How to use the hvac.exceptions.ParamValidationError function in hvac
To help you get started, we’ve selected a few hvac examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
hvac / hvac / hvac / api / secrets_engines / gcp.py View on Github 
:type project: str | unicode
:param bindings: Bindings configuration string (expects HCL or JSON format in raw or base64-encoded string)
:type bindings: str | unicode
:param secret_type: Cannot be updated.
:type secret_type: str | unicode
:param token_scopes: List of OAuth scopes to assign to access_token secrets generated under this role set
(access_token role sets only)
:type token_scopes: list[str]
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
if secret_type not in ALLOWED_SECRETS_TYPES:
error_msg = 'unsupported secret_type argument provided "{arg}", supported types: "{secret_type}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=secret_type,
secret_type=','.join(ALLOWED_SECRETS_TYPES),
))
if isinstance(bindings, dict):
bindings = json.dumps(bindings).replace(' ', '')
logging.debug('bindings: %s' % bindings)
params = {
'project': project,
'bindings': bindings,
'secret_type': secret_type,
'token_scopes': token_scopes,
}
api_path = '/v1/{mount_point}/roleset/{name}'.format(
mount_point=mount_point,available with ed25519 keys.
:type context: str | unicode
:param prehashed: Set to true when the input is already hashed. If the key type is rsa-2048 or rsa-4096, then
the algorithm used to hash the input should be indicated by the hash_algorithm parameter.
:type prehashed: bool
:param signature_algorithm: When using a RSA key, specifies the RSA signature algorithm to use for signature
verification. Supported signature types are: pss, pkcs1v15
:type signature_algorithm: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: requests.Response
"""
if (signature is None and hmac is None) or (signature is not None and hmac is not None):
error_msg = 'either "signature" or "hmac" argument (but not both) must be provided to verify signature'
raise exceptions.ParamValidationError(error_msg)
if hash_algorithm not in transit_constants.ALLOWED_HASH_DATA_ALGORITHMS:
error_msg = 'invalid hash_algorithm argument provided "{arg}", supported types: "{allowed_types}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=hash_algorithm,
allowed_types=', '.join(transit_constants.ALLOWED_HASH_DATA_ALGORITHMS),
))
if signature_algorithm not in transit_constants.ALLOWED_SIGNATURE_ALGORITHMS:
error_msg = 'invalid signature_algorithm argument provided "{arg}", supported types: "{allowed_types}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=signature_algorithm,
allowed_types=', '.join(transit_constants.ALLOWED_SIGNATURE_ALGORITHMS),
))
params = {
'name': name,
'input': hash_input,
'hash_algorithm': hash_algorithm,:param team_name: GitHub team name in "slugified" format
:type team_name: str | unicode
:param policies: Comma separated list of policies to assign
:type policies: List[str]
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the map_github_teams request.
:rtype: requests.Response
"""
# First, perform parameter validation.
if policies is None:
policies = []
if not isinstance(policies, list) or not all([isinstance(p, str) for p in policies]):
error_msg = 'unsupported policies argument provided "{arg}" ({arg_type}), required type: List[str]"'
raise exceptions.ParamValidationError(error_msg.format(
arg=policies,
arg_type=type(policies),
))
# Then, perform request.
params = {
'value': ','.join(policies),
}
api_path = '/v1/auth/{mount_point}/map/teams/{team_name}'.format(
mount_point=mount_point,
team_name=team_name,
)
return self._adapter.post(
url=api_path,
json=params,
):param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:param mfa_type: Enables MFA with given backend (available: duo)
:type mfa_type: str | unicode
:param force: If True, make the "mfa_config" request regardless of circumstance. If False (the default), verify
the provided mount_point is available and one of the types of methods supported by this feature.
:type force: bool
:return: The response of the configure MFA request.
:rtype: requests.Response
"""
if mfa_type != 'duo' and not force:
# The situation described via this exception is not likely to change in the future.
# However we provided that flexibility here just in case.
error_msg = 'Unsupported mfa_type argument provided "{arg}", supported types: "{mfa_types}"'
raise exceptions.ParamValidationError(error_msg.format(
mfa_types=','.join(SUPPORTED_MFA_TYPES),
arg=mfa_type,
))
params = {
'type': mfa_type,
}
api_path = '/v1/auth/{mount_point}/mfa_config'.format(
mount_point=mount_point
)
return self._adapter.post(
url=api_path,
json=params,
):param key_type: Specifies the type of key to create. The currently-supported types are:
* **aes256-gcm96**: AES-256 wrapped with GCM using a 96-bit nonce size AEAD
* **chacha20-poly1305**: ChaCha20-Poly1305 AEAD (symmetric, supports derivation and convergent encryption)
* **ed25519**: ED25519 (asymmetric, supports derivation).
* **ecdsa-p256**: ECDSA using the P-256 elliptic curve (asymmetric)
* **rsa-2048**: RSA with bit size of 2048 (asymmetric)
* **rsa-4096**: RSA with bit size of 4096 (asymmetric)
:type key_type: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
if convergent_encryption and not derived:
raise exceptions.ParamValidationError('derived must be set to True when convergent_encryption is True')
if key_type not in transit_constants.ALLOWED_KEY_TYPES:
error_msg = 'invalid key_type argument provided "{arg}", supported types: "{allowed_types}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=key_type,
allowed_types=', '.join(transit_constants.ALLOWED_KEY_TYPES),
))
params = {
'convergent_encryption': convergent_encryption,
'derived': derived,
'exportable': exportable,
'allow_plaintext_backup': allow_plaintext_backup,
'type': key_type,
}
api_path = '/v1/{mount_point}/keys/{name}'.format(
mount_point=mount_point,
name=name,:rtype: bool
"""
def _check_pem(arg):
arg = arg.strip()
if not arg.startswith('-----BEGIN CERTIFICATE-----') \
or not arg.endswith('-----END CERTIFICATE-----'):
return False
return True
if isinstance(param_argument, str):
param_argument = [param_argument]
if not isinstance(param_argument, list) or not all(_check_pem(p) for p in param_argument):
error_msg = 'unsupported {param} public key / certificate format, required type: PEM'
raise exceptions.ParamValidationError(error_msg.format(param=param_name))
:type max_versions: int
:param cas_required: If true the key will require the cas parameter to be set on all write requests. If false,
the backend's configuration will be used.
