idem-tls 2.0.0

What is POP?

This project is built with pop, a Python-based implementation of Plugin Oriented Programming (POP). POP seeks to bring together concepts and wisdom from the history of computing in new ways to solve modern computing problems.

For more information:

• Intro to Plugin Oriented Programming (POP)

• pop-awesome

• pop-create

Prerequisites

• Python 3.8+

• git (if installing from source or contributing to the project)

  To contribute to the project and set up your local development environment, see CONTRIBUTING.rst in the source repository for this project.

Installation

You can install idem-tls with the Python package installer (PyPI) or from source.

pip install idem-tls

# clone repo
git clone git@<your-project-path>/idem-tls.git
cd idem-tls

# Setup venv
python3 -m venv .venv
source .venv/bin/activate
pip install -e .

Setup

After installation, idem-tls execution and state modules are accessible to the pop hub.

For more information:

• Intro to Plugin Oriented Programming (POP)

• pop hub

To set the TLS method that idem-tls uses, configure it in your credentials.yaml file.

Credentials for idem-tls are optional. If you don’t configure a TLS method, the plugin uses TLSv1 by default.

credentials.yaml:

tls:
  default:
    method: TLSv1_2

For more about Idem credentials files, including recommended steps for encryption and environment variables, see Authenticating with Idem

You are now ready to use idem-tls.

Exec Module

An SLS file specifies the desired state of a resource. You can run an exec module within an SLS file using the exec.run state, where the exec module returns a new state that can be referenced with argument binding.

The idem-tls plugin exec module supports TLS certificate get and list operations.

• tls.certificate.get

  Return the root CA certificate for a given URL.

• tls.certificate.list

  Return the certificate chain for a given URL.

Syntax:

[Idem-state-name]:
  exec.run:
    - path: tls.certificate.get
    - kwargs:
        url: 'string'

Example:

unmanaged-tls_certificate:
  exec.run:
    - path: tls.certificate.get
    - kwargs:
        url: https://oidc.eks.us-east-2.amazonaws.com/id/sample
oidc.eks.us-east-2.amazonaws.com/id/sample:
    aws.iam.open_id_connect_provider.present:
      name: oidc.eks.us-east-2.amazonaws.com/id/sample
      resource_id: oidc.eks.us-east-2.amazonaws.com/id/sample
      url:  https://oidc.eks.us-east-2.amazonaws.com/id/sample
      client_id_list:
        - sample_client
      thumbprint_list:
        - ${exec:unmanaged-tls_certificate:sha1_fingerprint}
      tags:
        - Key: tag-key-1
          Value: tag-value-1
        - Key: tag-key-2
          Value: tag-value-2

Idem command line example:

idem exec exec.tls.certificate.list url=https://oidc.eks.us-east-2.amazonaws.com/id/sample

Current Supported Resource States

tls

certificate