Vault

  • Canonical Telco
Channel Revision Published Runs on
latest/edge 89 31 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 9 27 Jan 2023
Ubuntu 22.04 Ubuntu 20.04
1.16/stable 280 04 Oct 2024
Ubuntu 22.04
1.16/candidate 280 04 Oct 2024
Ubuntu 22.04
1.16/beta 280 04 Oct 2024
Ubuntu 22.04
1.16/edge 300 Today
Ubuntu 22.04
1.15/stable 248 24 Jul 2024
Ubuntu 22.04
1.15/candidate 248 24 Jul 2024
Ubuntu 22.04
1.15/beta 248 24 Jul 2024
Ubuntu 22.04
1.15/edge 248 10 Jul 2024
Ubuntu 22.04
juju deploy vault-k8s --channel 1.16/stable
Show information

Platform:

charms.vault_k8s.v0.vault_tls

This file includes methods to manage TLS certificates within the Vault charms.


class LogAdapter

Description

Adapter for the logger to prepend a prefix to all log lines. None

Methods

LogAdapter. process( self , msg , kwargs )

Description

Decides the format for the prepended text. None

class TLSMode

This class defines the different modes of TLS configuration.

Description

SELF_SIGNED: The charm will generate a self signed certificate. TLS_INTEGRATION: The charm will use the TLS integration relation.

class WorkloadBase

Description

Define an interface for the Machine and Container classes. None

Methods

WorkloadBase. exists( self , path: str )

Description

Check if a file exists in the workload. None

WorkloadBase. pull( self , path: str )

Description

Read file from the workload. None

WorkloadBase. push( self , path: str , source: str )

Description

Write file to the workload. None

WorkloadBase. make_dir( self , path: str )

Description

Create directory in the workload. None

WorkloadBase. remove_path( self , path: str , recursive: bool )

Description

Remove file or directory from the workload. None

WorkloadBase. send_signal( self , signal: int , process: str )

Description

Send a signal to a process in the workload. None

WorkloadBase. restart( self , process: str )

Description

Restart the workload service. None

WorkloadBase. stop( self , process: str )

Description

Stop a service in the workload. None

class VaultCertsError

Description

Exception raised when a vault certificate is not found. None

Methods

VaultCertsError. __init__( self , message: str )

class File

Description

This enum determines which files are expected of the library to read. None

class VaultTLSManager

Description

This class configures the certificates within Vault. None

Methods

VaultTLSManager. __init__( self , charm: CharmBase , service_name: str , tls_directory_path: str , workload: WorkloadBase , common_name: str , sans_dns , sans_ip )

Create a new VaultTLSManager object.

Arguments

charm

CharmBase

service_name

Name of the container in k8s and name of the process in machine.

tls_directory_path

Path of the directory where certificates should be stored on the workload.

workload

Either a Container or a Machine.

common_name

The common name of the certificate

sans_dns

Subject alternative names of the certificate

sans_ip

Subject alternative IP addresses of the certificate

VaultTLSManager. send_ca_cert( self )

Description

Send the existing CA cert in the workload to all relations. None

VaultTLSManager. get_tls_file_path_in_workload( self , file: File )

Return the requested file's location in the workload.

Arguments

file

a File object that determines which file path to return

Returns

the path of the file from the workload's perspective

VaultTLSManager. get_tls_file_path_in_charm( self , file: File )

Return the requested file's location in the charm (not in the workload).

Arguments

file

a File object that determines which file path to return

Returns

str

path

Description

This path would typically be: /var/lib/juju/storage/certs/0/{file}.pem

VaultTLSManager. tls_file_available_in_charm( self , file: File )

Return whether the given file is available in the charm.

Arguments

file

a File object that determines which file to check

Returns

bool

True if file exists

VaultTLSManager. ca_certificate_is_saved( self )

Description

Return wether a CA cert and its private key are saved in the charm. None

VaultTLSManager. pull_tls_file_from_workload( self , file: File )

Get a file related to certs from the workload.

Arguments

file

a File object that determines which file to read.

Returns

str

The file content without whitespace Or an empty string if the file does not exist.

VaultTLSManager. ca_certificate_secret_exists( self )

Description

Return whether CA certificate is stored in secret. None

VaultTLSManager. push_autounseal_ca_cert( self , ca_cert: str )

Push the CA certificate to the workload.

Arguments

ca_cert

The CA certificate to push to the workload.

VaultTLSManager. tls_file_pushed_to_workload( self , file: File )

Return whether tls file is pushed to the workload.

Arguments

file

a File object that determines which file to check.

Returns

bool

True if file exists.

def generate_vault_ca_certificate()

Generate Vault CA certificates valid for 50 years.

Returns

CA Private key, CA certificate

def generate_vault_unit_certificate(
    common_name: str,
    sans_ip,
    sans_dns,
    ca_certificate: str,
    ca_private_key: str
)

Generate Vault unit certificates valid for 50 years.

Arguments

common_name

Common name of the certificate

sans_ip

Subject alternative IP addresses of the certificate

sans_dns

Subject alternative names of the certificate

ca_certificate

CA certificate

ca_private_key

CA private key

Returns

Private key, Certificate

def existing_certificate_is_self_signed(ca_certificate: Certificate)

Description

Return whether the certificate is a self signed certificate generated by the Vault charm. None