certdeploy.client.config package

Submodules

certdeploy.client.config.client module

CertDeploy Client config backends.

class certdeploy.client.config.client.Config(destination: ~os.PathLike, source: ~os.PathLike = '/var/cache/certdeploy', sftpd: dict = <factory>, systemd_exec: ~os.PathLike = '/usr/bin/systemctl', systemd_timeout: int | None = None, docker_url: str = 'unix://var/run/docker.sock', update_services: list[dict] = <factory>, update_delay: str = '1h', fail_fast: bool = False, file_permissions: dict = <factory>, log_level: ~certdeploy.LogLevel = 'ERROR', log_filename: ~os.PathLike | None = None)

Bases: object

CertDeploy client config.

destination: PathLike

The directory to deploy new certs to.

docker_url: str = 'unix://var/run/docker.sock'

The URI of the docker socket.

fail_fast: bool = False

Exit on the first failed action if True.

file_permissions: dict

classmethod load(filename: PathLike, override_log_filename: PathLike | None = None, override_log_level: LogLevel | None = None, override_sftp_log_filename: PathLike | None = None, override_sftp_log_level: LogLevel | None = None)

Load the config from a file.

log_filename: PathLike | None = None

The path of the CertDeploy client log file.

log_level: LogLevel = 'ERROR'

The log level of the CertDeploy client. Valid values are DEBUG, INFO, WARNING, ERROR, and CRITICAL.

sftpd: dict

A dict with arguments for certdeploy.client.config.SFTPDConfig.

source: PathLike = '/var/cache/certdeploy'

The directory to look for new certs in.

systemd_exec: PathLike = '/usr/bin/systemctl'

The path of the systemctl executable.

systemd_timeout: int | None = None

The timeout for executing systemctl. Defaults to None (wait indefinitely).

update_delay: str = '1h'

The interval to delay before running the updates. Defaults to 1h. The format is <multiplier><unit> with one or more multiplier-unit pairs. For example a week and 2 days would be 1w2d. The following unit suffixes can be used:

• s: second

• m: minute

• h: hour

• d: day

• w: week

update_services: list[dict]

A list of certdeploy.client.update.Service keyword argument dict.

class certdeploy.client.config.client.Permissions(owner: int | str = None, group: int | str = None, mode: int = None, directory_mode: int = None)

Bases: object

CertDepoly output permissions.

directory_mode: int = None

The mode for the lineage directory. This must be a numeric mode (see mode for more info).

group: int | str = None

The group name or GID of the group for the certificates.

mode: int = None

The mode for the certificate files. This must be a numeric mode eg 0o700. See os.chmod for more info.

owner: int | str = None

The username or UID of the owner for the certificates.

class certdeploy.client.config.client.SFTPDConfig(listen_port: int = 22, listen_address: str = '', username: str = 'certdeploy', privkey_filename: PathLike | None = None, server_pubkey: str = None, server_pubkey_filename: PathLike | None = None, log_level: str = LogLevel.ERROR, log_filename: PathLike | None = None, socket_backlog: int = 10)

Bases: object

CertDeploy client SFTP server config.

listen_address: str = ''

The IP address to listen on.

listen_port: int = 22

The port to listen on.

log_filename: PathLike | None = None

The path of the paramiko log file.

log_level: str = 'ERROR'

The paramiko log level. This is separate from the CertDeploy log level.

privkey_filename: PathLike | None = None

The path of the private key file.

server_pubkey: str = None

The text of the public key to accept logins from.

server_pubkey_filename: PathLike | None = None

The path of the public key to accept logins from.

socket_backlog: int = 10

The number of connections to queue while handling the current connection.

username: str = 'certdeploy'

The username to accept logins from.

certdeploy.client.config.service module

CertDeploy Client update service config types.

class certdeploy.client.config.service.DockerContainer(config: dict)

Bases: DockerService

Docker container update config.

action: str = 'restart'

The default update method.

timeout: float | int = 10

The default time to wait before giving up on preforming action.

class certdeploy.client.config.service.DockerService(config: dict)

Bases: Service

Docker service update config.

Notes

• If no value is given for filters in config and name is given

  filters will be set to exactly match name.

• If no value is given for both filters and name in config,

  ConfigError is raised.

class certdeploy.client.config.service.Script(config: dict)

Bases: Service

Script based update config.

Note

The value of name is made into an absolute path as part of

validation. This means any relative paths are evaluated relative to the current working directory of the client if they aren’t found with shutil.which(). If the script isn’t found ConfigError is raised.

class certdeploy.client.config.service.Service(config: dict)

Bases: object

Service config base class.

Note: Some simple validation is done in this base class and its subclasses.

The goal is to catch obvious mistakes like invalid names or values of the wrong type.

action: str = None

filters: dict = {}

static load(config: dict) → Service

Load an update service model from a config dict.

Parameters:

config (dict) – An update service config dict. The only required key for all types of services is type. Which is used to specify the type of service. Each service type has its own required config keys beyond type.

name: str = None

timeout: float | int = None

class certdeploy.client.config.service.SystemdUnit(config: dict)

Bases: Service

Systemd unit update config.

Note: action and name are validated. action has to be either

reload or restart. name must be a valid Systemd unit name. It doesn’t have to exist on the system to pass validation it just has to look right.

action: str = 'restart'

The default update method for updating systemd services. Valid values are reload or restart.

Module contents

Public CertDeploy Client Config.

class certdeploy.client.config.ClientConfig(*args: Any, **kwargs: Any)

Bases: Config

CertDeploy client configuration.

See certdeploy.client.config.client.Config for details about arguments.