certwrangler.models module#
This module contains all the models used in certwrangler’s config and state.
Note that the name field is automatically populated on loading of the
config based on the key of the object.
- pydantic model certwrangler.models.NamedModel[source]#
Bases:
BaseModelBase class for models that have a name.
The
_nameattribute is set by theConfigclass as part ofConfig.__post_populate()based on the key that the model was defined under.Show Entity Relationship Diagram
Show JSON schema
{ "title": "NamedModel", "description": "Base class for models that have a name.\n\nThe :attr:`_name` attribute is set by the :class:`Config` class as part of\n:meth:`Config.__post_populate` based on the key that the model was defined\nunder.", "type": "object", "properties": {} }
- pydantic model certwrangler.models.StateModel[source]#
Bases:
BaseModelBase class for models representing state.
The
_migratedattribute is set if the model schema was migrated.Show Entity Relationship Diagram
Show JSON schema
{ "title": "StateModel", "description": "Base class for models representing state.\n\nThe :attr:`_migrated` attribute is set if the model schema was migrated.", "type": "object", "properties": {} }
- Validators:
_handle_schema_migrations»all fields
- property _schema_version: int#
The version of the schema, which is based on how many schema migrations are defined on the model.
- validator _handle_schema_migrations » all fields[source]#
Iterate through the defined schema_migrations callables to perform any needed migrations. This checks the incoming data for the current schema version to determine which migrations it should apply. This also instantiates the class and sets the _migrated variable to True if any of the migration callables were applied.
The callables should mutate the data dict as needed to migrate the schema then return it.
- pydantic model certwrangler.models.Solver[source]#
Bases:
NamedModelBase class for ACME challenge solver drivers.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Solver", "description": "Base class for ACME challenge solver drivers.", "type": "object", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" }, "zones": { "description": "A list of DNS zones this solver should be used for.", "items": { "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "type": "string" }, "title": "Zones", "type": "array" } }, "required": [ "driver", "zones" ] }
- Fields:
- Validators:
- field zones: List[Domain] [Required]#
A list of DNS zones this solver should be used for.
- Validated by:
- abstractmethod create(name: str, domain: str, content: str) None[source]#
This should handle the logic of creating a TXT record.
- abstractmethod delete(name: str, domain: str, content: str) None[source]#
This should handle the logic of deleting a TXT record.
- initialize() None[source]#
Any driver specific initialization steps (creating resources, setting up clients, etc) should be placed here.
- validator __validate_zones » zones#
Validate that the configured zones have valid SOA records.
- Returns:
A list of valid zones.
- Raises:
ValueError – Raised if a configured zone doesn’t have an SOA record.
- class certwrangler.models.Encryptor(fernets: Iterable[Fernet])[source]#
Bases:
MultiFernetThis just adds the ability to generate a fingerprint of a fernet key.
- pydantic model certwrangler.models.StateManager[source]#
Bases:
BaseModelBase class for state manager drivers.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "StateManager", "description": "Base class for state manager drivers.", "type": "object", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" }, "encryption_keys": { "description": "An optional list of encryption keys to use to encrypt the state. Only the top-most key will be used for encryption operations, the additional keys are only used to decrypt the state in the case that a new key was added. New keys can be generated using the ``certwrangler state generate-key`` command.", "items": { "type": "string" }, "title": "Encryption Keys", "type": "array" } }, "required": [ "driver" ] }
- field encryption_keys: List[FernetKey] [Optional]#
An optional list of encryption keys to use to encrypt the state. Only the top-most key will be used for encryption operations, the additional keys are only used to decrypt the state in the case that a new key was added. New keys can be generated using the
certwrangler state generate-keycommand.
- property encryptor: Encryptor | None#
This sets up and returns an Encryptor if
encryption_keysare defined.- Returns:
The initialized
Encryptorifencryption_keysare defined, otherwise returnsNone.
- initialize() None[source]#
Any driver specific initialization steps (creating resources, setting up clients, etc) should be placed here.
- abstractmethod list() Dict[str, Dict[str, Any]][source]#
Lists all the saved states for the given entity_class including encryption fingerprint.
- abstractmethod save(entity: Account | Cert, encrypt: bool = True) None[source]#
Saves the state of the given entity.
