-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add tls certificates per app support to tls certificates interf…
…ace (#172) Signed-off-by: guillaume <[email protected]>
- Loading branch information
Showing
6 changed files
with
293 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
{ | ||
"$defs": { | ||
"BaseModel": { | ||
"properties": {}, | ||
"title": "BaseModel", | ||
"type": "object" | ||
}, | ||
"Certificate": { | ||
"description": "Certificate model.", | ||
"properties": { | ||
"ca": { | ||
"description": "The signing certificate authority.", | ||
"title": "Ca", | ||
"type": "string" | ||
}, | ||
"certificate_signing_request": { | ||
"description": "Certificate signing request.", | ||
"title": "Certificate Signing Request", | ||
"type": "string" | ||
}, | ||
"certificate": { | ||
"description": "Certificate.", | ||
"title": "Certificate", | ||
"type": "string" | ||
}, | ||
"chain": { | ||
"anyOf": [ | ||
{ | ||
"items": { | ||
"type": "string" | ||
}, | ||
"type": "array" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
], | ||
"description": "List of certificates in the chain.", | ||
"title": "Chain" | ||
}, | ||
"recommended_expiry_notification_time": { | ||
"anyOf": [ | ||
{ | ||
"type": "integer" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
], | ||
"description": "Recommended expiry notification time in seconds.", | ||
"title": "Recommended Expiry Notification Time" | ||
}, | ||
"revoked": { | ||
"anyOf": [ | ||
{ | ||
"type": "boolean" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
], | ||
"description": "Whether the certificate is revoked.", | ||
"title": "Revoked" | ||
} | ||
}, | ||
"required": [ | ||
"ca", | ||
"certificate_signing_request", | ||
"certificate", | ||
"chain", | ||
"recommended_expiry_notification_time", | ||
"revoked" | ||
], | ||
"title": "Certificate", | ||
"type": "object" | ||
}, | ||
"ProviderApplicationData": { | ||
"description": "Provider application data model.", | ||
"properties": { | ||
"certificates": { | ||
"contentMediaType": "application/json", | ||
"contentSchema": { | ||
"items": { | ||
"$ref": "#/$defs/Certificate" | ||
}, | ||
"type": "array" | ||
}, | ||
"description": "List of certificates.", | ||
"title": "Certificates", | ||
"type": "string" | ||
} | ||
}, | ||
"required": [ | ||
"certificates" | ||
], | ||
"title": "ProviderApplicationData", | ||
"type": "object" | ||
} | ||
}, | ||
"description": "Provider schema for TLS Certificates.", | ||
"properties": { | ||
"unit": { | ||
"anyOf": [ | ||
{ | ||
"$ref": "#/$defs/BaseModel" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
], | ||
"default": null | ||
}, | ||
"app": { | ||
"$ref": "#/$defs/ProviderApplicationData" | ||
} | ||
}, | ||
"required": [ | ||
"app" | ||
], | ||
"title": "ProviderSchema", | ||
"type": "object" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
{ | ||
"$defs": { | ||
"CertificateSigningRequest": { | ||
"description": "Certificate signing request model.", | ||
"properties": { | ||
"certificate_signing_request": { | ||
"description": "Certificate signing request.", | ||
"title": "Certificate Signing Request", | ||
"type": "string" | ||
}, | ||
"ca": { | ||
"anyOf": [ | ||
{ | ||
"type": "boolean" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
], | ||
"description": "Whether the certificate is a CA.", | ||
"title": "Ca" | ||
} | ||
}, | ||
"required": [ | ||
"certificate_signing_request", | ||
"ca" | ||
], | ||
"title": "CertificateSigningRequest", | ||
"type": "object" | ||
}, | ||
"RequirerData": { | ||
"description": "Requirer data model.\n\nThe same model is used for the unit and application data.", | ||
