How to use the hvac.api.vault_api_base.VaultApiBase function in hvac

To help you get started, we’ve selected a few hvac examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github hvac / hvac / hvac / api / secrets_engines / aws.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Aws methods module."""
import json

from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.aws import DEFAULT_MOUNT_POINT, ALLOWED_CREDS_ENDPOINTS, ALLOWED_CREDS_TYPES


class Aws(VaultApiBase):
    """AWS Secrets Engine (API).

    Reference: https://www.vaultproject.io/api/secret/aws/index.html
    """

    def configure_root_iam_credentials(self, access_key, secret_key, region=None, iam_endpoint=None, sts_endpoint=None,
                                       max_retries=-1, mount_point=DEFAULT_MOUNT_POINT):
        """Configure the root IAM credentials to communicate with AWS.

        There are multiple ways to pass root IAM credentials to the Vault server, specified below with the highest
        precedence first. If credentials already exist, this will overwrite them.

        The official AWS SDK is used for sourcing credentials from env vars, shared files, or IAM/ECS instances.

            * Static credentials provided to the API as a payload
            * Credentials in the AWS_ACCESS_KEY, AWS_SECRET_KEY, and AWS_REGION environment variables on the server
github hvac / hvac / hvac / api / secrets_engines / rabbitmq.py View on Github external
#!/usr/bin/env python
"""RabbitMQ vault secrets backend module."""

from hvac import utils
from hvac.api.vault_api_base import VaultApiBase

DEFAULT_MOUNT_POINT = 'rabbitmq'


class RabbitMQ(VaultApiBase):
    """RabbitMQ Secrets Engine (API).
       Reference: https://www.vaultproject.io/api/secret/rabbitmq/index.html
    """

    def configure(self, connection_uri="", username="", password="", verify_connection=True,
                  mount_point=DEFAULT_MOUNT_POINT):
        """Configure shared information for the rabbitmq secrets engine.

        Supported methods:
            POST: /{mount_point}/config/connection. Produces: 204 (empty body)

        :param connection_uri: Specifies the RabbitMQ connection URI.
        :type connection_uri: str | unicode
        :param username: Specifies the RabbitMQ management administrator username.
        :type username: str | unicode
        :password: Specifies the RabbitMQ management administrator password.
github hvac / hvac / hvac / api / auth_methods / userpass.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""USERPASS methods module."""
from hvac.api.vault_api_base import VaultApiBase

DEFAULT_MOUNT_POINT = 'userpass'


class Userpass(VaultApiBase):
    """USERPASS Auth Method (API).
    Reference: https://www.vaultproject.io/api/auth/userpass/index.html
    """

    def create_or_update_user(self, username, password, mount_point=DEFAULT_MOUNT_POINT):
        """
        Create/update user in userpass.

        Supported methods:
            POST: /auth/{mount_point}/users/{username}. Produces: 204 (empty body)

        :param username: The username for the user.
        :type username: str | unicode
        :param password: The password for the user. Only required when creating the user.
        :type password: str | unicode
        :param mount_point: The "path" the method/backend was mounted on.
github hvac / hvac / hvac / api / auth_methods / github.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Github methods module."""
from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase

DEFAULT_MOUNT_POINT = 'github'


class Github(VaultApiBase):
    """GitHub Auth Method (API).

    Reference: https://www.vaultproject.io/api/auth/github/index.html
    """

    def configure(self, organization, base_url='', ttl='', max_ttl='', mount_point=DEFAULT_MOUNT_POINT):
        """Configure the connection parameters for GitHub.

        This path honors the distinction between the create and update capabilities inside ACL policies.

        Supported methods:
            POST: /auth/{mount_point}/config. Produces: 204 (empty body)


        :param organization: The organization users must be part of.
        :type organization: str | unicode
github hvac / hvac / hvac / api / secrets_engines / identity.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Identity secret engine module."""
import logging

from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.identity import ALLOWED_GROUP_TYPES

DEFAULT_MOUNT_POINT = 'identity'

logger = logging.getLogger(__name__)


class Identity(VaultApiBase):
    """Identity Secrets Engine (API).

    Reference: https://www.vaultproject.io/api/secret/identity/entity.html
    """

    def create_or_update_entity(self, name, entity_id=None, metadata=None, policies=None, disabled=False,
                                mount_point=DEFAULT_MOUNT_POINT):
        """Create or update an Entity.

        Supported methods:
            POST: /{mount_point}/entity. Produces: 200 application/json

        :param entity_id: ID of the entity. If set, updates the corresponding existing entity.
        :type entity_id: str | unicode
        :param name: Name of the entity.
        :type name: str | unicode
github hvac / hvac / hvac / api / secrets_engines / consul.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Consul methods module."""
from hvac.api.vault_api_base import VaultApiBase

DEFAULT_MOUNT_POINT = "consul"


class Consul(VaultApiBase):
    """Copnsul Secrets Engine (API).