- pydantic model certwrangler.models.Store[source]#
Bases:
NamedModelBase class for store drivers.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Store", "description": "Base class for store drivers.", "type": "object", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" } }, "required": [ "driver" ] }
- Fields:
- abstractmethod publish(cert: Cert) None[source]#
This should handle the logic of publishing the cert to the store.
- pydantic model certwrangler.models.AccountState[source]#
Bases:
StateModelManaged ACME account state.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "AccountState", "description": "Managed ACME account state.", "type": "object", "properties": { "registration": { "anyOf": [ { "type": "object" }, { "type": "null" } ], "default": null, "description": "The ACME registration record.", "title": "Registration" }, "key": { "anyOf": [ { "type": "object" }, { "type": "null" } ], "default": null, "description": "The current RSA key.", "title": "Key" }, "key_size": { "anyOf": [ { "type": "integer" }, { "type": "null" } ], "default": null, "description": "The size of the current RSA key in bits.", "title": "Key Size" }, "status": { "$ref": "#/$defs/AccountStatus", "default": "new" } }, "$defs": { "AccountStatus": { "enum": [ "new", "active" ], "title": "AccountStatus", "type": "string" } } }
- Fields:
- Validators:
- field status: AccountStatus = AccountStatus.new#
- Validated by:
- pydantic model certwrangler.models.Account[source]#
Bases:
NamedModelManaged ACME account definition.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Account", "description": "Managed ACME account definition.", "type": "object", "properties": { "emails": { "description": "A list of email addresses for the account.", "items": { "format": "email", "type": "string" }, "title": "Emails", "type": "array" }, "server": { "default": "https://acme-v02.api.letsencrypt.org/directory", "description": "The URL of the ACME server.", "format": "uri", "maxLength": 2083, "minLength": 1, "title": "Server", "type": "string" }, "key_size": { "default": 2048, "description": "The desired size of the RSA key in bits", "title": "Key Size", "type": "integer" } }, "required": [ "emails" ] }
- Fields:
- Validators:
- field emails: List[EmailStr] [Required]#
A list of email addresses for the account.
- Validated by:
- field server: HttpUrl = HttpUrl('https://acme-v02.api.letsencrypt.org/directory')#
The URL of the ACME server.
- _state: AccountState#
- property state: AccountState#
- pydantic model certwrangler.models.Subject[source]#
Bases:
NamedModelCert subject.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Subject", "description": "Cert subject.", "type": "object", "properties": { "country": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The country name OID.", "title": "Country" }, "state_or_province": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The state or province OID.", "title": "State Or Province" }, "locality": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The locality OID.", "title": "Locality" }, "organization": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The organization OID.", "title": "Organization" }, "organizational_unit": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The organizational unit OID.", "title": "Organizational Unit" } } }
- Fields:
- pydantic model certwrangler.models.CertState[source]#
Bases:
StateModelManaged cert state.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "CertState", "description": "Managed cert state.", "type": "object", "properties": { "url": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The URL of the cert retrieved from the ACME server.", "title": "Url" }, "key": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The cert's RSA key.", "title": "Key" }, "key_size": { "anyOf": [ { "type": "integer" }, { "type": "null" } ], "default": null, "description": "The size of the RSA key in bits.", "title": "Key Size" }, "cert": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The cert returned by the ACME server.", "title": "Cert" }, "chain": { "anyOf": [ { "items": { "type": "string" }, "type": "array" }, { "type": "null" } ], "default": null, "description": "The chain of trust returned by the ACME server.", "title": "Chain" }, "csr": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The CSR generated to request the cert.", "title": "Csr" }, "order": { "anyOf": [ { "type": "object" }, { "type": "null" } ], "default": null, "description": "The order if an order is currently active.", "title": "Order" }, "status": { "$ref": "#/$defs/CertStatus", "default": "new" } }, "$defs": { "CertStatus": { "enum": [ "new", "active", "renewing" ], "title": "CertStatus", "type": "string" } } }
- Fields:
- Validators:
- field chain: List[X509Certificate] | None = None#
The chain of trust returned by the ACME server.
- Validated by:
- field status: CertStatus = CertStatus.new#
- Validated by:
- property fullchain: WithJsonSchema(json_schema={'type': 'string'}, mode=None)]] | None#
The full chain of trust including the leaf cert.
