Contributing¶
Want to contribute back to Lemur? This page describes the general development flow, our philosophy, the test suite, and issue tracking.
Documentation¶
If you’re looking to help document Lemur, you can get set up with Sphinx, our documentation tool, but first you will want to make sure you have a few things on your local system:
python-dev (if you’re on OS X, you already have this)
pip
virtualenvwrapper
Once you’ve got all that, the rest is simple:
# If you have a fork, you'll want to clone it instead
git clone git://github.com/netflix/lemur.git
# Create and activate python virtualenv from within the lemur repo
python3 -m venv env
. env/bin/activate
# Install doc requirements
make dev-docs
# Make the docs
cd docs
make html
Running make dev-docs
will install the basic requirements to get Sphinx running.
Building Documentation¶
Inside the docs
directory, you can run make
to build the documentation.
See make help
for available options and the Sphinx Documentation for more information.
Adding New Modules to Documentation¶
When a new module is added, it will need to be added to the documentation. Ideally, we might rely on sphinx-apidoc to autogenerate our documentation. Unfortunately, this causes some build problems. Instead, you’ll need to add new modules by hand.
Developing Against HEAD¶
We try to make it easy to get up and running in a development environment using a git checkout of Lemur. There are two ways to run Lemur locally: directly on your development machine, or in a Docker container.
Running in a Docker container
Look at the lemur-docker project. Usage instructions are self-contained in the README for that project.
Running directly on your development machine
You’ll want to make sure you have a few things on your local system first:
python-dev (if you’re on OS X, you already have this)
pip
virtualenv (ideally virtualenvwrapper)
node.js (for npm and building css/javascript)
Once you’ve got all that, the rest is simple:
# If you have a fork, you'll want to clone it instead
git clone git://github.com/lemur/lemur.git
# Create a python virtualenv
python3 -m venv env
# Make the magic happen
make
Running make
will do several things, including:
Setting up any submodules (including Bootstrap)
Installing Python requirements
Installing NPM requirements
Note
You will want to store your virtualenv out of the lemur
directory you cloned above,
otherwise make
will fail.
Create a default Lemur configuration just as if this were a production instance:
lemur create_config
lemur init
You’ll likely want to make some changes to the default configuration (we recommend developing against Postgres, for example). Once done, migrate your database using the following command:
lemur upgrade
Note
The upgrade
shortcut is simply a shortcut to Alembic’s upgrade command.
Running tests with Docker and docker-compose¶
If you just want to run tests in a Docker container, you can use Docker and docker-compose for running the tests with docker-compose run test
directly in the lemur
project.
(For running the Lemur service in Docker, see lemur-docker.)
Coding Standards¶
Lemur follows the guidelines laid out in pep8 with a little bit of flexibility on things like line length. We always give way for the Zen of Python. We also use strict mode for JavaScript, enforced by jshint.
You can run all linters with make lint
, or respectively lint-python
or lint-js
.
Spacing¶
- Python:
4 Spaces
- JavaScript:
2 Spaces
- CSS:
2 Spaces
- HTML:
2 Spaces
Git hooks¶
To help developers maintain the above standards, Lemur includes a configuration file for Yelp’s pre-commit. This is an optional dependency and is not required in order to contribute to Lemur.
Running the Test Suite¶
The test suite consists of multiple parts, testing both the Python and JavaScript components in Lemur. If you’ve setup your environment correctly, you can run the entire suite with the following command:
make test
If you only need to run the Python tests, you can do so with make test-python
, as well as make test-js
for the JavaScript tests.
You’ll notice that the test suite is structured based on where the code lives, and strongly encourages using the mock library to drive more accurate individual tests.
Note
We use py.test for the Python test suite, and a combination of phantomjs and jasmine for the JavaScript tests.
Static Media¶
Lemur uses a library that compiles its static media assets (LESS and JS files) automatically. If you’re developing using runserver you’ll see changes happen not only in the original files, but also the minified or processed versions of the file.
If you’ve made changes and need to compile them by hand for any reason, you can do so by running:
lemur compilestatic
The minified and processed files should be committed alongside the unprocessed changes.
