sources Package

sources Module

cli Module

lemur.sources.cli.clean(source_strings, commit)
lemur.sources.cli.clean_unused_and_expiring_within_days(source_strings, days_to_expire, commit)
lemur.sources.cli.clean_unused_and_issued_since_days(source_strings, days_since_issuance, commit)
lemur.sources.cli.enable_cloudfront(source_label)

Given the label of a legacy AWS source (without path or endpointType options), set up the source for CloudFront:

  1. Update the source options to the newest template, inheriting the existing values.

  2. Set path to “/” and endpointType to “elb” to restrict the source to discovering ELBs and related certs only.

  3. Create a new source (and destination) for the same accountNumber with path as “/cloudfront/” and endpointType as “cloudfront”

Parameters:

source_strings

Returns:

lemur.sources.cli.execute_clean(plugin, certificate, source)
lemur.sources.cli.sync(source_strings, ttl)
lemur.sources.cli.sync_source_destination(labels)

This command will sync destination and source, to make sure eligible destinations are also present as source. Destination eligibility is determined on the sync_as_source attribute of the plugin. The destination sync_as_source_name provides the name of the suitable source-plugin. We use (account number, IAM path) tuple uniqueness to avoid duplicate sources.

Lemur now does this automatically during destination create and update, so this command is primarily useful for migrating legacy destinations. Set “-d all” to sync all destinations.

lemur.sources.cli.validate_destinations(destination_strings)
lemur.sources.cli.validate_sources(source_strings)

models Module

class lemur.sources.models.Source(**kwargs)

Bases: Model

active
certificate
description
endpoints
id
label
last_run
options
pending_cert
property plugin
plugin_name

schemas Module

class lemur.sources.schemas.SourceInputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)

Bases: LemurInputSchema

opts = <marshmallow.schema.SchemaOpts object>
class lemur.sources.schemas.SourceOutputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)

Bases: LemurOutputSchema

fill_object(data)
opts = <marshmallow.schema.SchemaOpts object>

service Module

lemur.sources.service.add_aws_destination_to_sources(dst)

Given a destination, check if it can be added as sources, and include it if not already a source We identify qualified destinations based on the sync_as_source attributed of the plugin. The destination sync_as_source_name reveals the name of the suitable source-plugin. We rely on account numbers to avoid duplicates. :return: true for success and false for not adding the destination as source

lemur.sources.service.certificate_create(certificate, source)
lemur.sources.service.certificate_update(certificate, source)
lemur.sources.service.create(label, plugin_name, options, description=None)

Creates a new source, that can then be used as a source for certificates.

Parameters:

  • label – Source common name

  • plugin_name

  • options

  • description

Return type:

Source

Returns:

New source

lemur.sources.service.delete(source_id)

Deletes an source.

Parameters:

source_id – Lemur assigned ID

lemur.sources.service.expire_endpoints(source, ttl_hours)
lemur.sources.service.find_cert(certificate)
lemur.sources.service.get(source_id)

Retrieves an source by its lemur assigned ID.

Parameters:

source_id – Lemur assigned ID

Return type:

Source

Returns:

lemur.sources.service.get_all()

Retrieves all source currently known by Lemur.

Returns:

lemur.sources.service.get_by_label(label)

Retrieves a source by its label

Parameters:

label

Returns:

lemur.sources.service.render(args)
lemur.sources.service.sync(source, user, ttl_hours=2)
lemur.sources.service.sync_certificates(source, user)
lemur.sources.service.sync_endpoints(source)
lemur.sources.service.sync_update_destination(certificate, source)
lemur.sources.service.update(source_id, label, plugin_name, options, description)

Updates an existing source.

Parameters:

  • source_id – Lemur assigned ID

  • label – Source common name

  • options

  • plugin_name

  • description

Return type:

Source

Returns:

views Module

class lemur.sources.views.CertificateSources

Bases: AuthenticatedResource

Defines the ‘certificate/<int:certificate_id/sources’’ endpoint

endpoint = 'certificateSources'
get(certificate_id)
GET /certificates/1/sources

The current account list for a given certificates

Example request:

GET /certificates/1/sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "id": 3,
          "lastRun": "2015-08-01T15:40:58",
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters:

  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers:
Status Codes:
mediatypes()
methods: t.ClassVar[t.Collection[str] | None] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class lemur.sources.views.Sources

Bases: AuthenticatedResource

delete(source_id)
endpoint = 'account'
get(source_id)
GET /sources/1

Get a specific account

Example request:

GET /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Request Headers:
Status Codes:
mediatypes()
methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

put(source_id, data=None)
PUT /sources/1

Updates an account

Example request:

POST /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters:

  • accountNumber – aws account number

  • label – human readable account label

  • description – some description about the account

Request Headers:
Status Codes:
class lemur.sources.views.SourcesList

Bases: AuthenticatedResource

Defines the ‘sources’ endpoint

endpoint = 'sources'
get()
GET /sources

The current account list

Example request:

GET /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "lastRun": "2015-08-01T15:40:58",
          "id": 3,
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters:

  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers:
Status Codes:
mediatypes()
methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(data=None)
POST /sources

Creates a new account

Example request:

POST /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters:

  • label – human readable account label

  • description – some description about the account

Request Headers:
Status Codes: