GCPยถ
Configureยถ
-
Gcp.
configure
(credentials=None, ttl=None, max_ttl=None, mount_point='gcp')[source] Configure shared information for the Gcp secrets engine.
- Supported methods:
POST: /{mount_point}/config. Produces: 204 (empty body)
- Parameters
credentials (str | unicode) โ JSON credentials (either file contents or โ@path/to/fileโ) See docs for alternative ways to pass in to this parameter, as well as the required permissions.
ttl (int | str) โ โ Specifies default config TTL for long-lived credentials (i.e. service account keys). Accepts integer number of seconds or Go duration format string.
max_ttl (int | str) โ Specifies the maximum config TTL for long-lived credentials (i.e. service account keys). Accepts integer number of seconds or Go duration format string.**
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The response of the request.
- Return type
requests.Response
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
credentials = test_utils.load_config_file('example.jwt.json')
configure_response = client.secrets.gcp.configure(
credentials=credentials,
max_ttl=3600,
)
print(configure_response)
Example output:
<Response [204]>
Read Configยถ
-
Gcp.
read_config
(mount_point='gcp')[source] Read the configured shared information for the Gcp secrets engine.
Credentials will be omitted from returned data.
- Supported methods:
GET: /{mount_point}/config. Produces: 200 application/json
- Parameters
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The JSON response of the request.
- Return type
dict
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
read_config_response = client.secrets.gcp.read_config()
print('Max TTL for GCP secrets engine set to: {max_ttl}'.format(max_ttl=read_config_response['data']['max_ttl']))
Example output:
Max TTL for GCP secrets engine set to: 3600
Create Or Update Rolesetยถ
-
Gcp.
create_or_update_roleset
(name, project, bindings, secret_type=None, token_scopes=None, mount_point='gcp')[source] Create a roleset or update an existing roleset.
- See roleset docs for the GCP secrets backend to learn more about what happens when you create or update a
roleset.
- Supported methods:
POST: /{mount_point}/roleset/{name}. Produces: 204 (empty body)
- Parameters
name (str | unicode) โ Name of the role. Cannot be updated.
project (str | unicode) โ Name of the GCP project that this rolesetโs service account will belong to. Cannot be updated.
bindings (str | unicode) โ Bindings configuration string (expects HCL or JSON format in raw or base64-encoded string)
secret_type (str | unicode) โ Cannot be updated.
token_scopes (list[str]) โ List of OAuth scopes to assign to access_token secrets generated under this role set (access_token role sets only)
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The response of the request.
- Return type
requests.Response
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
bindings = """
resource "//cloudresourcemanager.googleapis.com/project/some-gcp-project-id" {
roles = [
"roles/viewer"
],
}
"""
token_scopes = [
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/bigquery',
]
roleset_response = client.secrets.gcp.create_or_update_roleset(
name='hvac-doctest',
project='some-gcp-project-id',
bindings=bindings,
token_scopes=token_scopes,
)
Rotate Roleset Accountยถ
-
Gcp.
rotate_roleset_account
(name, mount_point='gcp')[source] Rotate the service account this roleset uses to generate secrets.
- This also replaces the key access_token roleset. This can be used to invalidate old secrets generated by the
roleset or fix issues if a rolesetโs service account (and/or keys) was changed outside of Vault (i.e. through GCP APIs/cloud console).
- Supported methods:
POST: /{mount_point}/roleset/{name}/rotate. Produces: 204 (empty body)
- Parameters
name (str | unicode) โ Name of the role.
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The response of the request.
- Return type
requests.Response
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
rotate_response = client.secrets.gcp.rotate_roleset_account(name='hvac-doctest')
Rotate Roleset Account Keyยถ
-
Gcp.
rotate_roleset_account_key
(name, mount_point='gcp')[source] Rotate the service account key this roleset uses to generate access tokens.
This does not recreate the roleset service account.
- Supported methods:
POST: /{mount_point}/roleset/{name}/rotate-key. Produces: 204 (empty body)
- Parameters
name (str | unicode) โ Name of the role.
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The response of the request.
- Return type
requests.Response
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
rotate_response = client.secrets.gcp.rotate_roleset_account_key(name='hvac-doctest')
Read Rolesetยถ
-
Gcp.
read_roleset
(name, mount_point='gcp')[source] Read a roleset.
- Supported methods:
GET: /{mount_point}/roleset/{name}. Produces: 200 application/json
- Parameters
name (str | unicode) โ Name of the role.
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The JSON response of the request.
- Return type
dict
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
read_response = client.secrets.gcp.read_roleset(name='hvac-doctest')
List Rolesetsยถ
-
Gcp.
list_rolesets
(mount_point='gcp')[source] List configured rolesets.
- Supported methods:
LIST: /{mount_point}/rolesets. Produces: 200 application/json
- Parameters
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The JSON response of the request.
- Return type
dict
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
list_response = client.secrets.gcp.list_rolesets()
Delete Rolesetยถ
-
Gcp.
delete_roleset
(name, mount_point='gcp')[source] Delete an existing roleset by the given name.
- Supported methods:
DELETE: /{mount_point}/roleset/{name} Produces: 200 application/json
- Parameters
name (str | unicode) โ Name of the role.
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The response of the request.
- Return type
requests.Response
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
delete_response = client.secrets.gcp.delete_roleset(name='hvac-doctest')
Generate Oauth2 Access Tokenยถ
-
Gcp.
generate_oauth2_access_token
(roleset, mount_point='gcp')[source] Generate an OAuth2 token with the scopes defined on the roleset.
This OAuth access token can be used in GCP API calls, e.g. curl -H โAuthorization: Bearer $TOKENโ โฆ
- Supported methods:
GET: /{mount_point}/token/{roleset}. Produces: 200 application/json
- Parameters
roleset (str | unicode) โ Name of an roleset with secret type access_token to generate access_token under.
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The JSON response of the request.
- Return type
dict
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
token_response = client.secrets.gcp.generate_oauth2_access_token(roleset='hvac-doctest')
Generate Service Account Keyยถ
-
Gcp.
generate_service_account_key
(roleset, key_algorithm='KEY_ALG_RSA_2048', key_type='TYPE_GOOGLE_CREDENTIALS_FILE', method='POST', mount_point='gcp')[source] Generate Secret (IAM Service Account Creds): Service Account Key
- If using GET (โreadโ), the optional parameters will be set to their defaults. Use POST if you want to specify
different values for these params.
- Parameters
roleset (str | unicode) โ Name of an roleset with secret type service_account_key to generate key under.
key_algorithm (str | unicode) โ Key algorithm used to generate key. Defaults to 2k RSA key You probably should not choose other values (i.e. 1k),
key_type (str | unicode) โ Private key type to generate. Defaults to JSON credentials file.
method (str | unicode) โ Supported methods: POST: /{mount_point}/key/{roleset}. Produces: 200 application/json GET: /{mount_point}/key/{roleset}. Produces: 200 application/json
mount_point (str | unicode) โ The โpathโ the method/backend was mounted on.
- Returns
The JSON response of the request.
- Return type
dict
Examplesยถ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
key_response = client.secrets.gcp.generate_service_account_key(roleset='hvac-doctest')