OktaΒΆ
Note
Every method under the Client class's okta attribute
includes a mount_point parameter that can be used to address the Okta auth method under a custom mount path. E.g., If enabling the Okta auth method using Vaultβs CLI commands via vault secret enable -path=my-okta oktaβ, the mount_point parameter in Source reference: hvac.api.auth_methods.Okta()
methods would be set to βmy-oktaβ.
Enabling the Auth MethodΒΆ
Source reference: hvac.v1.Client.enable_secret_backend()
import hvac
client = hvac.Client()
okta_path = 'company-okta'
description = 'Auth method for use by team members in our company's Okta organization'
if '%s/' % okta_path not in vault_client.sys.list_auth_methods():
print('Enabling the okta secret backend at mount_point: {path}'.format(
path=okta_secret_path,
))
client.enable_secret_backend(
backend_type='okta',
description=description,
mount_point=okta_secret_path,
)
ConfigureΒΆ
Source reference: hvac.api.auth_methods.Okta.configure()
import hvac
client = hvac.Client()
client.auth.okta.configure(
org_name='hvac-project'
)
Read ConfigΒΆ
Source reference: hvac.api.auth_methods.Okta.read_config()
import hvac
client = hvac.Client()
okta_config = client.auth.okta.read_config()
print('The Okta auth method at path /okta has a configured organization name of: {name}'.format(
name=okta_config['data']['org_name'],
))
List UsersΒΆ
Source reference: hvac.api.auth_methods.Okta.list_users()
import hvac
client = hvac.Client()
users = client.auth.okta.list_users()
print('The following Okta users are registered: {users}'.format(
users=','.join(users['data']['keys']),
))
Register UserΒΆ
Source reference: hvac.api.auth_methods.Okta.register_user()
import hvac
client = hvac.Client()
client.auth.okta.register_user(
username='hvac-person',
policies=['hvac-admin'],
)
Read UserΒΆ
Source reference: hvac.api.auth_methods.Okta.read_user()
import hvac
client = hvac.Client()
read_user = client.auth.okta.read_user(
username='hvac-person',
)
print('Okta user "{name}" has the following attached policies: {policies}'.format(
name='hvac-person',
policies=', '.join(read_user['data']['policies'],
))
Delete UserΒΆ
Source reference: hvac.api.auth_methods.Okta.delete_user()
import hvac
client = hvac.Client()
client.auth.okta.delete_user(
username='hvac-person'
)
List GroupsΒΆ
Source reference: hvac.api.auth_methods.Okta.list_groups()
import hvac
client = hvac.Client()
groups = client.auth.okta.list_groups()
print('The following Okta groups are registered: {groups}'.format(
groups=','.join(groups['data']['keys']),
))
Register GroupΒΆ
Source reference: hvac.api.auth_methods.Okta.register_group()
import hvac
client = hvac.Client()
client.auth.okta.register_group(
name='hvac-group',
policies=['hvac-group-members'],
)
Read GroupΒΆ
Source reference: hvac.api.auth_methods.Okta.read_group()
import hvac
client = hvac.Client()
read_group = client.auth.okta.read_group(
name='hvac-group',
)
print('Okta group "{name}" has the following attached policies: {policies}'.format(
name='hvac-group',
policies=', '.join(read_group['data']['policies'],
))
Delete GroupΒΆ
Source reference: hvac.api.auth_methods.Okta.delete_group()
import hvac
client = hvac.Client()
client.auth.okta.delete_group(
name='hvac-group',
)
LoginΒΆ
Source reference: hvac.api.auth_methods.Okta.login()
from getpass import getpass
import hvac
client = hvac.Client()
password_prompt = 'Please enter your password for the Okta authentication backend: '
okta_password = getpass(prompt=password_prompt)
client.auth.okta.login(
username='hvac-person',
password=okta_password,
)