sources Package

sources Module

cli Module

lemur.sources.cli.clean(source_strings, commit)
lemur.sources.cli.clean_unused_and_expiring_within_days(source_strings, days_to_expire, commit)
lemur.sources.cli.clean_unused_and_issued_since_days(source_strings, days_since_issuance, commit)
lemur.sources.cli.enable_cloudfront(source_label)

Given the label of a legacy AWS source (without path or endpointType options), set up the source for CloudFront:

  1. Update the source options to the newest template, inheriting the existing values.

  2. Set path to “/” and endpointType to “elb” to restrict the source to discovering ELBs and related certs only.

  3. Create a new source (and destination) for the same accountNumber with path as “/cloudfront/” and endpointType as “cloudfront”

Parameters

source_strings

Returns

lemur.sources.cli.execute_clean(plugin, certificate, source)
lemur.sources.cli.sync(source_strings, ttl)
lemur.sources.cli.sync_source_destination(labels)

This command will sync destination and source, to make sure eligible destinations are also present as source. Destination eligibility is determined on the sync_as_source attribute of the plugin. The destination sync_as_source_name provides the name of the suitable source-plugin. We use (account number, IAM path) tuple uniqueness to avoid duplicate sources.

Lemur now does this automatically during destination create and update, so this command is primarily useful for migrating legacy destinations. Set “-d all” to sync all destinations.

lemur.sources.cli.validate_destinations(destination_strings)
lemur.sources.cli.validate_sources(source_strings)

models Module

class lemur.sources.models.Source(**kwargs)

Bases: sqlalchemy.ext.declarative.api.Model

active
certificate
description
endpoints
id
label
last_run
options
pending_cert
property plugin
plugin_name

schemas Module

class lemur.sources.schemas.SourceInputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)

Bases: lemur.common.schema.LemurInputSchema

opts = <marshmallow.schema.SchemaOpts object>
class lemur.sources.schemas.SourceOutputSchema(extra=None, only=None, exclude=(), prefix='', strict=None, many=False, context=None, load_only=(), dump_only=(), partial=False)

Bases: lemur.common.schema.LemurOutputSchema

fill_object(data)
opts = <marshmallow.schema.SchemaOpts object>

service Module

lemur.sources.service.add_aws_destination_to_sources(dst)

Given a destination, check if it can be added as sources, and include it if not already a source We identify qualified destinations based on the sync_as_source attributed of the plugin. The destination sync_as_source_name reveals the name of the suitable source-plugin. We rely on account numbers to avoid duplicates. :return: true for success and false for not adding the destination as source

lemur.sources.service.certificate_create(certificate, source)
lemur.sources.service.certificate_update(certificate, source)
lemur.sources.service.create(label, plugin_name, options, description=None)

Creates a new source, that can then be used as a source for certificates.

Parameters
  • label – Source common name

  • plugin_name

  • options

  • description

Return type

Source

Returns

New source

lemur.sources.service.delete(source_id)

Deletes an source.

Parameters

source_id – Lemur assigned ID

lemur.sources.service.expire_endpoints(source, ttl_hours)
lemur.sources.service.find_cert(certificate)
lemur.sources.service.get(source_id)

Retrieves an source by its lemur assigned ID.

Parameters

source_id – Lemur assigned ID

Return type

Source

Returns

lemur.sources.service.get_all()

Retrieves all source currently known by Lemur.

Returns

lemur.sources.service.get_by_label(label)

Retrieves a source by its label

Parameters

label

Returns

lemur.sources.service.render(args)
lemur.sources.service.sync(source, user, ttl_hours=2)
lemur.sources.service.sync_certificates(source, user)
lemur.sources.service.sync_endpoints(source)
lemur.sources.service.sync_update_destination(certificate, source)
lemur.sources.service.update(source_id, label, plugin_name, options, description)

Updates an existing source.

Parameters
  • source_id – Lemur assigned ID

  • label – Source common name

  • options

  • plugin_name

  • description

Return type

Source

Returns

views Module

class lemur.sources.views.CertificateSources

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘certificate/<int:certificate_id/sources’’ endpoint

endpoint = 'certificateSources'
get(certificate_id)
GET /certificates/1/sources

The current account list for a given certificates

Example request:

GET /certificates/1/sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "id": 3,
          "lastRun": "2015-08-01T15:40:58",
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET'}

A list of methods this view can handle.

class lemur.sources.views.Sources

Bases: lemur.auth.service.AuthenticatedResource

delete(source_id)
endpoint = 'account'
get(source_id)
GET /sources/1

Get a specific account

Example request:

GET /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Request Headers
Status Codes
mediatypes()
methods = {'DELETE', 'GET', 'PUT'}

A list of methods this view can handle.

put(source_id, data=None)
PUT /sources/1

Updates an account

Example request:

POST /sources/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters
  • accountNumber – aws account number

  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes
class lemur.sources.views.SourcesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘sources’ endpoint

endpoint = 'sources'
get()
GET /sources

The current account list

Example request:

GET /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
          "options": [
              {
                  "name": "accountNumber",
                  "required": true,
                  "value": 111111111112,
                  "helpMessage": "Must be a valid AWS account number!",
                  "validation": "^[0-9]{12,12}$",
                  "type": "int"
              }
          ],
          "pluginName": "aws-source",
          "lastRun": "2015-08-01T15:40:58",
          "id": 3,
          "description": "test",
          "label": "test"
      }
  ],
  "total": 1
}
Query Parameters
  • sortBy – field to sort on

  • sortDir – asc or desc

  • page – int default is 1

  • filter – key value pair format is k;v

  • count – count number default is 10

Request Headers
Status Codes
mediatypes()
methods = {'GET', 'POST'}

A list of methods this view can handle.

post(data=None)
POST /sources

Creates a new account

Example request:

POST /sources HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "options": [
      {
          "name": "accountNumber",
          "required": true,
          "value": 111111111112,
          "helpMessage": "Must be a valid AWS account number!",
          "validation": "^[0-9]{12,12}$",
          "type": "int"
      }
  ],
  "pluginName": "aws-source",
  "id": 3,
  "lastRun": "2015-08-01T15:40:58",
  "description": "test",
  "label": "test"
}
Parameters
  • label – human readable account label

  • description – some description about the account

Request Headers
Status Codes