TlsRequires(self, endpoint_name, relation_ids=None)The client's side of the interface protocol.
The following flags may be set:
-
{endpoint_name}.availableWhenever the relation is joined. -
{endpoint_name}.ca.availableWhen the root CA information is available via the root_ca_cert and root_ca_chain properties. -
{endpoint_name}.ca.changedWhen the root CA information has changed, whether because they have just become available or if they were regenerated by the CA. Once processed this flag should be removed by the charm. -
{endpoint_name}.certs.availableWhen the requested server or client certs are available. -
{endpoint_name}.certs.changedWhen the requested server or client certs have changed, whether because they have just become available or if they were regenerated by the CA. Once processed this flag should be removed by the charm. -
{endpoint_name}.server.certs.availableWhen the server certificates requested by request_server_cert are available via the server_certs collection. -
{endpoint_name}.server.certs.changedWhen the requested server certificates have changed, whether because they have just become available or if they were regenerated by the CA. Once processed this flag should be removed by the charm. -
{endpoint_name}.client.certs.availableWhen the client certificates requested by request_client_cert are available via the client_certs collection. -
{endpoint_name}.client.certs.changedWhen the requested client certificates have changed, whether because they have just become available or if they were regenerated by the CA. Once processed this flag should be removed by the charm.
The following flags have been deprecated:
{endpoint_name}.server.cert.available{endpoint_name}.client.cert.available{endpoint_name}.batch.cert.available
List of Certificate instances for all available application certs.
List of Certificate instances for all available client certs.
Mapping of client Certificate instances by their common_name.
Root CA certificate.
The chain of trust for the root CA.
List of Certificate instances for all available server certs.
Mapping of server Certificate instances by their common_name.
TlsRequires.get_ca()Return the root CA certificate.
Same as root_ca_cert.
TlsRequires.get_chain()Return the chain of trust for the root CA.
Same as root_ca_chain.
TlsRequires.get_client_cert()Deprecated. Use request_client_cert and the client_certs collection instead.
Return a globally shared client certificate and key.
TlsRequires.get_server_cert()Deprecated. Use the server_certs collection instead.
Return the cert and key of the first server certificate requested.
TlsRequires.get_batch_requests()Deprecated. Use server_certs_map instead.
Mapping of server Certificate instances by their common_name.
TlsRequires.request_server_cert(cn, sans=None, cert_name=None)Request a server certificate and key be generated for the given
common name (cn) and optional list of alternative names (sans).
The cert_name is deprecated and not needed.
This can be called multiple times to request more than one server certificate, although the common names must be unique. If called again with the same common name, it will be ignored.
TlsRequires.add_request_server_cert(cn, sans)Deprecated. Use request_server_cert instead.
TlsRequires.request_server_certs()Deprecated. Just use request_server_cert; this does nothing.
TlsRequires.request_client_cert(cn, sans)Request a client certificate and key be generated for the given
common name (cn) and list of alternative names (sans).
This can be called multiple times to request more than one client certificate, although the common names must be unique. If called again with the same common name, it will be ignored.
TlsRequires.request_application_cert(cn, sans)Request an application certificate and key be generated for the given
common name (cn) and list of alternative names (sans ) of this
unit and all peer units. All units will share a single certificates.