lemur-ca-import 0.0.1__tar.gz

lemur_ca_import-0.0.1/LICENSE.md

@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2026 Philippe Desmarais
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

lemur_ca_import-0.0.1/PKG-INFO

@@ -0,0 +1,84 @@
+Metadata-Version: 2.4
+Name: lemur-ca-import
+Version: 0.0.1
+Summary: A plugin for Lemur that allows users to import existing CA certificates into the system.
+Author-email: Philippe Desmarais <philippe.desmarais4@gmail.com>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/desmaraisp/lemur-ca-import
+Project-URL: Issues, https://github.com/desmaraisp/lemur-ca-import/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.md
+Requires-Dist: lemur>=1.7.0
+Requires-Dist: flask>=2.3.0
+Provides-Extra: tests
+Requires-Dist: pytest; extra == "tests"
+Requires-Dist: setuptools; extra == "tests"
+Dynamic: license-file
+
+# lemur-ca-import
+
+A [Lemur](https://github.com/netflix/lemur) plugin that allows users to import existing CA certificates into the system, which can then be used to issue certificates without interacting with remote systems.
+
+## Installation
+
+Install from PyPI:
+
+```bash
+pip install lemur-ca-importer
+```
+
+Or from source in development mode:
+
+```bash
+pip install -e .
+```
+
+With test dependencies:
+
+```bash
+pip install -e '.[tests]'
+```
+
+## Testing
+
+Run the test suite:
+
+```bash
+python -m pytest
+```
+
+## Building
+
+Build distributions locally:
+
+```bash
+python -m build
+```
+
+This generates both sdist and wheel in `dist/`.
+
+To control the package version, set the `CA_IMPORTER_VERSION` environment variable:
+
+```bash
+CA_IMPORTER_VERSION=1.2.3 python -m build
+```
+
+## Publishing
+
+The package uses GitHub Actions for automated CI/CD:
+
+- **PR builds** (`.github/workflows/pr-build.yml`): Tests and builds on each PR targeting `main`. Artifacts are uploaded and linked in the PR.
+- **Release publishing** (`.github/workflows/release.yml`): Tests, builds, and publishes to PyPI on each GitHub release. Uses OIDC trusted publishing (no long-lived tokens).
+
+## Usage
+
+The `CAImporterPlugin` is registered as a Lemur issuer plugin via entry point `ca_importer`. Configure it in Lemur by providing:
+
+- **public_certificate**: External CA certificate in PEM format
+- **private_key**: External CA private key in PEM format
+
+The plugin creates an authority bound to the imported CA certificate and generates admin/operator roles.
+

lemur_ca_import-0.0.1/README.md

@@ -0,0 +1,64 @@
+# lemur-ca-import
+
+A [Lemur](https://github.com/netflix/lemur) plugin that allows users to import existing CA certificates into the system, which can then be used to issue certificates without interacting with remote systems.
+
+## Installation
+
+Install from PyPI:
+
+```bash
+pip install lemur-ca-importer
+```
+
+Or from source in development mode:
+
+```bash
+pip install -e .
+```
+
+With test dependencies:
+
+```bash
+pip install -e '.[tests]'
+```
+
+## Testing
+
+Run the test suite:
+
+```bash
+python -m pytest
+```
+
+## Building
+
+Build distributions locally:
+
+```bash
+python -m build
+```
+
+This generates both sdist and wheel in `dist/`.
+
+To control the package version, set the `CA_IMPORTER_VERSION` environment variable:
+
+```bash
+CA_IMPORTER_VERSION=1.2.3 python -m build
+```
+
+## Publishing
+
+The package uses GitHub Actions for automated CI/CD:
+
+- **PR builds** (`.github/workflows/pr-build.yml`): Tests and builds on each PR targeting `main`. Artifacts are uploaded and linked in the PR.
+- **Release publishing** (`.github/workflows/release.yml`): Tests, builds, and publishes to PyPI on each GitHub release. Uses OIDC trusted publishing (no long-lived tokens).
+
+## Usage
+
+The `CAImporterPlugin` is registered as a Lemur issuer plugin via entry point `ca_importer`. Configure it in Lemur by providing:
+
+- **public_certificate**: External CA certificate in PEM format
+- **private_key**: External CA private key in PEM format
+
+The plugin creates an authority bound to the imported CA certificate and generates admin/operator roles.
+

