GithubHelp home page GithubHelp logo

isabella232 / interface-tls Goto Github PK

View Code? Open in Web Editor NEW

This project forked from juju-solutions/interface-tls

0.0 0.0 0.0 4 KB

The TLS charm interface written in layers and using the reactive framework.

Python 100.00%

interface-tls's Introduction

TLS interface

This is a Juju interface layer that handles the transport layer security (TLS) between charms of the same type (a.k.a. peers relation). Meaning the charms that use this layer can communicate securely with each other based on TLS certificates.

To get started please read the Introduction to PKI which defines some PKI terms, concepts and processes used in this document.

NOTE: It is important to point out that this interface does not do the actual work of issuing requests or signing certificates. The interface layer only handles the communication between the peers and the charm layer must react to the states correctly for this interface to work.

The layer-tls charm layer was created to implement this using the easy-rsa project. This interface could be implemented with other PKI technology tools (such as openssl commands) in other charm layers.

States

The interface layer emits several reactive states that a charm layer can respond to:

create certificate signing request

This is the start state that is generated when the peer relation is joined. A charm layer responding to this state should create a certificate signing request (CSR) and set the CSR on relation object using the set_csr(csr) method.

sign certificate signing request

Once the CSR is set on the relation, the leader will emit this
"sign certificate signing request" state that the charm layer can react to. The leader could then import the CSR and sign the CSR and set the signed certificate on the relation object using the 'set_cert(unit_name, certificate)' method. Here the unit_name uniquely identifies the signed certificate for each unit.

signed certificate available

Once the signed certificate is set on the relation, the interface layer will emit the "signed certificate available" state, indicating that the signed certificate is available to the charm layer in the unitdata with the key [unit-name]_signed_certificate. The charm layer can retrieve the certificate and use it in the code.

from charmhelpers.core import unitdata
database = unitdata.kv()
cert = database.get('tls.server.certificate')

Contact Information

Interface author: Matt Bruzek <[email protected]> Contributor: Charles Butler <[email protected]> Contributor: Cory Johns <[email protected]>

interface-tls's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.