It’s also important to note that Lemur’s frontend and API are not tied together. The API does not serve any of the static assets, we rely on nginx or some other file server to server all of the static assets. During development that means we need an additional server to serve those static files for the GUI.
This is accomplished with a Gulp task:
./node_modules/.bin/gulp serve
The gulp task compiles all the JS/CSS/HTML files and opens the Lemur welcome page in your default browsers. Additionally any changes to made to the JS/CSS/HTML with be reloaded in your browsers.
Developing with Flask¶
Because Lemur is just Flask, you can use all of the standard Flask functionality. The only difference is you’ll be accessing commands that would normally go through manage.py using the lemur
CLI helper instead.
For example, you probably don’t want to use lemur start
for development, as it doesn’t support anything like
automatic reloading on code changes. For that you’d want to use the standard builtin runserver
command:
lemur runserver
DDL (Schema Changes)¶
Schema changes should always introduce the new schema in a commit, and then introduce code relying on that schema in a followup commit. This also means that new columns must be NULLable.
Removing columns and tables requires a slightly more painful flow, and should resemble the follow multi-commit flow:
Remove all references to the column or table (but don’t remove the Model itself)
Remove the model code
Remove the table or column
Contributing Back Code¶
All patches should be sent as a pull request on GitHub, include tests, and documentation where needed. If you’re fixing a bug or making a large change the patch must include test coverage.
Uncertain about how to write tests? Take a look at some existing tests that are similar to the code you’re changing, and go from there.
You can see a list of open pull requests (pending changes) by visiting https://github.com/netflix/lemur/pulls
Pull requests should be against main and pass all TravisCI checks
Writing a Plugin¶
REST API¶
Lemur’s front end is entirely API driven. Any action that you can accomplish via the UI can also be accomplished by the API. The following is documents and provides examples on how to make requests to the Lemur API.
Authentication¶
- class lemur.auth.views.Google¶
Bases:
Resource
- endpoint = 'google'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post()¶
- class lemur.auth.views.Login¶
Bases:
Resource
Provides an endpoint for Lemur’s basic authentication. It takes a username and password combination and returns a JWT token.
This token token is required for each API request and must be provided in the Authorization Header for the request.
Authorization:Bearer <token>
Tokens have a set expiration date. You can inspect the token expiration by base64 decoding the token and inspecting it’s contents.
Note
It is recommended that the token expiration is fairly short lived (hours not days). This will largely depend on your uses cases but. It is important to not that there is currently no build in method to revoke a users token and force re-authentication.
- endpoint = 'login'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post()¶
- POST /auth/login¶
Login with username:password
Example request:
POST /auth/login HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "username": "test", "password": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "token": "12343243243" }
- Parameters:
username – username
password – password
- Status Codes:
401 Unauthorized – invalid credentials
200 OK – no error
- class lemur.auth.views.OAuth2¶
Bases:
Resource
- endpoint = 'oauth2'¶
- get()¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post()¶
- class lemur.auth.views.Ping¶
Bases:
Resource
This class serves as an example of how one might implement an SSO provider for use with Lemur. In this example we use an OpenIDConnect authentication flow, that is essentially OAuth2 underneath. If you have an OAuth2 provider you want to use Lemur there would be two steps:
Define your own class that inherits from
flask_restful.Resource
and create the HTTP methods the provider uses for its callbacks.Add or change the Lemur AngularJS Configuration to point to your new provider
- endpoint = 'ping'¶
- get()¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post()¶
- class lemur.auth.views.Providers¶
Bases:
Resource
- endpoint = 'providers'¶
- get()¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- lemur.auth.views.build_hmac()¶
- lemur.auth.views.create_user_roles(profile: dict) list[str] ¶
Generate a list of Lemur role names based on the provided user profile.
The function maps the user’s roles from the identity provider to corresponding roles in Lemur, creates roles dynamically based on the profile data, and assigns a unique role for each user.
- Parameters:
profile – A dictionary containing user information, including roles/groups from the identity provider.
- Returns:
A list of Lemur role names corresponding to the provided user profile.
- lemur.auth.views.exchange_for_access_token(code, redirect_uri, client_id, secret, access_token_url=None, verify_cert=True)¶
Exchanges authorization code for access token.
