "name": "TestAuthority_operator"
  }],
  "options": null,
  "active": true,
  "authorityCertificate": {
      "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
      "status": true,
      "cn": "AcommonName",
      "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
      "chain": "",
      "notBefore": "2016-06-02T00:00:15+00:00",
      "notAfter": "2023-06-02T23:59:15+00:00",
      "owner": "secure@example.com",
      "user": {
          "username": "joe@example.com",
          "active": true,
          "email": "joe@example.com",
          "id": 3
      },
      "active": true,
      "bits": 2048,
      "id": 2235,
      "name": "TestAuthority"
  },
  "owner": "secure@example.com",
  "id": 43,
  "description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
Request Headers
Status Codes
class lemur.authorities.views.AuthoritiesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘authorities’ endpoint

endpoint = 'authorities'
get()
GET /authorities

The current list of authorities

Example request:

GET /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [{
      "name": "TestAuthority",
      "roles": [{
          "id": 123,
          "name": "secure@example.com"
      }, {
          "id": 564,
          "name": "TestAuthority_admin"
      }, {
          "id": 565,
          "name": "TestAuthority_operator"
      }],
      "options": null,
      "active": true,
      "authorityCertificate": {
          "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
          "status": true,
          "cn": "AcommonName",
          "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
          "chain": "",
          "notBefore": "2016-06-02T00:00:15+00:00",
          "notAfter": "2023-06-02T23:59:15+00:00",
          "owner": "secure@example.com",
          "user": {
              "username": "joe@example.com",
              "active": true,
              "email": "joe@example.com",
              "id": 3
          },
          "active": true,
          "bits": 2048,
          "id": 2235,
          "name": "TestAuthority"
      },
      "owner": "secure@example.com",
      "id": 43,
      "description": "This is the ROOT certificate for the TestAuthority certificate authority."
  }],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair. format is k;v

  • count – count number default is 10

Request Headers
Status Codes
Note

this will only show certificates that the current user is authorized to use

mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /authorities

Create an authority

Example request:

POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "country": "US",
   "state": "California",
   "location": "Los Gatos",
   "organization": "Netflix",
   "organizationalUnit": "Operations",
   "type": "root",
   "signingAlgorithm": "sha256WithRSA",
   "sensitivity": "medium",
   "keyType": "RSA2048",
   "plugin": {
       "slug": "cloudca-issuer"
   },
   "name": "TimeTestAuthority5",
   "owner": "secure@example.com",
   "description": "test",
   "commonName": "AcommonName",
   "validityYears": "20",
   "extensions": {
       "subAltNames": {
           "names": []
       },
       "custom": []
   }
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "name": "TestAuthority",
  "roles": [{
      "id": 123,
      "name": "secure@example.com"
  }, {
      "id": 564,
      "name": "TestAuthority_admin"
  }, {
      "id": 565,
      "name": "TestAuthority_operator"
  }],
  "options": null,
  "active": true,
  "authorityCertificate": {
      "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
      "status": true,
      "cn": "AcommonName",
      "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
      "chain": "",
      "notBefore": "2016-06-02T00:00:15+00:00",
      "notAfter": "2023-06-02T23:59:15+00:00",
      "owner": "secure@example.com",
      "user": {
          "username": "joe@example.com",
          "active": true,
          "email": "joe@example.com",
          "id": 3
      },
      "active": true,
      "bits": 2048,
      "id": 2235,
      "name": "TestAuthority"
  },
  "owner": "secure@example.com",
  "id": 43,
  "description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
Parameters
  • name – authority’s name

  • description – a sensible description about what the CA with be used for

  • owner – the team or person who ‘owns’ this authority

  • validityStart – when this authority should start issuing certificates

  • validityEnd – when this authority should stop issuing certificates

  • validityYears – starting from now how many years into the future the authority should be valid

  • extensions – certificate extensions

  • plugin – name of the plugin to create the authority

  • type – the type of authority (root/subca)

  • parent – the parent authority if this is to be a subca

  • signingAlgorithm – algorithm used to sign the authority

  • keyType – key type

  • sensitivity – the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM

  • keyName – name of the key to store in the HSM (CloudCA)

  • serialNumber – serial number of the authority

  • firstSerial – specifies the starting serial number for certificates issued off of this authority

Request Headers
Status Codes
class lemur.authorities.views.AuthorityVisualizations

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'authority_visualizations'
get(authority_id)
GET /authorities/1/visualize

Authority visualization

Example request:

GET /certificates/1/visualize HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