lemur_ca_import-0.0.1/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools >= 70", "build>=1.5.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "lemur-ca-import"
+dynamic = ["version"]
+authors = [
+  { name = "Philippe Desmarais", email = "philippe.desmarais4@gmail.com" },
+]
+dependencies = ["lemur>=1.7.0", "flask>=2.3.0"]
+description = "A plugin for Lemur that allows users to import existing CA certificates into the system."
+readme = "README.md"
+requires-python = ">=3.9"
+classifiers = [
+  "Programming Language :: Python :: 3",
+  "Operating System :: OS Independent",
+]
+license = "MIT"
+license-files = ["LICEN[CS]E*"]
+
+[project.urls]
+Homepage = "https://github.com/desmaraisp/lemur-ca-import"
+Issues = "https://github.com/desmaraisp/lemur-ca-import/issues"
+
+
+[project.entry-points."lemur.plugins"]
+ca_importer = "lemur_ca_importer.plugin:CAImporterPlugin"
+
+
+[project.optional-dependencies]
+tests = [
+    "pytest","setuptools"
+]
+
+[tool.pytest.ini_options]
+filterwarnings = [
+    "ignore::DeprecationWarning::",  # ignore deprecations from all modules
+    "default::DeprecationWarning:mymodule.*:",  # except from our own code
+]

lemur_ca_import-0.0.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

lemur_ca_import-0.0.1/setup.py

@@ -0,0 +1,8 @@
+import os
+from setuptools import setup
+
+package_version = os.environ.get("CA_IMPORTER_VERSION")
+
+setup(
+  version=package_version if package_version else "0.0.1"
+)

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/PKG-INFO

@@ -0,0 +1,84 @@
+Metadata-Version: 2.4
+Name: lemur-ca-import
+Version: 0.0.1
+Summary: A plugin for Lemur that allows users to import existing CA certificates into the system.
+Author-email: Philippe Desmarais <philippe.desmarais4@gmail.com>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/desmaraisp/lemur-ca-import
+Project-URL: Issues, https://github.com/desmaraisp/lemur-ca-import/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.md
+Requires-Dist: lemur>=1.7.0
+Requires-Dist: flask>=2.3.0
+Provides-Extra: tests
+Requires-Dist: pytest; extra == "tests"
+Requires-Dist: setuptools; extra == "tests"
+Dynamic: license-file
+
+# lemur-ca-import
+
+A [Lemur](https://github.com/netflix/lemur) plugin that allows users to import existing CA certificates into the system, which can then be used to issue certificates without interacting with remote systems.
+
+## Installation
+
+Install from PyPI:
+
+```bash
+pip install lemur-ca-importer
+```
+
+Or from source in development mode:
+
+```bash
+pip install -e .
+```
+
+With test dependencies:
+
+```bash
+pip install -e '.[tests]'
+```
+
+## Testing
+
+Run the test suite:
+
+```bash
+python -m pytest
+```
+
+## Building
+
+Build distributions locally:
+
+```bash
+python -m build
+```
+
+This generates both sdist and wheel in `dist/`.
+
+To control the package version, set the `CA_IMPORTER_VERSION` environment variable:
+
+```bash
+CA_IMPORTER_VERSION=1.2.3 python -m build
+```
+
+## Publishing
+
+The package uses GitHub Actions for automated CI/CD:
+
+- **PR builds** (`.github/workflows/pr-build.yml`): Tests and builds on each PR targeting `main`. Artifacts are uploaded and linked in the PR.
+- **Release publishing** (`.github/workflows/release.yml`): Tests, builds, and publishes to PyPI on each GitHub release. Uses OIDC trusted publishing (no long-lived tokens).
+
+## Usage
+
+The `CAImporterPlugin` is registered as a Lemur issuer plugin via entry point `ca_importer`. Configure it in Lemur by providing:
+
+- **public_certificate**: External CA certificate in PEM format
+- **private_key**: External CA private key in PEM format
+
+The plugin creates an authority bound to the imported CA certificate and generates admin/operator roles.
+

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+LICENSE.md
+README.md
+pyproject.toml
+setup.py
+src/lemur_ca_import.egg-info/PKG-INFO
+src/lemur_ca_import.egg-info/SOURCES.txt
+src/lemur_ca_import.egg-info/dependency_links.txt
+src/lemur_ca_import.egg-info/entry_points.txt
+src/lemur_ca_import.egg-info/requires.txt
+src/lemur_ca_import.egg-info/top_level.txt
+src/lemur_ca_importer/__init__.py
+src/lemur_ca_importer/plugin.py
+tests/test_ca_importer.py

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[lemur.plugins]
+ca_importer = lemur_ca_importer.plugin:CAImporterPlugin

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/requires.txt

@@ -0,0 +1,6 @@
+lemur>=1.7.0
+flask>=2.3.0
+
+[tests]
+pytest
+setuptools

lemur_ca_import-0.0.1/src/lemur_ca_import.egg-info/top_level.txt

@@ -0,0 +1 @@
+lemur_ca_importer

lemur_ca_import-0.0.1/src/lemur_ca_importer/__init__.py

@@ -0,0 +1,8 @@
+try:
+    VERSION = __import__('pkg_resources').get_distribution(__name__).version
+    AUTHOR = __import__('pkg_resources').get_distribution(__name__).get_metadata('PKG-INFO').split('Author: ')[1].splitlines()[0]
+    URL = __import__('pkg_resources').get_distribution(__name__).get_metadata('PKG-INFO').split('Home-page: ')[1].splitlines()[0]
+except Exception as e:
+    VERSION = 'unknown'
+    AUTHOR = ''
+    URL = ''