- Parameters:
code –
redirect_uri –
client_id –
secret –
access_token_url –
verify_cert –
- Returns:
- Returns:
- lemur.auth.views.generate_state_token()¶
- lemur.auth.views.retrieve_user(user_api_url, access_token)¶
Fetch user information from provided user api_url.
- Parameters:
user_api_url –
access_token –
- Returns:
- lemur.auth.views.retrieve_user_memberships(user_api_url, user_membership_provider, access_token)¶
- lemur.auth.views.update_user(user, profile, roles)¶
Updates user with current profile information and associated roles.
- Parameters:
user –
profile –
roles –
- lemur.auth.views.validate_id_token(id_token, client_id, jwks_url)¶
Ensures that the token we receive is valid.
- Parameters:
id_token –
client_id –
jwks_url –
- Returns:
- lemur.auth.views.verify_state_token(token)¶
Destinations¶
- class lemur.destinations.views.CertificateDestinations¶
Bases:
AuthenticatedResource
Defines the ‘certificate/<int:certificate_id/destinations’’ endpoint
- endpoint = 'certificateDestinations'¶
- get(certificate_id)¶
- GET /certificates/1/destinations¶
The current account list for a given certificates
Example request:
GET /certificates/1/destinations HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "description": "test", "options": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" } "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.destinations.views.Destinations¶
Bases:
AuthenticatedResource
- delete(destination_id)¶
- endpoint = 'destination'¶
- get(destination_id)¶
- GET /destinations/1¶
Get a specific account
Example request:
GET /destinations/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "description": "test", "options": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(destination_id, data=None)¶
- PUT /destinations/1¶
Updates an account
Example request:
POST /destinations/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "description": "test33", "options": [{ "name": "accountNumber", "required": true, "value": "34324324", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "34324324", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "description": "test", "options": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" }
- Parameters:
accountNumber – aws account number
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.destinations.views.DestinationsList¶
Bases:
AuthenticatedResource
Defines the ‘destinations’ endpoint
- endpoint = 'destinations'¶
- get()¶
- GET /destinations¶
The current account list
Example request:
GET /destinations HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "description": "test", "options": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" } "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int. default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /destinations¶
Creates a new account
Example request:
POST /destinations HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "description": "test33", "options": [{ "name": "accountNumber", "required": true, "value": "34324324", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "34324324", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "description": "test33", "options": [{ "name": "accountNumber", "required": true, "value": "34324324", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "id": 4, "plugin": { "pluginOptions": [{ "name": "accountNumber", "required": true, "value": "111111111111111", "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "str" }], "description": "Allow the uploading of certificates to AWS IAM", "slug": "aws-destination", "title": "AWS" }, "label": "test546" }
- Parameters:
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.destinations.views.DestinationsStats¶
Bases:
AuthenticatedResource
Defines the ‘destinations’ stats endpoint
- endpoint = 'destinationStats'¶
- get()¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
Notifications¶
- class lemur.notifications.views.CertificateNotifications¶
Bases:
AuthenticatedResource
Defines the ‘certificate/<int:certificate_id/notifications’’ endpoint
- endpoint = 'certificateNotifications'¶
- get(certificate_id)¶
- GET /certificates/1/notifications¶
The current account list for a given certificates
Example request:
GET /certificates/1/notifications HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "description": "An example", "options": [ { "name": "interval", "required": true, "value": 555, "helpMessage": "Number of days to be alert before expiration.", "validation": "^\d+$", "type": "int" }, { "available": [ "days", "weeks", "months" ], "name": "unit", "required": true, "value": "weeks", "helpMessage": "Interval unit", "validation": "", "type": "select" }, { "name": "recipients", "required": true, "value": "kglisson@netflix.com,example@netflix.com", "helpMessage": "Comma delimited list of email addresses", "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$", "type": "str" } ], "label": "example", "pluginName": "email-notification", "active": true, "id": 2 } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.notifications.views.Notifications¶
Bases:
AuthenticatedResource
- delete(notification_id)¶
- endpoint = 'notification'¶
- get(notification_id)¶
