certwrangler.state_managers.local module

certwrangler.state_managers.local._is_encrypted(data: str) → bool

Simple check to see if the state is encrypted based on the presence of the encryption header and footer.

certwrangler.state_managers.local._parse_encrypted_state(data: str) → Dict[str, Any]

Parses the encrypted state and returns a dict with the encrypted data and any discovered metadata tags.

Raises:

ValueError – Raised if state file cannot be parsed.

certwrangler.state_managers.local._decrypt(data: str, encryptor: Encryptor) → str

Decrypt the encrypted state. Returns the decrypted contents of the data payload.

certwrangler.state_managers.local._encrypt(encryptor: Encryptor, data: str, metadata: Dict[str, str] | None = None) → str

Encrypts the contents of data using the provided encryptor. Can optionally embed a dict of additional metadata to the encrypted envelope.

Note that the metadata is not encrypted and stored in plain text.

certwrangler.state_managers.local._list_entities(state_path_dir: Path, known_entities: List[str]) → Dict[str, Dict[str, Any]]

Loops through the contents of the provided state_path_dir and compares the discovered entities to the provided known_entities list. Returns an inventory of discovered entities, including whether they’re encrypted, the encryption metadata, if they’re orphaned (not in known_entities), and their path.

class certwrangler.state_managers.local.LocalStateManager(*, driver: ~typing.Literal['local'], encryption_keys: ~typing.List[~typing.Annotated[~cryptography.fernet.Fernet, ~pydantic.functional_validators.BeforeValidator(func=~certwrangler.types.<lambda>, json_schema_input_type=PydanticUndefined), ~pydantic.json_schema.WithJsonSchema(json_schema={'type': 'string'}, mode=None)]] = <factory>, path: ~pathlib.Path = PosixPath('/github/home/.local/share/certwrangler'))

Bases: StateManager

Local storage state manager driver.

driver: Literal['local']

base_path: Path

property certs_path: Path

The path to the certs subdirectory based on base_path.

property accounts_path: Path

The path to the accounts subdirectory based on base_path.

initialize() → None

Create the configured state storage directories based on the base_path.

Raises:

StateManagerError – Raised on errors creating the state directories.

list() → Dict[str, Dict[str, Any]]

List all the state entities under management. Returns a dict of all the names of accounts and certs it discovers.

Raises:

StateManagerError – Raised on errors reading the state.

save(entity: Account | Cert, encrypt: bool = True) → None

Save the provided entity’s (Account or Cert object) state and by default will encrypt the contents if an encryptor is configured.

Raises:

StateManagerError – Raised on errors writing the state.

load(entity: Account | Cert) → None

Load and decrypt (if an encryptor is present) the state of the provided entity (Account or Cert object).

Raises:

StateManagerError – Raised on errors reading, decoding, or decrypting the state.

delete(entity_class: Literal['account', 'cert'], entity_name: str) → None

Delete the state for the provided entity_class and entity_name.

Raises:

StateManagerError – Raised on errors deleting the state.

model_config

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].