sources Package¶
sources
Module¶
cli
Module¶
- lemur.sources.cli.clean(source_strings, commit)
- lemur.sources.cli.clean_unused_and_expiring_within_days(source_strings, days_to_expire, commit)
- lemur.sources.cli.clean_unused_and_issued_since_days(source_strings, days_since_issuance, commit)
- lemur.sources.cli.enable_cloudfront(source_label)
Given the label of a legacy AWS source (without path or endpointType options), set up the source for CloudFront:
Update the source options to the newest template, inheriting the existing values.
Set
path
to “/” andendpointType
to “elb” to restrict the source to discovering ELBs and related certs only.Create a new source (and destination) for the same accountNumber with
path
as “/cloudfront/” andendpointType
as “cloudfront”
- Parameters:
source_strings –
- Returns:
- lemur.sources.cli.execute_clean(plugin, certificate, source)
- lemur.sources.cli.sync(source_strings, ttl)
- lemur.sources.cli.sync_source_destination(labels)
This command will sync destination and source, to make sure eligible destinations are also present as source. Destination eligibility is determined on the sync_as_source attribute of the plugin. The destination sync_as_source_name provides the name of the suitable source-plugin. We use (account number, IAM path) tuple uniqueness to avoid duplicate sources.
Lemur now does this automatically during destination create and update, so this command is primarily useful for migrating legacy destinations. Set “-d all” to sync all destinations.
- lemur.sources.cli.validate_destinations(destination_strings)
- lemur.sources.cli.validate_sources(source_strings)
models
Module¶
- class lemur.sources.models.Source(**kwargs)
Bases:
Model
- active
- certificate
- description
- endpoints
- id
- label
- last_run
- options
- pending_cert
- property plugin
- plugin_name
schemas
Module¶
- class lemur.sources.schemas.SourceInputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)
Bases:
LemurInputSchema
- opts = <marshmallow.schema.SchemaOpts object>
- class lemur.sources.schemas.SourceOutputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)
Bases:
LemurOutputSchema
- fill_object(data)
- opts = <marshmallow.schema.SchemaOpts object>
service
Module¶
- lemur.sources.service.add_aws_destination_to_sources(dst)
Given a destination, check if it can be added as sources, and include it if not already a source We identify qualified destinations based on the sync_as_source attributed of the plugin. The destination sync_as_source_name reveals the name of the suitable source-plugin. We rely on account numbers to avoid duplicates. :return: true for success and false for not adding the destination as source
- lemur.sources.service.certificate_create(certificate, source)
- lemur.sources.service.certificate_update(certificate, source)
- lemur.sources.service.create(label, plugin_name, options, description=None)
Creates a new source, that can then be used as a source for certificates.
- Parameters:
label – Source common name
plugin_name –
options –
description –
- Return type:
Source
- Returns:
New source
- lemur.sources.service.delete(source_id)
Deletes an source.
- Parameters:
source_id – Lemur assigned ID
- lemur.sources.service.expire_endpoints(source, ttl_hours)
- lemur.sources.service.find_cert(certificate)
- lemur.sources.service.get(source_id)
Retrieves an source by its lemur assigned ID.
- Parameters:
source_id – Lemur assigned ID
- Return type:
Source
- Returns:
- lemur.sources.service.get_all()
Retrieves all source currently known by Lemur.
- Returns:
- lemur.sources.service.get_by_label(label)
Retrieves a source by its label
- Parameters:
label –
- Returns:
- lemur.sources.service.render(args)
- lemur.sources.service.sync(source, user, ttl_hours=2)
- lemur.sources.service.sync_certificates(source, user)
- lemur.sources.service.sync_endpoints(source)
- lemur.sources.service.sync_update_destination(certificate, source)
- lemur.sources.service.update(source_id, label, plugin_name, options, description)
Updates an existing source.
- Parameters:
source_id – Lemur assigned ID
label – Source common name
options –
plugin_name –
description –
- Return type:
Source
- Returns:
views
Module¶
- class lemur.sources.views.CertificateSources
Bases:
AuthenticatedResource
Defines the ‘certificate/<int:certificate_id/sources’’ endpoint
- endpoint = 'certificateSources'
- get(certificate_id)
- GET /certificates/1/sources¶
The current account list for a given certificates
Example request:
GET /certificates/1/sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.sources.views.Sources
Bases:
AuthenticatedResource
- delete(source_id)
- endpoint = 'account'
- get(source_id)
- GET /sources/1¶
Get a specific account
Example request:
GET /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(source_id, data=None)
- PUT /sources/1¶
Updates an account
Example request:
POST /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters:
accountNumber – aws account number
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.sources.views.SourcesList
Bases:
AuthenticatedResource
Defines the ‘sources’ endpoint
- endpoint = 'sources'
- get()
- GET /sources¶
The current account list
Example request:
GET /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "lastRun": "2015-08-01T15:40:58", "id": 3, "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)
- POST /sources¶
Creates a new account
Example request:
POST /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters:
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error