lemur_ca_import-0.0.1/src/lemur_ca_importer/plugin.py

@@ -0,0 +1,77 @@
+from typing import Tuple
+
+from flask import current_app
+
+from lemur.common.utils import check_validation
+from lemur.exceptions import InvalidConfiguration
+from lemur.plugins.lemur_cryptography import plugin as lemur_cryptography
+import lemur_ca_importer
+
+
+class CAImporterPlugin(lemur_cryptography.CryptographyIssuerPlugin):
+    title = "CA Importer"
+    slug = "ca-importer"
+    description = "Enables the import of existing CA certificates into Lemur."
+    version = lemur_ca_importer.VERSION
+
+    options = [
+        {
+            "name": "public_certificate",
+            "type": "textarea",
+            "default": "",
+            "required": True,
+            "validation": check_validation("^-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----$"),
+            "helpMessage": "External CA public certificate in PEM format. This is used to build the certificate chain and is required when creating an authority.",
+        },
+        {
+            "name": "private_key",
+            "type": "textarea",
+            "default": "",
+            "required": True,
+            "validation": check_validation("^-----BEGIN PRIVATE KEY-----.*-----END PRIVATE KEY-----$"),
+            "helpMessage": "External CA private key in PEM format. With this, Lemur can sign certificates using the imported CA. This is required when creating an authority.",
+        }
+    ]
+
+    author = lemur_ca_importer.AUTHOR
+    author_url = lemur_ca_importer.URL
+
+    @staticmethod
+    def create_authority(options) -> Tuple[str, str, None, list]:
+        """
+        The authority created here is bound to a single user-provided CA certificate.
+
+        :param options:
+        :return:
+        """
+        current_app.logger.debug(
+            f"Issuing new imported authority with options: {options}"
+        )
+
+        plugin_options = get_plugin_options(options)
+        cert_pem = get_option(plugin_options, "public_certificate")
+        private_key = get_option(plugin_options, "private_key")
+
+        roles = [
+            {"username": "", "password": "", "name": options["name"] + "_admin"},
+            {"username": "", "password": "", "name": options["name"] + "_operator"},
+        ]
+        return cert_pem, private_key, None, roles
+
+def get_plugin_options(options):
+    plugin_options = options.get("plugin", {}).get("plugin_options")
+    if not plugin_options:
+        error = f"Invalid options for ca importer plugin: {options}"
+        current_app.logger.error(error)
+        raise InvalidConfiguration(error)
+    return plugin_options
+
+def get_option(plugin_options, option_name) -> str:
+    for option in plugin_options:
+        if option.get("name") == option_name:
+            return option.get("value")
+
+    error = f"Invalid options for ca importer plugin: {option_name}"
+    current_app.logger.error(error)
+    raise InvalidConfiguration(error)
+

lemur_ca_import-0.0.1/tests/test_ca_importer.py

@@ -0,0 +1,54 @@
+import pytest
+from flask import Flask
+from lemur_ca_importer import plugin
+
+def test_create_authority_returns_expected_roles():
+    app = Flask('test')
+    with app.app_context():
+        options = {
+            "name": "test",
+            "plugin": {
+                "plugin_options": [
+                    {"name": "public_certificate", "value": "-----BEGIN CERTIFICATE-----FAKE"},
+                    {"name": "private_key", "value": "FAKE"}
+                ]
+            }
+        }
+        pub, key, chain, roles = plugin.CAImporterPlugin().create_authority(options)
+
+        assert pub is not None
+        assert pub.startswith("-----BEGIN CERTIFICATE-----")
+        assert chain is None
+        assert key is not None
+        assert key is "FAKE"
+        assert roles[0]["name"] == "test_admin"
+        assert roles[1]["name"] == "test_operator"
+
+def test_get_plugin_options_valid():
+    options = {"plugin": {"plugin_options": [1, 2, 3]}}
+    result = plugin.get_plugin_options(options)
+    assert result == [1, 2, 3]
+
+def test_get_plugin_options_invalid():
+    options = {"plugin": {}}
+    app = Flask('test')
+    with app.app_context():
+        with pytest.raises(plugin.InvalidConfiguration):
+            plugin.get_plugin_options(options)
+
+def test_get_option_pub_cert():
+    opts = [
+        {"name": "public_certificate", "value": "CERTDATA"},
+        {"name": "other", "value": "X"}
+    ]
+    result = plugin.get_option(opts, "public_certificate")
+    assert result == "CERTDATA"
+
+
+def test_get_option_pub_cert_throws():
+    opts = []
+    app = Flask('test')
+
+    with app.app_context():
+        with pytest.raises(plugin.InvalidConfiguration):
+            plugin.get_option(opts, "public_certificate")