    Reference: https://www.vaultproject.io/api/secret/consul/index.html
    """

    def configure_access(self, address, token, scheme="http", mount_point=DEFAULT_MOUNT_POINT):
        """This endpoint configures the access information for Consul.
        This access information is used so that Vault can communicate with Consul and generate Consul tokens.

        :param address: Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500".
        :type address: str | unicode
        :param token: Specifies the Consul ACL token to use. This must be a management type token.
        :type token: str | unicode
        :param scheme:  Specifies the URL scheme to use.
        :type scheme: str | unicode
        :param mount_point: Specifies the place where the secrets engine will be accessible (default: consul).
github hvac / hvac / hvac / api / secrets_engines / kv.py View on Github external
"""Kv secret backend methods module."""

import logging

from hvac.api.secrets_engines import kv_v1, kv_v2
from hvac.api.vault_api_base import VaultApiBase

logger = logging.getLogger(__name__)


class Kv(VaultApiBase):
    """Class containing methods for the key/value secrets_engines backend API routes.
    Reference: https://www.vaultproject.io/docs/secrets/kv/index.html

    """
    allowed_kv_versions = ['1', '2']

    def __init__(self, adapter, default_kv_version='2'):
        """Create a new Kv instance.

        :param adapter: Instance of :py:class:`hvac.adapters.Adapter`; used for performing HTTP requests.
        :type adapter: hvac.adapters.Adapter
        :param default_kv_version: KV version number (e.g., '1') to use as the default when accessing attributes/methods
            under this class.
        :type default_kv_version: str | unicode
        """
        super(Kv, self).__init__(adapter=adapter)
github hvac / hvac / hvac / api / auth_methods / ldap.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""LDAP methods module."""
from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.ldap import DEFAULT_GROUP_FILTER

DEFAULT_MOUNT_POINT = 'ldap'


class Ldap(VaultApiBase):
    """LDAP Auth Method (API).

    Reference: https://www.vaultproject.io/api/auth/ldap/index.html
    """

    def configure(self, user_dn, group_dn, url='ldap://127.0.0.1', case_sensitive_names=False, starttls=False,
                  tls_min_version='tls12', tls_max_version='tls12', insecure_tls=False, certificate=None, bind_dn=None,
                  bind_pass=None, user_attr='cn', discover_dn=False, deny_null_bind=True, upn_domain=None,
                  group_filter=DEFAULT_GROUP_FILTER, group_attr='cn', mount_point=DEFAULT_MOUNT_POINT):
        """
        Configure the LDAP auth method.

        Supported methods:
            POST: /auth/{mount_point}/config. Produces: 204 (empty body)

        :param user_dn: Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
github hvac / hvac / hvac / api / auth_methods / azure.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Azure auth method module."""
import logging

from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.azure import VALID_ENVIRONMENTS

DEFAULT_MOUNT_POINT = 'azure'
logger = logging.getLogger(__name__)


class Azure(VaultApiBase):
    """Azure Auth Method (API).

    Reference: https://www.vaultproject.io/api/auth/azure/index.html
    """

    def configure(self, tenant_id, resource, environment='AzurePublicCloud', client_id=None, client_secret=None,
                  mount_point=DEFAULT_MOUNT_POINT):
        """Configure the credentials required for the plugin to perform API calls to Azure.

        These credentials will be used to query the metadata about the virtual machine.

        Supported methods:
            POST: /auth/{mount_point}/config. Produces: 204 (empty body)

        :param tenant_id: The tenant id for the Azure Active Directory organization.
        :type tenant_id: str | unicode
github hvac / hvac / hvac / api / secrets_engines / gcp.py View on Github external
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Gcp methods module."""
import json
import logging

from hvac import exceptions
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.gcp import ALLOWED_SECRETS_TYPES, SERVICE_ACCOUNT_KEY_ALGORITHMS, SERVICE_ACCOUNT_KEY_TYPES

DEFAULT_MOUNT_POINT = 'gcp'


class Gcp(VaultApiBase):
    """Google Cloud Secrets Engine (API).

    Reference: https://www.vaultproject.io/api/secret/gcp/index.html
    """

    def configure(self, credentials="", ttl=0, max_ttl=0, mount_point=DEFAULT_MOUNT_POINT):
        """Configure shared information for the Gcp secrets engine.

        Supported methods:
            POST: /{mount_point}/config. Produces: 204 (empty body)

        :param credentials: JSON credentials (either file contents or '@path/to/file') See docs for alternative ways to
            pass in to this parameter, as well as the required permissions.
        :type credentials: str | unicode
        :param ttl: – Specifies default config TTL for long-lived credentials (i.e. service account keys). Accepts
            integer number of seconds or Go duration format string.