- GET /notifications/1¶
Get a specific notification
Example request:
GET /notifications/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "description": "a test", "options": [ { "name": "interval", "required": true, "value": 5, "helpMessage": "Number of days to be alert before expiration.", "validation": "^\d+$", "type": "int" }, { "available": [ "days", "weeks", "months" ], "name": "unit", "required": true, "value": "weeks", "helpMessage": "Interval unit", "validation": "", "type": "select" }, { "name": "recipients", "required": true, "value": "kglisson@netflix.com,example@netflix.com", "helpMessage": "Comma delimited list of email addresses", "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$", "type": "str" } ], "label": "test", "pluginName": "email-notification", "active": true, "id": 2 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(notification_id, data=None)¶
- PUT /notifications/1¶
Updates a notification
Example request:
PUT /notifications/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "label": "labelChanged", "plugin": { "slug": "email-notification", "plugin_options": "???" }, "description": "Sample notification", "active": "true", "added_certificates": "???", "removed_certificates": "???" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "label": "labelChanged", "plugin": { "slug": "email-notification", "plugin_options": "???" }, "description": "Sample notification", "active": "true", "added_certificates": "???", "removed_certificates": "???" }
- Label label:
notification name
- Label slug:
notification plugin slug
- Label plugin_options:
notification plugin options
- Label description:
notification description
- Label active:
whether or not the notification is active/enabled
- Label added_certificates:
certificates to add
- Label removed_certificates:
certificates to remove
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.notifications.views.NotificationsList¶
Bases:
AuthenticatedResource
Defines the ‘notifications’ endpoint
- endpoint = 'notifications'¶
- get()¶
- GET /notifications¶
The current account list
Example request:
GET /notifications HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "description": "An example", "options": [ { "name": "interval", "required": true, "value": 5, "helpMessage": "Number of days to be alert before expiration.", "validation": "^\d+$", "type": "int" }, { "available": [ "days", "weeks", "months" ], "name": "unit", "required": true, "value": "weeks", "helpMessage": "Interval unit", "validation": "", "type": "select" }, { "name": "recipients", "required": true, "value": "kglisson@netflix.com,example@netflix.com", "helpMessage": "Comma delimited list of email addresses", "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$", "type": "str" } ], "label": "example", "pluginName": "email-notification", "active": true, "id": 2 } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /notifications¶
Creates a new notification
Example request:
POST /notifications HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "description": "a test", "options": [ { "name": "interval", "required": true, "value": 5, "helpMessage": "Number of days to be alert before expiration.", "validation": "^\d+$", "type": "int" }, { "available": [ "days", "weeks", "months" ], "name": "unit", "required": true, "value": "weeks", "helpMessage": "Interval unit", "validation": "", "type": "select" }, { "name": "recipients", "required": true, "value": "kglisson@netflix.com,example@netflix.com", "helpMessage": "Comma delimited list of email addresses", "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$", "type": "str" } ], "label": "test", "pluginName": "email-notification", "active": true, "id": 2 }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "description": "a test", "options": [ { "name": "interval", "required": true, "value": 5, "helpMessage": "Number of days to be alert before expiration.", "validation": "^\d+$", "type": "int" }, { "available": [ "days", "weeks", "months" ], "name": "unit", "required": true, "value": "weeks", "helpMessage": "Interval unit", "validation": "", "type": "select" }, { "name": "recipients", "required": true, "value": "kglisson@netflix.com,example@netflix.com", "helpMessage": "Comma delimited list of email addresses", "validation": "^([\w+-.%]+@[-\w.]+\.[A-Za-z]{2,4},?)+$", "type": "str" } ], "label": "test", "pluginName": "email-notification", "active": true, "id": 2 }
- Label label:
notification name
- Label slug:
notification plugin slug
- Label plugin_options:
notification plugin options
- Label description:
notification description
- Label active:
whether or not the notification is active/enabled
- Label certificates:
certificates to attach to notification
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
Users¶
- class lemur.users.views.CertificateUsers¶
Bases:
AuthenticatedResource
- endpoint = 'certificateCreator'¶
- get(certificate_id)¶
- GET /certificates/1/creator¶
Get a certificate’s creator
Example request:
GET /certificates/1/creator HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "active": false, "email": "user1@example.com", "username": "user1", "profileImage": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.users.views.Me¶
