sources Package¶
sources
Module¶
cli
Module¶
-
lemur.sources.cli.
clean
(source_strings, commit)
-
lemur.sources.cli.
clean_unused_and_expiring_within_days
(source_strings, days_to_expire, commit)
-
lemur.sources.cli.
clean_unused_and_issued_since_days
(source_strings, days_since_issuance, commit)
-
lemur.sources.cli.
enable_cloudfront
(source_label) Given the label of a legacy AWS source (without path or endpointType options), set up the source for CloudFront:
Update the source options to the newest template, inheriting the existing values.
Set
path
to “/” andendpointType
to “elb” to restrict the source to discovering ELBs and related certs only.Create a new source (and destination) for the same accountNumber with
path
as “/cloudfront/” andendpointType
as “cloudfront”
- Parameters
source_strings –
- Returns
-
lemur.sources.cli.
execute_clean
(plugin, certificate, source)
-
lemur.sources.cli.
sync
(source_strings, ttl)
-
lemur.sources.cli.
sync_source_destination
(labels) This command will sync destination and source, to make sure eligible destinations are also present as source. Destination eligibility is determined on the sync_as_source attribute of the plugin. The destination sync_as_source_name provides the name of the suitable source-plugin. We use (account number, IAM path) tuple uniqueness to avoid duplicate sources.
Lemur now does this automatically during destination create and update, so this command is primarily useful for migrating legacy destinations. Set “-d all” to sync all destinations.
-
lemur.sources.cli.
validate_destinations
(destination_strings)
-
lemur.sources.cli.
validate_sources
(source_strings)
models
Module¶
-
class
lemur.sources.models.
Source
(**kwargs) Bases:
sqlalchemy.ext.declarative.api.Model
-
active
-
certificate
-
description
-
endpoints
-
id
-
label
-
last_run
-
options
-
pending_cert
-
property
plugin
-
plugin_name
-
schemas
Module¶
-
class
lemur.sources.schemas.
SourceInputSchema
(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False) Bases:
lemur.common.schema.LemurInputSchema
-
opts
= <marshmallow.schema.SchemaOpts object>
-
-
class
lemur.sources.schemas.
SourceOutputSchema
(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False) Bases:
lemur.common.schema.LemurOutputSchema
-
fill_object
(data)
-
opts
= <marshmallow.schema.SchemaOpts object>
-
service
Module¶
-
lemur.sources.service.
add_aws_destination_to_sources
(dst) Given a destination, check if it can be added as sources, and include it if not already a source We identify qualified destinations based on the sync_as_source attributed of the plugin. The destination sync_as_source_name reveals the name of the suitable source-plugin. We rely on account numbers to avoid duplicates. :return: true for success and false for not adding the destination as source
-
lemur.sources.service.
certificate_create
(certificate, source)
-
lemur.sources.service.
certificate_update
(certificate, source)
-
lemur.sources.service.
create
(label, plugin_name, options, description=None) Creates a new source, that can then be used as a source for certificates.
- Parameters
label – Source common name
plugin_name –
options –
description –
- Return type
Source
- Returns
New source
-
lemur.sources.service.
delete
(source_id) Deletes an source.
- Parameters
source_id – Lemur assigned ID
-
lemur.sources.service.
expire_endpoints
(source, ttl_hours)
-
lemur.sources.service.
find_cert
(certificate)
-
lemur.sources.service.
get
(source_id) Retrieves an source by its lemur assigned ID.
- Parameters
source_id – Lemur assigned ID
- Return type
Source
- Returns
-
lemur.sources.service.
get_all
() Retrieves all source currently known by Lemur.
- Returns
-
lemur.sources.service.
get_by_label
(label) Retrieves a source by its label
- Parameters
label –
- Returns
-
lemur.sources.service.
render
(args)
-
lemur.sources.service.
sync
(source, user, ttl_hours=2)
-
lemur.sources.service.
sync_certificates
(source, user)
-
lemur.sources.service.
sync_endpoints
(source)
-
lemur.sources.service.
sync_update_destination
(certificate, source)
-
lemur.sources.service.
update
(source_id, label, plugin_name, options, description) Updates an existing source.
- Parameters
source_id – Lemur assigned ID
label – Source common name
options –
plugin_name –
description –
- Return type
Source
- Returns
views
Module¶
-
class
lemur.sources.views.
CertificateSources
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificate/<int:certificate_id/sources’’ endpoint
-
endpoint
= 'certificateSources'
-
get
(certificate_id) -
GET
/certificates/1/sources
¶ The current account list for a given certificates
Example request:
GET /certificates/1/sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
-
-
mediatypes
()
-
methods
= {'GET'} A list of methods this view can handle.
-
-
class
lemur.sources.views.
Sources
Bases:
lemur.auth.service.AuthenticatedResource
-
delete
(source_id)
-
endpoint
= 'account'
-
get
(source_id) -
GET
/sources/1
¶ Get a specific account
Example request:
GET /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
-
-
mediatypes
()
-
methods
= {'DELETE', 'GET', 'PUT'} A list of methods this view can handle.
-
put
(source_id, data=None) -
PUT
/sources/1
¶ Updates an account
Example request:
POST /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters
accountNumber – aws account number
label – human readable account label
description – some description about the account
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
-
-
-
class
lemur.sources.views.
SourcesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘sources’ endpoint
-
endpoint
= 'sources'
-
get
() -
GET
/sources
¶ The current account list
Example request:
GET /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "lastRun": "2015-08-01T15:40:58", "id": 3, "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
-
-
mediatypes
()
-
methods
= {'GET', 'POST'} A list of methods this view can handle.
-
post
(data=None) -
POST
/sources
¶ Creates a new account
Example request:
POST /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters
label – human readable account label
description – some description about the account
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
-
-