Vault
- Canonical Telco
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/edge | 89 | 31 Jan 2024 | |
latest/edge | 9 | 27 Jan 2023 | |
1.16/stable | 280 | 04 Oct 2024 | |
1.16/candidate | 280 | 04 Oct 2024 | |
1.16/beta | 280 | 04 Oct 2024 | |
1.16/edge | 300 | Today | |
1.15/stable | 248 | 24 Jul 2024 | |
1.15/candidate | 248 | 24 Jul 2024 | |
1.15/beta | 248 | 24 Jul 2024 | |
1.15/edge | 248 | 10 Jul 2024 |
juju deploy vault-k8s --channel 1.16/stable
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
charms.vault_k8s.v0.vault_tls
-
- Last updated 19 Nov 2024
- Revision Library version 0.14
This file includes methods to manage TLS certificates within the Vault charms.
Index
class LogAdapter
Description
Adapter for the logger to prepend a prefix to all log lines. None
Methods
LogAdapter. process( self , msg , kwargs )
Description
Decides the format for the prepended text. None
class TLSMode
This class defines the different modes of TLS configuration.
Description
SELF_SIGNED: The charm will generate a self signed certificate. TLS_INTEGRATION: The charm will use the TLS integration relation.
class WorkloadBase
Description
Define an interface for the Machine and Container classes. None
Methods
WorkloadBase. exists( self , path: str )
Description
Check if a file exists in the workload. None
WorkloadBase. pull( self , path: str )
Description
Read file from the workload. None
WorkloadBase. push( self , path: str , source: str )
Description
Write file to the workload. None
WorkloadBase. make_dir( self , path: str )
Description
Create directory in the workload. None
WorkloadBase. remove_path( self , path: str , recursive: bool )
Description
Remove file or directory from the workload. None
WorkloadBase. send_signal( self , signal: int , process: str )
Description
Send a signal to a process in the workload. None
WorkloadBase. restart( self , process: str )
Description
Restart the workload service. None
WorkloadBase. stop( self , process: str )
Description
Stop a service in the workload. None
class VaultCertsError
Description
Exception raised when a vault certificate is not found. None
Methods
VaultCertsError. __init__( self , message: str )
class File
Description
This enum determines which files are expected of the library to read. None
class VaultTLSManager
Description
This class configures the certificates within Vault. None
Methods
VaultTLSManager. __init__( self , charm: CharmBase , service_name: str , tls_directory_path: str , workload: WorkloadBase , common_name: str , sans_dns , sans_ip )
Create a new VaultTLSManager object.
Arguments
CharmBase
Name of the container in k8s and name of the process in machine.
Path of the directory where certificates should be stored on the workload.
Either a Container or a Machine.
The common name of the certificate
Subject alternative names of the certificate
Subject alternative IP addresses of the certificate
VaultTLSManager. send_ca_cert( self )
Description
Send the existing CA cert in the workload to all relations. None
VaultTLSManager. get_tls_file_path_in_workload( self , file: File )
Return the requested file's location in the workload.
Arguments
a File object that determines which file path to return
Returns
the path of the file from the workload's perspective
VaultTLSManager. get_tls_file_path_in_charm( self , file: File )
Return the requested file's location in the charm (not in the workload).
Arguments
a File object that determines which file path to return
Returns
path
Description
This path would typically be: /var/lib/juju/storage/certs/0/{file}.pem
VaultTLSManager. tls_file_available_in_charm( self , file: File )
Return whether the given file is available in the charm.
Arguments
a File object that determines which file to check
Returns
True if file exists
VaultTLSManager. ca_certificate_is_saved( self )
Description
Return wether a CA cert and its private key are saved in the charm. None
VaultTLSManager. pull_tls_file_from_workload( self , file: File )
Get a file related to certs from the workload.
Arguments
a File object that determines which file to read.
Returns
The file content without whitespace Or an empty string if the file does not exist.
VaultTLSManager. ca_certificate_secret_exists( self )
Description
Return whether CA certificate is stored in secret. None
VaultTLSManager. push_autounseal_ca_cert( self , ca_cert: str )
Push the CA certificate to the workload.
Arguments
The CA certificate to push to the workload.
VaultTLSManager. tls_file_pushed_to_workload( self , file: File )
Return whether tls file is pushed to the workload.
Arguments
a File object that determines which file to check.
Returns
True if file exists.
def generate_vault_ca_certificate()
Generate Vault CA certificates valid for 50 years.
Returns
CA Private key, CA certificate
def
generate_vault_unit_certificate(
common_name: str,
sans_ip,
sans_dns,
ca_certificate: str,
ca_private_key: str
)
Generate Vault unit certificates valid for 50 years.
Arguments
Common name of the certificate
Subject alternative IP addresses of the certificate
Subject alternative names of the certificate
CA certificate
CA private key
Returns
Private key, Certificate
def existing_certificate_is_self_signed(ca_certificate: Certificate)
Description
Return whether the certificate is a self signed certificate generated by the Vault charm. None