- pydantic model certwrangler.models.Cert[source]#
Bases:
NamedModelManaged cert definition.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Cert", "description": "Managed cert definition.", "type": "object", "properties": { "common_name": { "description": "The common name for the cert.", "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "title": "Common Name", "type": "string" }, "account_name": { "description": "The name of the configured ACME account the cert should be created under.", "title": "Account Name", "type": "string" }, "store_names": { "description": "A list of the configured stores the cert should be published to.", "items": { "type": "string" }, "title": "Store Names", "type": "array" }, "store_key": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional sub-key the cert should be published to in the store. Currently only supported by the vault store driver.", "title": "Store Key" }, "subject_name": { "default": "default", "description": "The name of the configured subject the cert should be created with.", "title": "Subject Name", "type": "string" }, "alt_names": { "description": "A list of alternative names for the cert.", "items": { "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "type": "string" }, "title": "Alt Names", "type": "array" }, "wait_timeout": { "default": "PT5M", "description": "Wait timeout for DNS operations.", "format": "duration", "title": "Wait Timeout", "type": "string" }, "key_size": { "default": 2048, "description": "The desired size of the RSA key in bits.", "title": "Key Size", "type": "integer" }, "follow_cnames": { "default": true, "description": "Whether to follow CNAMEs for DNS operations.", "title": "Follow Cnames", "type": "boolean" }, "renewal_threshold": { "default": "P30D", "description": "How many days before a cert expires should it be renewed.", "format": "duration", "title": "Renewal Threshold", "type": "string" } }, "required": [ "common_name", "account_name", "store_names" ] }
- Fields:
- Validators:
- field common_name: Domain [Required]#
The common name for the cert.
- Constraints:
pattern = ^(?:(*.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$
- field account_name: str [Required]#
The name of the configured ACME account the cert should be created under.
- field store_names: List[str] [Required]#
A list of the configured stores the cert should be published to.
- Validated by:
- field store_key: str | None = None#
Optional sub-key the cert should be published to in the store. Currently only supported by the vault store driver.
- field subject_name: str = 'default'#
The name of the configured subject the cert should be created with.
- field alt_names: List[Domain] [Optional]#
A list of alternative names for the cert.
- field wait_timeout: timedelta = datetime.timedelta(seconds=300)#
Wait timeout for DNS operations.
- field renewal_threshold: Days = datetime.timedelta(days=30)#
How many days before a cert expires should it be renewed.
- Constraints:
func = <function <lambda> at 0x7f21c39359e0>
json_schema_input_type = PydanticUndefined
return_type = PydanticUndefined
when_used = always
- property account: Account#
Returns the account object configured for the cert.
- Raises:
ValueError – Raised if the account can’t be found in the config.
- property stores: List[Store]#
Returns a list of the configured store objects.
- Raises:
ValueError – Raised if a store can’t be found in the config.
- property subject: Subject#
Returns the subject object configured for the cert.
- Raises:
ValueError – Raised if a subject can’t be found in the config.
- get_solver_for_zone(zone: str) Solver[source]#
Finds a solver for a given zone name.
- Raises:
ValueError – Raised if a solver for the zone can’t be found in the config.
- validator __validate_unique_stores » store_names#
Validates that all the configured stores are unique.
- Raises:
ValueError – Raised if there are duplicate stores.
- property time_left: timedelta#
Returns the cert expiry as a
datetime.timedelta. If no cert is in the state it returns an emptydatetime.timedelta.- Returns:
A
datetime.timedeltarepresenting the cert’s expiry.
- property needs_renewal: bool#
Check if a cert needs to be renewed by checking its expiry time is less than
renewal_threshold, or if it’scommon_nameoralternative_nameschanged.We specifically don’t check for the
subjectsince apparently LE strips that out.- Returns:
A
boolrepresenting if the cert should be renewed.