:type cas_required: bool
:param mount_point: The "path" the secret engine was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {}
if max_versions is not None:
params['max_versions'] = max_versions
if cas_required is not None:
if not isinstance(cas_required, bool):
error_msg = 'bool expected for cas_required param, {type} received'.format(type=type(cas_required))
raise exceptions.ParamValidationError(error_msg)
params['cas_required'] = cas_required
api_path = '/v1/{mount_point}/metadata/{path}'.format(mount_point=mount_point, path=path)
return self._adapter.post(
url=api_path,
json=params,
)* **chacha20-poly1305**: ChaCha20-Poly1305 AEAD (symmetric, supports derivation and convergent encryption)
* **ed25519**: ED25519 (asymmetric, supports derivation).
* **ecdsa-p256**: ECDSA using the P-256 elliptic curve (asymmetric)
* **rsa-2048**: RSA with bit size of 2048 (asymmetric)
* **rsa-4096**: RSA with bit size of 4096 (asymmetric)
:type key_type: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
if convergent_encryption and not derived:
raise exceptions.ParamValidationError('derived must be set to True when convergent_encryption is True')
if key_type not in transit_constants.ALLOWED_KEY_TYPES:
error_msg = 'invalid key_type argument provided "{arg}", supported types: "{allowed_types}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=key_type,
allowed_types=', '.join(transit_constants.ALLOWED_KEY_TYPES),
))
params = {
'convergent_encryption': convergent_encryption,
'derived': derived,
'exportable': exportable,
'allow_plaintext_backup': allow_plaintext_backup,
'type': key_type,
}
api_path = '/v1/{mount_point}/keys/{name}'.format(
mount_point=mount_point,
name=name,
)
return self._adapter.post(
url=api_path,:type min_encryption_version: int
:param deletion_allowed: Specifies if the key is allowed to be deleted.
:type deletion_allowed: bool
:param exportable: Enables keys to be exportable. This allows for all the valid keys in the key ring to be
exported. Once set, this cannot be disabled.
:type exportable: bool
:param allow_plaintext_backup: If set, enables taking backup of named key in the plaintext format. Once set,
this cannot be disabled.
:type allow_plaintext_backup: bool
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
if min_encryption_version != 0 and min_encryption_version <= min_decryption_version:
raise exceptions.ParamValidationError('min_encryption_version must be 0 or > min_decryption_version')
params = {
'min_decryption_version': min_decryption_version,
'min_encryption_version': min_encryption_version,
'deletion_allowed': deletion_allowed,
'exportable': exportable,
'allow_plaintext_backup': allow_plaintext_backup,
}
api_path = '/v1/{mount_point}/keys/{name}/config'.format(
mount_point=mount_point,
name=name,
)
return self._adapter.post(
url=api_path,
json=params,
):type role_arns: list | str | unicode
:param policy_arns: Specifies the ARNs of the AWS managed policies to be attached to IAM users when they are
requested. Valid only when credential_type is iam_user. When credential_type is iam_user, at least one of
policy_arns or policy_document must be specified. This is a comma-separated string or JSON array.
:type policy_arns: list
:param legacy_params: Flag to send legacy (Vault versions < 0.11.0) parameters in the request. When this is set
to True, policy_document and policy_arns are the only parameters used from this method.
:type legacy_params: bool
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
if credential_type not in ALLOWED_CREDS_TYPES:
error_msg = 'invalid credential_type argument provided "{arg}", supported types: "{allowed_types}"'
raise exceptions.ParamValidationError(error_msg.format(
arg=credential_type,
allowed_types=', '.join(ALLOWED_CREDS_TYPES),
))
if isinstance(policy_document, dict):
policy_document = json.dumps(policy_document, indent=4, sort_keys=True)
if legacy_params:
# Support for Vault <0.11.0
params = {
'policy': policy_document,
'arn': policy_arns[0] if isinstance(policy_arns, list) else policy_arns,
}
else:
params = {
'credential_type': credential_type,
'policy_document': policy_document,
Popular hvac functions
- hvac.adapters.Request
- hvac.api.auth_methods.Aws
- hvac.api.auth_methods.Ldap
- hvac.api.secrets_engines.Transit
- hvac.api.system_backend.system_backend_mixin.SystemBackendMixin
- hvac.api.SystemBackend
- hvac.api.vault_api_base.VaultApiBase
- hvac.Client
- hvac.exceptions
- hvac.exceptions.Forbidden
- hvac.exceptions.InternalServerError
- hvac.exceptions.InvalidPath
- hvac.exceptions.InvalidRequest
- hvac.exceptions.ParamValidationError
- hvac.exceptions.UnexpectedError
- hvac.exceptions.VaultDown
- hvac.exceptions.VaultError
- hvac.utils
- hvac.utils.deprecated_method
- hvac.utils.format_url