"properties": { | ||
"certificate_signing_requests": { | ||
"contentMediaType": "application/json", | ||
"contentSchema": { | ||
"items": { | ||
"$ref": "#/$defs/CertificateSigningRequest" | ||
}, | ||
"type": "array" | ||
}, | ||
"description": "List of certificate signing requests.", | ||
"title": "Certificate Signing Requests", | ||
"type": "string" | ||
} | ||
}, | ||
"required": [ | ||
"certificate_signing_requests" | ||
], | ||
"title": "RequirerData", | ||
"type": "object" | ||
} | ||
}, | ||
"description": "Requirer schema for TLS Certificates.", | ||
"properties": { | ||
"unit": { | ||
"$ref": "#/$defs/RequirerData" | ||
}, | ||
"app": { | ||
"$ref": "#/$defs/RequirerData" | ||
} | ||
}, | ||
"required": [ | ||
"unit", | ||
"app" | ||
], | ||
"title": "RequirerSchema", | ||
"type": "object" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
""" | ||
This file defines the schemas for the provider and requirer sides of the `tls_certificates` interface. | ||
It exposes two interfaces.schema_base.DataBagSchema subclasses called: | ||
- ProviderSchema | ||
- RequirerSchema | ||
Examples: | ||
ProviderSchema: | ||
unit: <empty> | ||
app: { | ||
"certificates": [ | ||
{ | ||
"ca": "-----BEGIN CERTIFICATE----- ...", | ||
"chain": [ | ||
"-----BEGIN CERTIFICATE----- ...", | ||
"-----BEGIN CERTIFICATE----- ..." | ||
], | ||
"certificate_signing_request": "-----BEGIN CERTIFICATE REQUEST----- ...", | ||
"certificate": "-----BEGIN CERTIFICATE----- ..." | ||
} | ||
] | ||
} | ||
RequirerSchema: | ||
unit: { | ||
"certificate_signing_requests": [ | ||
{ | ||
"certificate_signing_request": "-----BEGIN CERTIFICATE REQUEST----- ...", | ||
"ca": true | ||
} | ||
] | ||
} | ||
app: <empty> | ||
""" | ||
|
||
from typing import List, Optional | ||
from pydantic import BaseModel, Field, Json | ||
from interface_tester.schema_base import DataBagSchema | ||
|
||
|
||
class Certificate(BaseModel): | ||
"""Certificate model.""" | ||
ca: str = Field( | ||
description="The signing certificate authority." | ||
) | ||
certificate_signing_request: str = Field( | ||
description="Certificate signing request." | ||
) | ||
certificate: str = Field( | ||
description="Certificate." | ||
) | ||
chain: Optional[List[str]] = Field( | ||
description="List of certificates in the chain." | ||
) | ||
recommended_expiry_notification_time: Optional[int] = Field( | ||
description="Recommended expiry notification time in seconds." | ||
) | ||
revoked: Optional[bool] = Field( | ||
description="Whether the certificate is revoked." | ||
) | ||
|
||
|
||
class CertificateSigningRequest(BaseModel): | ||
"""Certificate signing request model.""" | ||
certificate_signing_request: str = Field( | ||
description="Certificate signing request." | ||
) | ||
ca: Optional[bool] = Field( | ||
description="Whether the certificate is a CA." | ||
) | ||
|
||
|
||
class ProviderApplicationData(BaseModel): | ||
"""Provider application data model.""" | ||
certificates: Json[List[Certificate]] = Field( | ||
description="List of certificates." | ||
) | ||
|
||
|
||
class RequirerData(BaseModel): | ||
"""Requirer data model. | ||
The same model is used for the unit and application data. | ||
""" | ||
|
||
certificate_signing_requests: Json[List[CertificateSigningRequest]] = Field( | ||
description="List of certificate signing requests." | ||
) | ||
|
||
|
||
class ProviderSchema(DataBagSchema): | ||
"""Provider schema for TLS Certificates.""" | ||
|
||
app: ProviderApplicationData | ||
|
||
|
||
class RequirerSchema(DataBagSchema): | ||
"""Requirer schema for TLS Certificates.""" | ||
|
||
app: RequirerData | ||
unit: RequirerData |
Oops, something went wrong.