- pydantic model certwrangler.models.ReconcilerConfig[source]#
Bases:
BaseModelConfig for the reconciler loop subsystem.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "ReconcilerConfig", "description": "Config for the reconciler loop subsystem.", "type": "object", "properties": { "interval": { "default": 60, "description": "Reconciler interval in seconds.", "title": "Interval", "type": "integer" } } }
- Fields:
- pydantic model certwrangler.models.MetricsConfig[source]#
Bases:
BaseModelConfig for the metrics subsystem.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "MetricsConfig", "description": "Config for the metrics subsystem.", "type": "object", "properties": { "mount": { "default": "/metrics", "description": "The mount-point for metrics.", "title": "Mount", "type": "string" } } }
- Fields:
- pydantic model certwrangler.models.HttpConfig[source]#
Bases:
BaseModelConfig for the HTTP subsystem.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "HttpConfig", "description": "Config for the HTTP subsystem.", "type": "object", "properties": { "host": { "default": "127.0.0.1", "description": "Address the HTTP server should bind to.", "format": "ipvanyaddress", "title": "Host", "type": "string" }, "port": { "default": 6377, "description": "Port the HTTP server should listen on.", "title": "Port", "type": "integer" }, "server_name": { "default": "certwrangler", "description": "Name of the HTTP server.", "title": "Server Name", "type": "string" }, "ssl_key_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key.", "title": "Ssl Key File" }, "ssl_key_password": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key password.", "title": "Ssl Key Password" }, "ssl_cert_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL cert.", "title": "Ssl Cert File" }, "ssl_ca_certs_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL CA cert.", "title": "Ssl Ca Certs File" } } }
- Fields:
- Validators:
- field host: IPvAnyAddress = IPv4Address('127.0.0.1')#
Address the HTTP server should bind to.
- Validated by:
- validator __validate_ssl_files_exist » ssl_key_file, ssl_cert_file, ssl_ca_certs_file#
Validates that the specified file exists.
- Raises:
ValueError – Raised if the file does not exist.
- validator __validate_ssl_options » all fields#
Validate that we have both
ssl_key_fileandssl_cert_filepopulated if either are set.- Raises:
ValueError – Raised if either
ssl_key_fileorssl_cert_fileis not set when the other is set.
- pydantic model certwrangler.models.DaemonConfig[source]#
Bases:
BaseModelConfig for the daemon.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "DaemonConfig", "description": "Config for the daemon.", "type": "object", "properties": { "reconciler": { "$ref": "#/$defs/ReconcilerConfig", "description": "Config for the reconciler." }, "metrics": { "$ref": "#/$defs/MetricsConfig", "description": "Config for metrics." }, "http": { "$ref": "#/$defs/HttpConfig", "description": "Config for the http server." }, "watchdog_interval": { "default": 30, "description": "Watchdog interval in seconds. The watchdog periodically checks to see if any of the daemon threads have died.", "title": "Watchdog Interval", "type": "integer" } }, "$defs": { "HttpConfig": { "description": "Config for the HTTP subsystem.", "properties": { "host": { "default": "127.0.0.1", "description": "Address the HTTP server should bind to.", "format": "ipvanyaddress", "title": "Host", "type": "string" }, "port": { "default": 6377, "description": "Port the HTTP server should listen on.", "title": "Port", "type": "integer" }, "server_name": { "default": "certwrangler", "description": "Name of the HTTP server.", "title": "Server Name", "type": "string" }, "ssl_key_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key.", "title": "Ssl Key File" }, "ssl_key_password": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key password.", "title": "Ssl Key Password" }, "ssl_cert_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL cert.", "title": "Ssl Cert File" }, "ssl_ca_certs_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL CA cert.", "title": "Ssl Ca Certs File" } }, "title": "HttpConfig", "type": "object" }, "MetricsConfig": { "description": "Config for the metrics subsystem.", "properties": { "mount": { "default": "/metrics", "description": "The mount-point for metrics.", "title": "Mount", "type": "string" } }, "title": "MetricsConfig", "type": "object" }, "ReconcilerConfig": { "description": "Config for the reconciler loop subsystem.", "properties": { "interval": { "default": 60, "description": "Reconciler interval in seconds.", "title": "Interval", "type": "integer" } }, "title": "ReconcilerConfig", "type": "object" } } }
- Fields:
- field reconciler: ReconcilerConfig [Optional]#
Config for the reconciler.
- field metrics: MetricsConfig [Optional]#
Config for metrics.
- field http: HttpConfig [Optional]#
Config for the http server.
- pydantic model certwrangler.models.Config[source]#
Bases:
BaseModelThe root config object for the application.