Bases:
AuthenticatedResource
- endpoint = 'me'¶
- get()¶
- GET /auth/me¶
Get the currently authenticated user
Example request:
GET /auth/me HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "active": false, "email": "user1@example.com", "username": "user1", "profileImage": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.users.views.RoleUsers¶
Bases:
AuthenticatedResource
- endpoint = 'roleUsers'¶
- get(role_id)¶
- GET /roles/1/users¶
Get all users associated with a role
Example request:
GET /roles/1/users HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 2, "active": True, "email": "user2@example.com", "username": "user2", "profileImage": null }, { "id": 1, "active": False, "email": "user1@example.com", "username": "user1", "profileImage": null } ] "total": 2 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.users.views.Users¶
Bases:
AuthenticatedResource
- endpoint = 'user'¶
- get(user_id)¶
- GET /users/1¶
Get a specific user
Example request:
GET /users/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "active": false, "email": "user1@example.com", "username": "user1", "profileImage": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(user_id, data=None)¶
- PUT /users/1¶
Update a user
Example request with ID:
PUT /users/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "username": "user1", "email": "user1@example.com", "active": false, "roles": [ {"id": 1} ] }
Example request with name:
PUT /users/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "username": "user1", "email": "user1@example.com", "active": false, "roles": [ {"name": "myRole"} ] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "username": "user1", "email": "user1@example.com", "active": false, "profileImage": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.users.views.UsersList¶
Bases:
AuthenticatedResource
Defines the ‘users’ endpoint
- endpoint = 'users'¶
- get()¶
- GET /users¶
The current user list
Example request:
GET /users HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 2, "active": True, "email": "user2@example.com", "username": "user2", "profileImage": null }, { "id": 1, "active": False, "email": "user1@example.com", "username": "user1", "profileImage": null } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /users¶
Creates a new user
Example request with ID:
POST /users HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "username": "user3", "email": "user3@example.com", "active": true, "roles": [ {"id": 1} ] }
Example request with name:
POST /users HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "username": "user3", "email": "user3@example.com", "active": true, "roles": [ {"name": "myRole"} ] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 3, "active": True, "email": "user3@example.com", "username": "user3", "profileImage": null }
- Parameters:
username – username for new user
email – email address for new user
password – password for new user
active – boolean, if the user is currently active
roles – list, roles that the user should be apart of
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
Roles¶
- class lemur.roles.views.AuthorityRolesList¶
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'authorityRoles'¶
- get(authority_id)¶
- GET /authorities/1/roles¶
List of roles for a given authority
Example request:
GET /authorities/1/roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.roles.views.RoleViewCredentials¶
Bases:
AuthenticatedResource
- endpoint = 'roleCredentials`'¶
- get(role_id)¶
- GET /roles/1/credentials¶
View a roles credentials
Example request:
GET /users/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "username": "ausername", "password": "apassword" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.roles.views.Roles¶
Bases:
AuthenticatedResource
- delete(role_id)¶
- DELETE /roles/1¶
Delete a role
Example request:
DELETE /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "message": "ok" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- endpoint = 'role'¶
- get(role_id)¶
- GET /roles/1¶
Get a particular role
Example request:
GET /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "role1", "description": "this is role1" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(role_id, data=None)¶
- PUT /roles/1¶
Update a role
Example request:
PUT /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "role1", "description": "This is a new description" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "role1", "description": "this is a new description" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.roles.views.RolesList¶
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'roles'¶
- get()¶
- GET /roles¶
The current role list
Example request:
GET /roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /roles¶
Creates a new role
Example request:
POST /roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "role3", "description": "this is role3", "username": null, "password": null, "users": [ {"id": 1} ] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 3, "description": "this is role3", "name": "role3" }
- Parameters:
