certdeploy.client.config package¶

Submodules¶

certdeploy.client.config.client module¶

CertDeploy Client config backends.

class certdeploy.client.config.client.Config(destination: ~os.PathLike, source: ~os.PathLike = '/var/cache/certdeploy', sftpd: dict = <factory>, init_timeout: float | int | None = None, rc_service_exec: ~os.PathLike = '/usr/sbin/service', systemd_exec: ~os.PathLike = '/usr/bin/systemctl', docker_url: str = 'unix://var/run/docker.sock', docker_timeout: int | None = 10, script_timeout: float | int | None = None, update_services: list[dict] = <factory>, update_delay: str = '1h', fail_fast: bool = False, file_permissions: dict = <factory>, log_level: ~certdeploy.LogLevel = 'ERROR', log_filename: ~os.PathLike | None = None)[source]¶

Bases: object

CertDeploy client config.

destination: PathLike¶: The directory to deploy new certs to.

docker_timeout: int | None = 10¶: The timeout for docker API operations. Defaults to 10.

docker_url: str = 'unix://var/run/docker.sock'¶: The URI of the docker socket. Defaults to the default unix socket.

fail_fast: bool = False¶: Exit on the first failed action if True.

file_permissions: dict¶: Permissions to set on the installed certificate files and directories. See certdeploy.client.config.client.Permissions for the valid dictionary keys. Defaults to an empty dict.

init_timeout: float | int | None = None¶: The timeout for executing the init system’s service or systemctl. Defaults to None (wait indefinitely).

classmethod load(filename: PathLike, override_log_filename: PathLike | None = None, override_log_level: LogLevel | None = None, override_sftp_log_filename: PathLike | None = None, override_sftp_log_level: LogLevel | None = None)[source]¶: Load the config from a file.

log_filename: PathLike | None = None¶: The path of the CertDeploy client log file.

log_level: LogLevel = 'ERROR'¶: The log level of the CertDeploy client. Valid values are DEBUG, INFO, WARNING, ERROR, and CRITICAL.

rc_service_exec: PathLike = '/usr/sbin/service'¶: The path of the init service executable.

script_timeout: float | int | None = None¶: The timeout for script based service updates. Defaults to None (wait indefinitely).

sftpd: dict¶: A dict with arguments for certdeploy.client.config.SFTPDConfig.

source: PathLike = '/var/cache/certdeploy'¶: The directory to look for new certs in.

systemd_exec: PathLike = '/usr/bin/systemctl'¶: The path of the systemctl executable.

update_delay: str = '1h'¶

The interval to delay before running the updates. Defaults to 1h. The format is <multiplier><unit> with one or more multiplier-unit pairs. For example a week and 2 days would be 1w2d. The following unit suffixes can be used:

s: second

m: minute

h: hour

d: day

w: week

update_services: list[dict]¶: A list of certdeploy.client.update.Service keyword argument dict.

class certdeploy.client.config.client.Permissions(owner: int | str = None, group: int | str = None, mode: int = None, directory_mode: int = None)[source]¶

Bases: object

CertDepoly output permissions.

directory_mode: int = None¶: The mode for the lineage directory. This must be a numeric mode (see mode for more info).

group: int | str = None¶: The group name or GID of the group for the certificates.

mode: int = None¶: The mode for the certificate files. This must be a numeric mode eg 0o700. See os.chmod for more info.

owner: int | str = None¶: The username or UID of the owner for the certificates.

class certdeploy.client.config.client.SFTPDConfig(listen_port: int = 22, listen_address: str = '', username: str = 'certdeploy', privkey_filename: PathLike | None = None, server_pubkey: str = None, server_pubkey_filename: PathLike | None = None, log_level: str = LogLevel.ERROR, log_filename: PathLike | None = None, socket_backlog: int = 10)[source]¶

Bases: object

CertDeploy client SFTP server config.

listen_address: str = ''¶: The IP address to listen on.

listen_port: int = 22¶: The port to listen on.

log_filename: PathLike | None = None¶: The path of the paramiko log file.

log_level: str = 'ERROR'¶: The paramiko log level. This is separate from the CertDeploy log level.

privkey_filename: PathLike | None = None¶: The path of the private key file.

server_pubkey: str = None¶: The text of the public key to accept logins from.

server_pubkey_filename: PathLike | None = None¶: The path of the public key to accept logins from.

socket_backlog: int = 10¶: The number of connections to queue while handling the current connection.

username: str = 'certdeploy'¶: The username to accept logins from.

certdeploy.client.config.service module¶

CertDeploy Client update service config types.

class certdeploy.client.config.service.DockerContainer(config: dict)[source]¶

Bases: DockerService

Docker container update config.

action: str = 'restart'¶: The default update method.

class certdeploy.client.config.service.DockerService(config: dict)[source]¶

Bases: Service

Docker service update config.

Notes

If no value is given for filters in config and name is given
filters will be set to exactly match name.
If no value is given for both filters and name in config,
ConfigError is raised.

class certdeploy.client.config.service.RCService(config: dict)[source]¶

Bases: Service

RC Service update config.

OpenRC/Upstart/SysV style service update config.

Note: action and name are validated. action has to be either: reload or restart. name must be a valid rc service name. It doesn’t have to exist on the system to pass validation it just has to look right.

action: str = 'restart'¶: The default update method for updating rc services. Valid values are reload or restart.

class certdeploy.client.config.service.Script(config: dict)[source]¶

Bases: Service

Script based update config.

Note

The value of name is made into an absolute path as part of: validation. This means any relative paths are evaluated relative to the current working directory of the client if they aren’t found with shutil.which(). If the script isn’t found ConfigError is raised.

class certdeploy.client.config.service.Service(config: dict)[source]¶

Bases: object

Service config base class.

Note: Some simple validation is done in this base class and its subclasses.: The goal is to catch obvious mistakes like invalid names or values of the wrong type early in the execution of the process.

action: str = None¶: The action to preform on the service. Defaults to None. This must be overriden if a service type uses it.

filters: dict = {}¶: Filters to identify the service. Defaults to an empty dict.

static load(config: dict) → Service[source]¶

Load an update service model from a config dict.

Parameters:: config (dict) – An update service config dict. The only required key for all types of services is type. Which is used to specify the type of service. Each service type has its own required config keys beyond type.

name: str = None¶: The name identifying the service. Defaults to None just so it’s available for exceptions.

timeout: float | int = False¶: The timeout for the action preformed on the service. Defaults to None.

class certdeploy.client.config.service.SystemdUnit(config: dict)[source]¶

Bases: Service

Systemd unit update config.

Note: action and name are validated. action has to be either: reload or restart. name must be a valid Systemd unit name. It doesn’t have to exist on the system to pass validation it just has to look right.

action: str = 'restart'¶: The default update method for updating systemd services. Valid values are reload or restart.

Module contents¶

Public CertDeploy Client Config.

class certdeploy.client.config.ClientConfig(*args: Any, **kwargs: Any)[source]¶

Bases: Config

CertDeploy client configuration.

See certdeploy.client.config.client.Config for details about arguments.

certdeploy.client.config package¶

Submodules¶

certdeploy.client.config.client module¶

certdeploy.client.config.service module¶

Module contents¶

certdeploy

Navigation

Related Topics