Motofans
/
Charmed-Kubernetes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity
Charmed-Kubernetes/kubernetes-worker/hooks/relations/tls-certificates/docs/requires.md

208 lines
6.1 KiB
Markdown
Raw Blame History

<h1 id="requires">requires</h1>
<h1 id="requires.TlsRequires">TlsRequires</h1>
```python
TlsRequires(self, endpoint_name, relation_ids=None)
```
The client's side of the interface protocol.
The following flags may be set:
* `{endpoint_name}.available`
Whenever the relation is joined.
* `{endpoint_name}.ca.available`
When the root CA information is available via the [root_ca_cert][] and
[root_ca_chain][] properties.
* `{endpoint_name}.ca.changed`
When the root CA information has changed, whether because
they have just become available or if they were regenerated by the CA.
Once processed this flag should be removed by the charm.
* `{endpoint_name}.certs.available`
When the requested server or client certs are available.
* `{endpoint_name}.certs.changed`
When the requested server or client certs have changed, whether because
they have just become available or if they were regenerated by the CA.
Once processed this flag should be removed by the charm.
* `{endpoint_name}.server.certs.available`
When the server certificates requested by [request_server_cert][] are
available via the [server_certs][] collection.
* `{endpoint_name}.server.certs.changed`
When the requested server certificates have changed, whether because
they have just become available or if they were regenerated by the CA.
Once processed this flag should be removed by the charm.
* `{endpoint_name}.client.certs.available`
When the client certificates requested by [request_client_cert][] are
available via the [client_certs][] collection.
* `{endpoint_name}.client.certs.changed`
When the requested client certificates have changed, whether because
they have just become available or if they were regenerated by the CA.
Once processed this flag should be removed by the charm.
The following flags have been deprecated:
* `{endpoint_name}.server.cert.available`
* `{endpoint_name}.client.cert.available`
* `{endpoint_name}.batch.cert.available`
[Certificate]: common.md#tls_certificates_common.Certificate
[CertificateRequest]: common.md#tls_certificates_common.CertificateRequest
[root_ca_cert]: requires.md#requires.TlsRequires.root_ca_cert
[root_ca_chain]: requires.md#requires.TlsRequires.root_ca_chain
[request_server_cert]: requires.md#requires.TlsRequires.request_server_cert
[request_client_cert]: requires.md#requires.TlsRequires.request_client_cert
[server_certs]: requires.md#requires.TlsRequires.server_certs
[server_certs_map]: requires.md#requires.TlsRequires.server_certs_map
[client_certs]: requires.md#requires.TlsRequires.server_certs
<h2 id="requires.TlsRequires.application_certs">application_certs</h2>
List of [Certificate][] instances for all available application certs.
<h2 id="requires.TlsRequires.client_certs">client_certs</h2>
List of [Certificate][] instances for all available client certs.
<h2 id="requires.TlsRequires.client_certs_map">client_certs_map</h2>
Mapping of client [Certificate][] instances by their `common_name`.
<h2 id="requires.TlsRequires.root_ca_cert">root_ca_cert</h2>
Root CA certificate.
<h2 id="requires.TlsRequires.root_ca_chain">root_ca_chain</h2>
The chain of trust for the root CA.
<h2 id="requires.TlsRequires.server_certs">server_certs</h2>
List of [Certificate][] instances for all available server certs.
<h2 id="requires.TlsRequires.server_certs_map">server_certs_map</h2>
Mapping of server [Certificate][] instances by their `common_name`.
<h2 id="requires.TlsRequires.get_ca">get_ca</h2>
```python
TlsRequires.get_ca()
```
Return the root CA certificate.
Same as [root_ca_cert][].
<h2 id="requires.TlsRequires.get_chain">get_chain</h2>
```python
TlsRequires.get_chain()
```
Return the chain of trust for the root CA.
Same as [root_ca_chain][].
<h2 id="requires.TlsRequires.get_client_cert">get_client_cert</h2>
```python
TlsRequires.get_client_cert()
```
Deprecated. Use [request_client_cert][] and the [client_certs][]
collection instead.
Return a globally shared client certificate and key.
<h2 id="requires.TlsRequires.get_server_cert">get_server_cert</h2>
```python
TlsRequires.get_server_cert()
```
Deprecated. Use the [server_certs][] collection instead.
Return the cert and key of the first server certificate requested.
<h2 id="requires.TlsRequires.get_batch_requests">get_batch_requests</h2>
```python
TlsRequires.get_batch_requests()
```
Deprecated. Use [server_certs_map][] instead.
Mapping of server [Certificate][] instances by their `common_name`.
<h2 id="requires.TlsRequires.request_server_cert">request_server_cert</h2>
```python
TlsRequires.request_server_cert(cn, sans=None, cert_name=None)
```
Request a server certificate and key be generated for the given
common name (`cn`) and optional list of alternative names (`sans`).
The `cert_name` is deprecated and not needed.
This can be called multiple times to request more than one server
certificate, although the common names must be unique. If called
again with the same common name, it will be ignored.
<h2 id="requires.TlsRequires.add_request_server_cert">add_request_server_cert</h2>
```python
TlsRequires.add_request_server_cert(cn, sans)
```
Deprecated. Use [request_server_cert][] instead.
<h2 id="requires.TlsRequires.request_server_certs">request_server_certs</h2>
```python
TlsRequires.request_server_certs()
```
Deprecated. Just use [request_server_cert][]; this does nothing.
<h2 id="requires.TlsRequires.request_client_cert">request_client_cert</h2>
```python
TlsRequires.request_client_cert(cn, sans)
```
Request a client certificate and key be generated for the given
common name (`cn`) and list of alternative names (`sans`).
This can be called multiple times to request more than one client
certificate, although the common names must be unique. If called
again with the same common name, it will be ignored.
<h2 id="requires.TlsRequires.request_application_cert">request_application_cert</h2>
```python
TlsRequires.request_application_cert(cn, sans)
```
Request an application certificate and key be generated for the given
common name (`cn`) and list of alternative names (`sans` ) of this
unit and all peer units. All units will share a single certificates.
Reference in New Issue View Git Blame Copy Permalink