name – name for new role
description – description for new role
password – password for new role
username – username for new role
users – list, of users to associate with role
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.roles.views.UserRolesList¶
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'userRoles'¶
- get(user_id)¶
- GET /users/1/roles¶
List of roles for a given user
Example request:
GET /users/1/roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
Certificates¶
- class lemur.certificates.views.CertificateDeactivate¶
Bases:
AuthenticatedResource
- endpoint = 'deactivateCertificate'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(certificate_id)¶
- PUT /certificates/1/deactivate¶
deactivate a certificate (integration test only) Example request:
PUT /certificates/1/deactivate HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated or cert attached to LB
400 Bad Request – encountered error, more details in error message
- class lemur.certificates.views.CertificateExport¶
Bases:
AuthenticatedResource
- endpoint = 'exportCertificate'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(certificate_id, data=None)¶
- POST /certificates/1/export¶
Export a certificate
Example request:
PUT /certificates/1/export HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "export": { "plugin": { "pluginOptions": [{ "available": ["Java Key Store (JKS)"], "required": true, "type": "select", "name": "type", "helpMessage": "Choose the format you wish to export", "value": "Java Key Store (JKS)" }, { "required": false, "type": "str", "name": "passphrase", "validation": "^(?=.*[A-Za-z])(?=.*\d)(?=.*[$@$!%*#?&])[A-Za-z\d$@$!%*#?&]{8,}$", "helpMessage": "If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8." }, { "required": false, "type": "str", "name": "alias", "helpMessage": "Enter the alias you wish to use for the keystore." }], "version": "unknown", "description": "Attempts to generate a JKS keystore or truststore", "title": "Java", "author": "Kevin Glisson", "type": "export", "slug": "java-export" } } }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "data": "base64encodedstring", "passphrase": "UAWOHW#&@_%!tnwmxh832025", "extension": "jks" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.certificates.views.CertificatePrivateKey¶
Bases:
AuthenticatedResource
- endpoint = 'privateKeyCertificates'¶
- get(certificate_id)¶
- GET /certificates/1/key¶
Retrieves the private key for a given certificate
Example request:
GET /certificates/1/key HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "key": "-----BEGIN ..." }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.certificates.views.CertificateRevoke¶
Bases:
AuthenticatedResource
- endpoint = 'revokeCertificate'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(certificate_id, data=None)¶
- PUT /certificates/1/revoke¶
Revoke a certificate. One can mention the reason of revocation using crlReason (optional) as per RFC 5280 section 5.3.1 The allowed values for crlReason can also be found in Lemur in constants.py/CRLReason Additional information can be captured using comments (optional).
Example request:
PUT /certificates/1/revoke HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "crlReason": "affiliationChanged", "comments": "Additional details if any" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated or cert attached to LB
400 Bad Request – encountered error, more details in error message
- class lemur.certificates.views.CertificateUpdateOwner¶
Bases:
AuthenticatedResource
- endpoint = 'certificateUpdateOwner'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(certificate_id, data=None)¶
- POST /certificates/1/update/owner¶
Update certificate owner
Example request:
POST /certificates/1/update/owner HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "owner": "joan@example.com" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notify": false, "rotation": false, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "rotation": true, "rotationPolicy": {"name": "default"}, "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.certificates.views.Certificates¶
Bases:
AuthenticatedResource
- delete(certificate_id, data=None)¶
- DELETE /certificates/1¶
Delete a certificate
Example request:
DELETE /certificates/1 HTTP/1.1 Host: example.com
Example response:
HTTP/1.1 204 OK
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
204 No Content – no error
403 Forbidden – unauthenticated
404 Not Found – certificate not found
405 Method Not Allowed – certificate deletion is disabled
- endpoint = 'certificateUpdateSwitches'¶
- get(certificate_id)¶
- GET /certificates/1¶
One certificate
Example request:
GET /certificates/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "rotation": true, "rotationPolicy": {"name": "default"}, "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'POST', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(certificate_id, data=None)¶
- POST /certificates/1/update/switches¶
Update certificate boolean switches for notification or rotation
Example request:
