Recommended Juju configuration options for TLS requirers

Recommended Configuration Options

For charms that expose public HTTPS endpoints, certificate attributes should be decided at deployment time by users. Therefore, we recommend to have the following Juju configuration options:

  • common_name
  • sans_dns
  • organization
  • organizational_unit
  • email_address
  • country_name
  • state_or_province_name
  • locality_name

The charm should use those values when instantiating the and create the appropriate CertificateRequest object from those.


class TLSRequirerExample(ops.CharmBase):

    def __init__(self, framework: ops.Framework):
        super().__init__(framework)
        self.certificates = TLSCertificatesRequiresV4(
            charm=self,
            relationship_name="certificates",
            certificate_requests=[self._get_certificate_request()],
            mode=Mode.UNIT,
        )

    def _get_certificate_request(self) -> CertificateRequest:
        return CertificateRequest(
            common_name=self._get_config_common_name(),
            sans_dns=self._get_sans_dns(),
            organization=self._get_config_organization(),
            organizational_unit=self._get_config_organizational_unit(),
            email_address=self._get_config_email_address(),
            country_name=self._get_config_country_name(),
            state_or_province_name=self._get_config_state_or_province_name(),
            locality_name=self._get_config_locality_name(),
        )

    def _get_config_common_name(self) -> str:
        return self.model.config["common-name"]

    def _get_sans_dns(self) -> Optional[list[str]]:
        return self.model.config.get("sans-dns")

    def _get_config_organization(self) -> str:
        return self.model.config["organization"]

    def _get_config_organizational_unit(self) -> str:
        return self.model.config["organizational-unit"]

    def _get_config_email_address(self) -> str:
        return self.model.config["email-address"]

    def _get_config_country_name(self) -> str:
        return self.model.config["country-name"]

    def _get_config_state_or_province_name(self) -> str:
        return self.model.config["state-or-province-name"]

    def _get_config_locality_name(self) -> str:
        return self.model.config["locality-name"]
1 Like