5.7 KiB
provides
TlsProvides
TlsProvides(self, endpoint_name, relation_ids=None)
The provider's side of the interface protocol.
The following flags may be set:
-
{endpoint_name}.availableWhenever any clients are joined. -
{endpoint_name}.certs.requestedWhen there are new certificate requests of any kind to be processed. The requests can be accessed via new_requests. -
{endpoint_name}.server.certs.requestedWhen there are new server certificate requests to be processed. The requests can be accessed via new_server_requests. -
{endpoint_name}.client.certs.requestedWhen there are new client certificate requests to be processed. The requests can be accessed via new_client_requests.
all_published_certs
List of all Certificate instances that this provider has published for all related applications.
all_requests
List of all requests that have been made.
Each will be an instance of CertificateRequest.
Example usage:
@when('certs.regen',
'tls.certs.available')
def regen_all_certs():
tls = endpoint_from_flag('tls.certs.available')
for request in tls.all_requests:
cert, key = generate_cert(request.cert_type,
request.common_name,
request.sans)
request.set_cert(cert, key)
new_application_requests
Filtered view of new_requests that only includes application cert requests.
Each will be an instance of [ApplicationCertificateRequest][].
Example usage:
@when('tls.application.certs.requested')
def gen_application_certs():
tls = endpoint_from_flag('tls.application.certs.requested')
for request in tls.new_application_requests:
cert, key = generate_application_cert(request.common_name,
request.sans)
request.set_cert(cert, key)
new_client_requests
Filtered view of new_requests that only includes client cert requests.
Each will be an instance of CertificateRequest.
Example usage:
@when('tls.client.certs.requested')
def gen_client_certs():
tls = endpoint_from_flag('tls.client.certs.requested')
for request in tls.new_client_requests:
cert, key = generate_client_cert(request.common_name,
request.sans)
request.set_cert(cert, key)
new_requests
Filtered view of all_requests that only includes requests that haven't been handled.
Each will be an instance of CertificateRequest.
This collection can also be further filtered by request type using new_server_requests or new_client_requests.
Example usage:
@when('tls.certs.requested')
def gen_certs():
tls = endpoint_from_flag('tls.certs.requested')
for request in tls.new_requests:
cert, key = generate_cert(request.cert_type,
request.common_name,
request.sans)
request.set_cert(cert, key)
new_server_requests
Filtered view of new_requests that only includes server cert requests.
Each will be an instance of CertificateRequest.
Example usage:
@when('tls.server.certs.requested')
def gen_server_certs():
tls = endpoint_from_flag('tls.server.certs.requested')
for request in tls.new_server_requests:
cert, key = generate_server_cert(request.common_name,
request.sans)
request.set_cert(cert, key)
set_ca
TlsProvides.set_ca(certificate_authority)
Publish the CA to all related applications.
set_chain
TlsProvides.set_chain(chain)
Publish the chain of trust to all related applications.
set_client_cert
TlsProvides.set_client_cert(cert, key)
Deprecated. This is only for backwards compatibility.
Publish a globally shared client cert and key.
set_server_cert
TlsProvides.set_server_cert(scope, cert, key)
Deprecated. Use one of the new_requests collections and
request.set_cert() instead.
Set the server cert and key for the request identified by scope.
set_server_multicerts
TlsProvides.set_server_multicerts(scope)
Deprecated. Done automatically.
add_server_cert
TlsProvides.add_server_cert(scope, cn, cert, key)
Deprecated. Use request.set_cert() instead.
get_server_requests
TlsProvides.get_server_requests()
Deprecated. Use the new_requests or [server_requests][] collections instead.
One provider can have many requests to generate server certificates. Return a map of all server request objects indexed by a unique identifier.