POST /certificates/1/update/switches HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "notify": false, "rotation": false }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notify": false, "rotation": false, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "rotation": true, "rotationPolicy": {"name": "default"}, "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- put(certificate_id, data=None)¶
- PUT /certificates/1¶
Update a certificate
Example request:
PUT /certificates/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "owner": "jimbob@example.com", "active": false "notifications": [], "destinations": [], "replacements": [] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "rotation": true, "rotationPolicy": {"name": "default"}, "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.certificates.views.CertificatesList¶
Bases:
AuthenticatedResource
Defines the ‘certificates’ endpoint
- endpoint = 'certificates'¶
- get()¶
- GET /certificates¶
The current list of certificates. This API supports additional params like
- Pagination, sorting:
/certificates?count=10&page=1&short=true&sortBy=id&sortDir=desc
- Filters, mentioned as url param filter=field;value
/certificates?filter=cn;lemur.test.com /certificates?filter=notify;true /certificates?filter=rotation;true /certificates?filter=name;lemur.test.cert /certificates?filter=issuer;Digicert
- Request expired certs
/certificates?showExpired=1
- Search by Serial Number
Decimal: /certificates?serial=218243997808053074560741989466015229225 Hex: /certificates?serial=0xA43043DAB7F6F8AE115E94854EEB6529 /certificates?serial=a4:30:43:da:b7:f6:f8:ae:11:5e:94:85:4e:eb:65:29
Example request:
GET /certificates?serial=82311058732025924142789179368889309156 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int. default is 1
filter – key value pair format is k;v
count – count number. default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /certificates¶
Creates a new certificate
Example request:
POST /certificates HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "owner": "secure@example.net", "commonName": "test.example.net", "country": "US", "extensions": { "subAltNames": { "names": [ { "nameType": "DNSName", "value": "*.test.example.net" }, { "nameType": "DNSName", "value": "www.test.example.net" } ] } }, "replacements": [{ "id": 1 }], "notify": true, "validityEnd": "2026-01-01T08:00:00.000Z", "authority": { "name": "verisign" }, "organization": "Netflix, Inc.", "location": "Los Gatos", "state": "California", "validityStart": "2016-11-11T04:19:48.000Z", "organizationalUnit": "Operations" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [{ "id": 1 }], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.certificates.views.CertificatesListValid¶
Bases:
AuthenticatedResource
Defines the ‘certificates/valid’ endpoint
- endpoint = 'certificatesListValid'¶
- get()¶
- GET /certificates/valid/<query>¶
The current list of not-expired certificates for a given common name, and owner. The API offers optional pagination. One can send page number(>=1) and desired count per page. The returned data contains total number of certificates which can help in determining the last page. Pagination will not be offered if page or count info is not sent or if it is zero.
Example request:
GET /certificates/valid?filter=cn;*.test.example.net&owner=joe@example.com&page=1&count=20 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response (with single cert to be concise):
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.certificates.views.CertificatesNameQuery¶
Bases:
AuthenticatedResource
Defines the ‘certificates/name’ endpoint
- endpoint = 'certificatesNameQuery'¶
- get(certificate_name)¶
- GET /certificates/name/<query>¶
The current list of certificates
Example request:
GET /certificates/name/WILDCARD.test.example.net-SymantecCorporation-20160603-20180112 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int. default is 1
filter – key value pair format is k;v
count – count number. default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.certificates.views.CertificatesReplacementsList¶
Bases:
AuthenticatedResource
- endpoint = 'replacements'¶
- get(certificate_id)¶
- GET /certificates/1/replacements¶
One certificate
Example request:
GET /certificates/1/replacements HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.certificates.views.CertificatesStats¶
Bases:
AuthenticatedResource
Defines the ‘certificates’ stats endpoint
- endpoint = 'certificateStats'¶
- get()¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.certificates.views.CertificatesUpload¶
Bases:
AuthenticatedResource
Defines the ‘certificates’ upload endpoint
- endpoint = 'certificateUpload'¶
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /certificates/upload¶
Upload a certificate
Example request:
POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "owner": "joe@example.com", "body": "-----BEGIN CERTIFICATE-----...", "chain": "-----BEGIN CERTIFICATE-----...", "privateKey": "-----BEGIN RSA PRIVATE KEY-----..." "csr": "-----BEGIN CERTIFICATE REQUEST-----..." "destinations": [], "notifications": [], "replacements": [], "roles": [], "notify": true, "name": "cert1" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
403 Forbidden – unauthenticated
