How to use the hvac.api.auth_methods.Aws function in hvac

To help you get started, we’ve selected a few hvac examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.read_role,
    )
    def get_ec2_role(self, role, mount_point='aws-ec2'):
        """GET /auth//role/

        :param role:
        :type role:
        :param mount_point:
        :type mount_point:
        :return:
        :rtype:
        """
        return self._adapter.get('/v1/auth/{0}/role/{1}'.format(mount_point, role)).json()
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.create_role_tags,
    )
    def create_ec2_role_tag(self, role, policies=None, max_ttl=None, instance_id=None,
                            disallow_reauthentication=False, allow_instance_migration=False, mount_point='aws-ec2'):
        """POST /auth//role//tag

        :param role:
        :type role:
        :param policies:
        :type policies:
        :param max_ttl:
        :type max_ttl:
        :param instance_id:
        :type instance_id:
        :param disallow_reauthentication:
        :type disallow_reauthentication:
        :param allow_instance_migration:
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.list_certificate_configurations,
    )
    def list_vault_ec2_certificate_configurations(self, mount_point='aws-ec2'):
        """GET /auth//config/certificates?list=true

        :param mount_point:
        :type mount_point:
        :return:
        :rtype:
        """
        params = {'list': True}
        return self._adapter.get('/v1/auth/{0}/config/certificates'.format(mount_point), params=params).json()
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.configure,
    )
    def create_vault_ec2_client_configuration(self, access_key, secret_key, endpoint=None, mount_point='aws-ec2'):
        """POST /auth//config/client

        Configure the credentials required to perform API calls to AWS as well as custom endpoints to talk to AWS APIs.
        The instance identity document fetched from the PKCS#7 signature will provide the EC2 instance ID. The
        credentials configured using this endpoint will be used to query the status of the instances via
        DescribeInstances API. If static credentials are not provided using this endpoint, then the credentials will be
        retrieved from the environment variables AWS_ACCESS_KEY, AWS_SECRET_KEY and AWS_REGION respectively. If the
        credentials are still not found and if the method is configured on an EC2 instance with metadata querying
        capabilities, the credentials are fetched automatically

        :param access_key: AWS Access key with permissions to query AWS APIs. The permissions required depend on the
            specific configurations. If using the iam auth method without inferencing, then no credentials are
            necessary. If using the ec2 auth method or using the iam auth method with inferencing, then these
            credentials need access to ec2:DescribeInstances. If additionally a bound_iam_role is specified, then these
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.delete_config,
    )
    def delete_vault_ec2_client_configuration(self, mount_point='aws-ec2'):
        """DELETE /auth//config/client

        :param mount_point:
        :type mount_point:
        :return:
        :rtype:
        """
        return self._adapter.delete('/v1/auth/{0}/config/client'.format(mount_point))
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.read_config,
    )
    def get_vault_ec2_client_configuration(self, mount_point='aws-ec2'):
        """GET /auth//config/client

        :param mount_point:
        :type mount_point:
        :return:
        :rtype:
        """
        return self._adapter.get('/v1/auth/{0}/config/client'.format(mount_point)).json()
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.iam_login,
    )
    def auth_aws_iam(self, access_key, secret_key, session_token=None, header_value=None, mount_point='aws', role='', use_token=True, region='us-east-1'):
        """POST /auth//login

        :param access_key: AWS IAM access key ID
        :type access_key: str
        :param secret_key: AWS IAM secret access key
        :type secret_key: str
        :param session_token: Optional AWS IAM session token retrieved via a GetSessionToken AWS API request.
            see: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
        :type session_token: str
        :param header_value: Vault allows you to require an additional header, X-Vault-AWS-IAM-Server-ID, to be present
            to mitigate against different types of replay attacks. Depending on the configuration of the AWS auth
            backend, providing a argument to this optional parameter may be required.
        :type header_value: str
        :param mount_point: The "path" the AWS auth backend was mounted on. Vault currently defaults to "aws". "aws-ec2"
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.create_role,
    )
    def create_ec2_role(self, role, bound_ami_id=None, bound_account_id=None, bound_iam_role_arn=None,
                        bound_iam_instance_profile_arn=None, bound_ec2_instance_id=None, bound_region=None,
                        bound_vpc_id=None, bound_subnet_id=None, role_tag=None,  ttl=None, max_ttl=None, period=None,
                        policies=None, allow_instance_migration=False, disallow_reauthentication=False,
                        resolve_aws_unique_ids=None, mount_point='aws-ec2'):
        """POST /auth//role/

        :param role:
        :type role:
        :param bound_ami_id:
        :type bound_ami_id:
        :param bound_account_id:
        :type bound_account_id:
        :param bound_iam_role_arn:
        :type bound_iam_role_arn:
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.ec2_login,
    )
    def auth_ec2(self, pkcs7, nonce=None, role=None, use_token=True, mount_point='aws-ec2'):
        """POST /auth//login

        :param pkcs7: PKCS#7 version of an AWS Instance Identity Document from the EC2 Metadata Service.
        :type pkcs7: str.
        :param nonce: Optional nonce returned as part of the original authentication request. Not required if the backend
            has "allow_instance_migration" or "disallow_reauthentication" options turned on.
        :type nonce: str.
        :param role: Identifier for the AWS auth backend role being requested.
        :type role: str.
        :param use_token: If True, uses the token in the response received from the auth request to set the "token"
            attribute on the current Client class instance.
        :type use_token: bool.
        :param mount_point: The "path" the AWS auth backend was mounted on. Vault currently defaults to "aws". "aws-ec2"
            is the default argument for backwards comparability within this module.
github hvac / hvac / hvac / v1 / __init__.py View on Github external
        new_method=api.auth_methods.Aws.list_roles,
    )
    def list_ec2_roles(self, mount_point='aws-ec2'):
        """GET /auth//roles?list=true

        :param mount_point:
        :type mount_point:
        :return:
        :rtype:
        """
        try:
            return self._adapter.get('/v1/auth/{0}/roles'.format(mount_point), params={'list': True}).json()
        except exceptions.InvalidPath:
            return None