This class is the root of the entire config tree of the application and is responsible for loading any of the plugins specified by sub-members in their configuration as well as triggering any initialization hooks that may be specified by the various plugins.
Show Entity Relationship Diagram
Show JSON schema
{ "title": "Config", "description": "The root config object for the application.\n\nThis class is the root of the entire config tree of the application and is\nresponsible for loading any of the plugins specified by sub-members in\ntheir configuration as well as triggering any initialization hooks that\nmay be specified by the various plugins.", "type": "object", "properties": { "daemon": { "$ref": "#/$defs/DaemonConfig" }, "state": { "$ref": "#/$defs/StateManager", "description": "Config for the state manager." }, "accounts": { "additionalProperties": { "$ref": "#/$defs/Account" }, "description": "Config for the accounts.", "title": "Accounts", "type": "object" }, "certs": { "additionalProperties": { "$ref": "#/$defs/Cert" }, "description": "Config for the certs.", "title": "Certs", "type": "object" }, "solvers": { "additionalProperties": { "$ref": "#/$defs/Solver" }, "description": "Config for the solvers.", "title": "Solvers", "type": "object" }, "stores": { "additionalProperties": { "$ref": "#/$defs/Store" }, "description": "Config for the stores.", "title": "Stores", "type": "object" }, "subjects": { "additionalProperties": { "$ref": "#/$defs/Subject" }, "description": "Config for the subjects.", "title": "Subjects", "type": "object" } }, "$defs": { "Account": { "description": "Managed ACME account definition.", "properties": { "emails": { "description": "A list of email addresses for the account.", "items": { "format": "email", "type": "string" }, "title": "Emails", "type": "array" }, "server": { "default": "https://acme-v02.api.letsencrypt.org/directory", "description": "The URL of the ACME server.", "format": "uri", "maxLength": 2083, "minLength": 1, "title": "Server", "type": "string" }, "key_size": { "default": 2048, "description": "The desired size of the RSA key in bits", "title": "Key Size", "type": "integer" } }, "required": [ "emails" ], "title": "Account", "type": "object" }, "Cert": { "description": "Managed cert definition.", "properties": { "common_name": { "description": "The common name for the cert.", "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "title": "Common Name", "type": "string" }, "account_name": { "description": "The name of the configured ACME account the cert should be created under.", "title": "Account Name", "type": "string" }, "store_names": { "description": "A list of the configured stores the cert should be published to.", "items": { "type": "string" }, "title": "Store Names", "type": "array" }, "store_key": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional sub-key the cert should be published to in the store. Currently only supported by the vault store driver.", "title": "Store Key" }, "subject_name": { "default": "default", "description": "The name of the configured subject the cert should be created with.", "title": "Subject Name", "type": "string" }, "alt_names": { "description": "A list of alternative names for the cert.", "items": { "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "type": "string" }, "title": "Alt Names", "type": "array" }, "wait_timeout": { "default": "PT5M", "description": "Wait timeout for DNS operations.", "format": "duration", "title": "Wait Timeout", "type": "string" }, "key_size": { "default": 2048, "description": "The desired size of the RSA key in bits.", "title": "Key Size", "type": "integer" }, "follow_cnames": { "default": true, "description": "Whether to follow CNAMEs for DNS operations.", "title": "Follow Cnames", "type": "boolean" }, "renewal_threshold": { "default": "P30D", "description": "How many days before a cert expires should it be renewed.", "format": "duration", "title": "Renewal Threshold", "type": "string" } }, "required": [ "common_name", "account_name", "store_names" ], "title": "Cert", "type": "object" }, "DaemonConfig": { "description": "Config for the daemon.", "properties": { "reconciler": { "$ref": "#/$defs/ReconcilerConfig", "description": "Config for the reconciler." }, "metrics": { "$ref": "#/$defs/MetricsConfig", "description": "Config for metrics." }, "http": { "$ref": "#/$defs/HttpConfig", "description": "Config for the http server." }, "watchdog_interval": { "default": 30, "description": "Watchdog interval in seconds. The watchdog periodically checks to see if any of the daemon threads have died.", "title": "Watchdog Interval", "type": "integer" } }, "title": "DaemonConfig", "type": "object" }, "HttpConfig": { "description": "Config for the HTTP subsystem.", "properties": { "host": { "default": "127.0.0.1", "description": "Address the HTTP server should bind