200 OK – no error
- class lemur.certificates.views.NotificationCertificatesList¶
Bases:
AuthenticatedResource
Defines the ‘certificates’ endpoint
- endpoint = 'notificationCertificates'¶
- get(notification_id)¶
- GET /notifications/1/certificates¶
The current list of certificates for a given notification
Example request:
GET /notifications/1/certificates HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
Domains¶
- class lemur.domains.views.CertificateDomains¶
Bases:
AuthenticatedResource
Defines the ‘domains’ endpoint
- endpoint = 'certificateDomains'¶
- get(certificate_id)¶
- GET /certificates/1/domains¶
The current domain list
Example request:
GET /domains HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "www.example.com", "sensitive": false }, { "id": 2, "name": "www.example2.com", "sensitive": false } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.domains.views.Domains¶
Bases:
AuthenticatedResource
- endpoint = 'domain'¶
- get(domain_id)¶
- GET /domains/1¶
Fetch one domain
Example request:
GET /domains HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "www.example.com", "sensitive": false }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(domain_id, data=None)¶
- GET /domains/1¶
update one domain
Example request:
GET /domains HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "www.example.com", "sensitive": false }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "www.example.com", "sensitive": false }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.domains.views.DomainsList¶
Bases:
AuthenticatedResource
Defines the ‘domains’ endpoint
- endpoint = 'domains'¶
- get()¶
- GET /domains¶
The current domain list
Example request:
GET /domains HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "www.example.com", "sensitive": false }, { "id": 2, "name": "www.example2.com", "sensitive": false } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number. default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /domains¶
The current domain list
Example request:
POST /domains HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "www.example.com", "sensitive": false }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "www.example.com", "sensitive": false }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
Endpoints¶
- class lemur.endpoints.views.Endpoints¶
Bases:
AuthenticatedResource
- endpoint = 'endpoint'¶
- get(endpoint_id)¶
- GET /endpoints/1¶
One endpoint
Example request:
GET /endpoints/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.endpoints.views.EndpointsList¶
Bases:
AuthenticatedResource
Defines the ‘endpoints’ endpoint
- endpoint = 'endpoints'¶
- get()¶
- GET /endpoints¶
The current list of endpoints
Example request:
GET /endpoints HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair. format is k;v
limit – limit number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- Note:
this will only show certificates that the current user is authorized to use
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
Logs¶
- class lemur.logs.views.LogsList¶
Bases:
AuthenticatedResource
Defines the ‘logs’ endpoint
- endpoint = 'logs'¶
- get()¶
- GET /logs¶
The current log list
Example request:
GET /logs HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
Sources¶
- class lemur.sources.views.CertificateSources¶
Bases:
AuthenticatedResource
Defines the ‘certificate/<int:certificate_id/sources’’ endpoint
- endpoint = 'certificateSources'¶
- get(certificate_id)¶
- GET /certificates/1/sources¶
The current account list for a given certificates
Example request:
GET /certificates/1/sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.sources.views.Sources¶
Bases:
AuthenticatedResource
- delete(source_id)¶
- endpoint = 'account'¶
- get(source_id)¶
- GET /sources/1¶
Get a specific account
Example request:
GET /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(source_id, data=None)¶
- PUT /sources/1¶
Updates an account
Example request:
POST /sources/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters:
accountNumber – aws account number
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- class lemur.sources.views.SourcesList¶
Bases:
AuthenticatedResource
Defines the ‘sources’ endpoint
- endpoint = 'sources'¶
- get()¶
- GET /sources¶
The current account list
Example request:
GET /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "lastRun": "2015-08-01T15:40:58", "id": 3, "description": "test", "label": "test" } ], "total": 1 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()¶
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)¶
- POST /sources¶
Creates a new account
Example request:
POST /sources HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "options": [ { "name": "accountNumber", "required": true, "value": 111111111112, "helpMessage": "Must be a valid AWS account number!", "validation": "^[0-9]{12,12}$", "type": "int" } ], "pluginName": "aws-source", "id": 3, "lastRun": "2015-08-01T15:40:58", "description": "test", "label": "test" }
- Parameters:
label – human readable account label
description – some description about the account
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error