208 lines
6.1 KiB
Markdown
208 lines
6.1 KiB
Markdown
<h1 id="requires">requires</h1>
|
|
|
|
|
|
<h1 id="requires.TlsRequires">TlsRequires</h1>
|
|
|
|
```python
|
|
TlsRequires(self, endpoint_name, relation_ids=None)
|
|
```
|
|
|
|
The client's side of the interface protocol.
|
|
|
|
The following flags may be set:
|
|
|
|
* `{endpoint_name}.available`
|
|
Whenever the relation is joined.
|
|
|
|
* `{endpoint_name}.ca.available`
|
|
When the root CA information is available via the [root_ca_cert][] and
|
|
[root_ca_chain][] properties.
|
|
|
|
* `{endpoint_name}.ca.changed`
|
|
When the root CA information has changed, whether because
|
|
they have just become available or if they were regenerated by the CA.
|
|
Once processed this flag should be removed by the charm.
|
|
|
|
* `{endpoint_name}.certs.available`
|
|
When the requested server or client certs are available.
|
|
|
|
* `{endpoint_name}.certs.changed`
|
|
When the requested server or client certs have changed, whether because
|
|
they have just become available or if they were regenerated by the CA.
|
|
Once processed this flag should be removed by the charm.
|
|
|
|
* `{endpoint_name}.server.certs.available`
|
|
When the server certificates requested by [request_server_cert][] are
|
|
available via the [server_certs][] collection.
|
|
|
|
* `{endpoint_name}.server.certs.changed`
|
|
When the requested server certificates have changed, whether because
|
|
they have just become available or if they were regenerated by the CA.
|
|
Once processed this flag should be removed by the charm.
|
|
|
|
* `{endpoint_name}.client.certs.available`
|
|
When the client certificates requested by [request_client_cert][] are
|
|
available via the [client_certs][] collection.
|
|
|
|
* `{endpoint_name}.client.certs.changed`
|
|
When the requested client certificates have changed, whether because
|
|
they have just become available or if they were regenerated by the CA.
|
|
Once processed this flag should be removed by the charm.
|
|
|
|
The following flags have been deprecated:
|
|
|
|
* `{endpoint_name}.server.cert.available`
|
|
* `{endpoint_name}.client.cert.available`
|
|
* `{endpoint_name}.batch.cert.available`
|
|
|
|
[Certificate]: common.md#tls_certificates_common.Certificate
|
|
[CertificateRequest]: common.md#tls_certificates_common.CertificateRequest
|
|
[root_ca_cert]: requires.md#requires.TlsRequires.root_ca_cert
|
|
[root_ca_chain]: requires.md#requires.TlsRequires.root_ca_chain
|
|
[request_server_cert]: requires.md#requires.TlsRequires.request_server_cert
|
|
[request_client_cert]: requires.md#requires.TlsRequires.request_client_cert
|
|
[server_certs]: requires.md#requires.TlsRequires.server_certs
|
|
[server_certs_map]: requires.md#requires.TlsRequires.server_certs_map
|
|
[client_certs]: requires.md#requires.TlsRequires.server_certs
|
|
|
|
<h2 id="requires.TlsRequires.application_certs">application_certs</h2>
|
|
|
|
|
|
List of [Certificate][] instances for all available application certs.
|
|
|
|
<h2 id="requires.TlsRequires.client_certs">client_certs</h2>
|
|
|
|
|
|
List of [Certificate][] instances for all available client certs.
|
|
|
|
<h2 id="requires.TlsRequires.client_certs_map">client_certs_map</h2>
|
|
|
|
|
|
Mapping of client [Certificate][] instances by their `common_name`.
|
|
|
|
<h2 id="requires.TlsRequires.root_ca_cert">root_ca_cert</h2>
|
|
|
|
|
|
Root CA certificate.
|
|
|
|
<h2 id="requires.TlsRequires.root_ca_chain">root_ca_chain</h2>
|
|
|
|
|
|
The chain of trust for the root CA.
|
|
|
|
<h2 id="requires.TlsRequires.server_certs">server_certs</h2>
|
|
|
|
|
|
List of [Certificate][] instances for all available server certs.
|
|
|
|
<h2 id="requires.TlsRequires.server_certs_map">server_certs_map</h2>
|
|
|
|
|
|
Mapping of server [Certificate][] instances by their `common_name`.
|
|
|
|
<h2 id="requires.TlsRequires.get_ca">get_ca</h2>
|
|
|
|
```python
|
|
TlsRequires.get_ca()
|
|
```
|
|
|
|
Return the root CA certificate.
|
|
|
|
Same as [root_ca_cert][].
|
|
|
|
<h2 id="requires.TlsRequires.get_chain">get_chain</h2>
|
|
|
|
```python
|
|
TlsRequires.get_chain()
|
|
```
|
|
|
|
Return the chain of trust for the root CA.
|
|
|
|
Same as [root_ca_chain][].
|
|
|
|
<h2 id="requires.TlsRequires.get_client_cert">get_client_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.get_client_cert()
|
|
```
|
|
|
|
Deprecated. Use [request_client_cert][] and the [client_certs][]
|
|
collection instead.
|
|
|
|
Return a globally shared client certificate and key.
|
|
|
|
<h2 id="requires.TlsRequires.get_server_cert">get_server_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.get_server_cert()
|
|
```
|
|
|
|
Deprecated. Use the [server_certs][] collection instead.
|
|
|
|
Return the cert and key of the first server certificate requested.
|
|
|
|
<h2 id="requires.TlsRequires.get_batch_requests">get_batch_requests</h2>
|
|
|
|
```python
|
|
TlsRequires.get_batch_requests()
|
|
```
|
|
|
|
Deprecated. Use [server_certs_map][] instead.
|
|
|
|
Mapping of server [Certificate][] instances by their `common_name`.
|
|
|
|
<h2 id="requires.TlsRequires.request_server_cert">request_server_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.request_server_cert(cn, sans=None, cert_name=None)
|
|
```
|
|
|
|
Request a server certificate and key be generated for the given
|
|
common name (`cn`) and optional list of alternative names (`sans`).
|
|
|
|
The `cert_name` is deprecated and not needed.
|
|
|
|
This can be called multiple times to request more than one server
|
|
certificate, although the common names must be unique. If called
|
|
again with the same common name, it will be ignored.
|
|
|
|
<h2 id="requires.TlsRequires.add_request_server_cert">add_request_server_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.add_request_server_cert(cn, sans)
|
|
```
|
|
|
|
Deprecated. Use [request_server_cert][] instead.
|
|
|
|
<h2 id="requires.TlsRequires.request_server_certs">request_server_certs</h2>
|
|
|
|
```python
|
|
TlsRequires.request_server_certs()
|
|
```
|
|
|
|
Deprecated. Just use [request_server_cert][]; this does nothing.
|
|
|
|
<h2 id="requires.TlsRequires.request_client_cert">request_client_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.request_client_cert(cn, sans)
|
|
```
|
|
|
|
Request a client certificate and key be generated for the given
|
|
common name (`cn`) and list of alternative names (`sans`).
|
|
|
|
This can be called multiple times to request more than one client
|
|
certificate, although the common names must be unique. If called
|
|
again with the same common name, it will be ignored.
|
|
|
|
<h2 id="requires.TlsRequires.request_application_cert">request_application_cert</h2>
|
|
|
|
```python
|
|
TlsRequires.request_application_cert(cn, sans)
|
|
```
|
|
|
|
Request an application certificate and key be generated for the given
|
|
common name (`cn`) and list of alternative names (`sans` ) of this
|
|
unit and all peer units. All units will share a single certificates.
|
|
|