to.", "format": "ipvanyaddress", "title": "Host", "type": "string" }, "port": { "default": 6377, "description": "Port the HTTP server should listen on.", "title": "Port", "type": "integer" }, "server_name": { "default": "certwrangler", "description": "Name of the HTTP server.", "title": "Server Name", "type": "string" }, "ssl_key_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key.", "title": "Ssl Key File" }, "ssl_key_password": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL key password.", "title": "Ssl Key Password" }, "ssl_cert_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL cert.", "title": "Ssl Cert File" }, "ssl_ca_certs_file": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional SSL CA cert.", "title": "Ssl Ca Certs File" } }, "title": "HttpConfig", "type": "object" }, "MetricsConfig": { "description": "Config for the metrics subsystem.", "properties": { "mount": { "default": "/metrics", "description": "The mount-point for metrics.", "title": "Mount", "type": "string" } }, "title": "MetricsConfig", "type": "object" }, "ReconcilerConfig": { "description": "Config for the reconciler loop subsystem.", "properties": { "interval": { "default": 60, "description": "Reconciler interval in seconds.", "title": "Interval", "type": "integer" } }, "title": "ReconcilerConfig", "type": "object" }, "Solver": { "description": "Base class for ACME challenge solver drivers.", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" }, "zones": { "description": "A list of DNS zones this solver should be used for.", "items": { "pattern": "^(?:(\\*\\.|[a-zA-Z0-9])(?:[a-zA-Z0-9-_]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z0-9][A-Za-z0-9-_]{0,61}[A-Za-z]$", "type": "string" }, "title": "Zones", "type": "array" } }, "required": [ "driver", "zones" ], "title": "Solver", "type": "object" }, "StateManager": { "description": "Base class for state manager drivers.", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" }, "encryption_keys": { "description": "An optional list of encryption keys to use to encrypt the state. Only the top-most key will be used for encryption operations, the additional keys are only used to decrypt the state in the case that a new key was added. New keys can be generated using the ``certwrangler state generate-key`` command.", "items": { "type": "string" }, "title": "Encryption Keys", "type": "array" } }, "required": [ "driver" ], "title": "StateManager", "type": "object" }, "Store": { "description": "Base class for store drivers.", "properties": { "driver": { "description": "The name of the driver to use.", "title": "Driver", "type": "string" } }, "required": [ "driver" ], "title": "Store", "type": "object" }, "Subject": { "description": "Cert subject.", "properties": { "country": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The country name OID.", "title": "Country" }, "state_or_province": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The state or province OID.", "title": "State Or Province" }, "locality": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The locality OID.", "title": "Locality" }, "organization": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The organization OID.", "title": "Organization" }, "organizational_unit": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "The organizational unit OID.", "title": "Organizational Unit" } }, "title": "Subject", "type": "object" } }, "required": [ "state", "accounts", "certs", "solvers", "stores", "subjects" ] }
- Fields:
- Validators:
__post_populate»all fields__pre_populate»all fields
- field daemon: DaemonConfig [Optional]#
Config for the daemon.
- Validated by:
- field state_manager: StateManager [Required] (alias 'state')#
Config for the state manager.
- Validated by:
- validator __load_solver_plugins » solvers#
Dynamically load solver plugins based on their driver key.
- Raises:
ValueError – Raised if the specified plugin can’t be loaded.
- validator __load_state_manager_plugin » state_manager#
Dynamically load state_manager plugins based on their driver key.
- Raises:
ValueError – Raised if the specified plugin can’t be loaded.
- validator __load_store_plugins » stores#
Dynamically load store plugins based on their driver key.
- Raises:
ValueError – Raised if the specified plugin can’t be loaded.
- validator __pre_populate » all fields#
Pre-populate the config data with some defaults.
- validator __post_populate » all fields#
Loops through the certs config and populates the reference to the root config object, which is needed to resolve foreign references.
Also loops through all the objects and populates their name field based on their key.
It then tries to resolve all references to account, subject, and stores on the cert object and will raise a ValueError if any references don’t resolve.
- Raises:
ValueError – Raised if any references on sub-objects don’t resolve.