  {"name": "flare",
      "children": [
          {
              "name": "analytics",
              "children": [
                  {
                      "name": "cluster",
                      "children": [
                          {"name": "AgglomerativeCluster", "size": 3938},
                          {"name": "CommunityStructure", "size": 3812},
                          {"name": "HierarchicalCluster", "size": 6714},
                          {"name": "MergeEdge", "size": 743}
                      ]
                  }
              ]
          }
      ]
  }
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.authorities.views.CertificateAuthority

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'certificateAuthority'
get(certificate_id)
GET /certificates/1/authority

One authority for given certificate

Example request:

GET /certificates/1/authority HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "name": "TestAuthority",
  "roles": [{
      "id": 123,
      "name": "secure@example.com"
  }, {
      "id": 564,
      "name": "TestAuthority_admin"
  }, {
      "id": 565,
      "name": "TestAuthority_operator"
  }],
  "options": null,
  "active": true,
  "authorityCertificate": {
      "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
      "status": true,
      "cn": "AcommonName",
      "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
      "chain": "",
      "notBefore": "2016-06-02T00:00:15+00:00",
      "notAfter": "2023-06-02T23:59:15+00:00",
      "owner": "secure@example.com",
      "user": {
          "username": "joe@example.com",
          "active": true,
          "email": "joe@example.com",
          "id": 3
      },
      "active": true,
      "bits": 2048,
      "id": 2235,
      "name": "TestAuthority"
  },
  "owner": "secure@example.com",
  "id": 43,
  "description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Domains

class lemur.domains.views.CertificateDomains

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘domains’ endpoint

endpoint = 'certificateDomains'
get(certificate_id)
GET /certificates/1/domains

The current domain list

Example request:

GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "www.example.com",
        "sensitive": false
      },
      {
        "id": 2,
        "name": "www.example2.com",
        "sensitive": false
      }
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.domains.views.Domains

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'domain'
get(domain_id)
GET /domains/1

Fetch one domain

Example request:

GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "name": "www.example.com",
    "sensitive": false
}
Request Headers
Status Codes
mediatypes()
methods = {'GET', 'PUT'}

A list of methods this view can handle.

put(domain_id, data=None)
GET /domains/1

update one domain

Example request:

GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

{
    "name": "www.example.com",
    "sensitive": false
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "name": "www.example.com",
    "sensitive": false
}
Request Headers
Status Codes
class lemur.domains.views.DomainsList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘domains’ endpoint

endpoint = 'domains'
get()
GET /domains

The current domain list

Example request:

GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "www.example.com",
        "sensitive": false
      },
      {
        "id": 2,
        "name": "www.example2.com",
        "sensitive": false
      }
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number. default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /domains

The current domain list

Example request:

POST /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

{
  "name": "www.example.com",
  "sensitive": false
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "name": "www.example.com",
  "sensitive": false
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes

Endpoints

class lemur.endpoints.views.Endpoints

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'endpoint'
get(endpoint_id)
GET /endpoints/1

One endpoint

Example request:

GET /endpoints/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.endpoints.views.EndpointsList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘endpoints’ endpoint

endpoint = 'endpoints'
get()
GET /endpoints

The current list of endpoints

Example request:

GET /endpoints HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair. format is k;v

  • limit – limit number default is 10

Request Headers
Status Codes
Note

this will only show certificates that the current user is authorized to use

mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Logs

class lemur.logs.views.LogsList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘logs’ endpoint

endpoint = 'logs'
get()
GET /logs

The current log list

Example request:

GET /logs HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
    ]
  "total": 2
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

Sources

class lemur.sources.views.CertificateSources

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificate/<int:certificate_id/sources’’ endpoint

endpoint = 'certificateSources'
get(certificate_id)
GET /certificates/1/sources

The current account list for a given certificates

Example request:

GET /certificates/1/sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "id": 3,
          "lastRun": "2015-08-01T15:40:58",
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.sources.views.Sources

Bases: lemur.auth.service.AuthenticatedResource

delete(source_id)
endpoint = 'account'
get(source_id)
GET /sources/1

Get a specific account

Example request:

GET /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'PUT'}

A list of methods this view can handle.

put(source_id, data=None)
PUT /sources/1

Updates an account

Example request:

POST /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters
  • accountNumber – aws account number

  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes
class lemur.sources.views.SourcesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘sources’ endpoint

endpoint = 'sources'
get()
GET /sources

The current account list

Example request:

GET /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "lastRun": "2015-08-01T15:40:58",
          "id": 3,
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /sources

Creates a new account

Example request:

POST /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters
  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes

Internals