#!/usr/bin/env python
"""Okta methods module."""
from hvac import utils
from hvac.api.vault_api_base import VaultApiBase
DEFAULT_MOUNT_POINT = "okta"
[docs]class Okta(VaultApiBase):
"""Okta Auth Method (API).
Reference: https://www.vaultproject.io/api/auth/okta/index.html
"""
[docs] def read_config(self, mount_point=DEFAULT_MOUNT_POINT):
"""Read the Okta configuration.
Supported methods:
GET: /auth/{mount_point}/config. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url(
"/v1/auth/{mount_point}/config", mount_point=mount_point
)
return self._adapter.get(
url=api_path,
)
[docs] def list_users(self, mount_point=DEFAULT_MOUNT_POINT):
"""List the users configured in the Okta method.
Supported methods:
LIST: /auth/{mount_point}/users. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url(
"/v1/auth/{mount_point}/users", mount_point=mount_point
)
return self._adapter.list(
url=api_path,
)
[docs] def register_user(
self, username, groups=None, policies=None, mount_point=DEFAULT_MOUNT_POINT
):
"""Register a new user and maps a set of policies to it.
Supported methods:
POST: /auth/{mount_point}/users/{username}. Produces: 204 (empty body)
:param username: Name of the user.
:type username: str | unicode
:param groups: List or comma-separated string of groups associated with the user.
:type groups: list
:param policies: List or comma-separated string of policies associated with the user.
:type policies: list
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
"username": username,
}
params.update(
utils.remove_nones(
{
"groups": groups,
"policies": policies,
}
)
)
api_path = utils.format_url(
"/v1/auth/{mount_point}/users/{username}",
mount_point=mount_point,
username=username,
)
return self._adapter.post(
url=api_path,
json=params,
)
[docs] def read_user(self, username, mount_point=DEFAULT_MOUNT_POINT):
"""Read the properties of an existing username.
Supported methods:
GET: /auth/{mount_point}/users/{username}. Produces: 200 application/json
:param username: Username for this user.
:type username: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
params = {
"username": username,
}
api_path = utils.format_url(
"/v1/auth/{mount_point}/users/{username}",
mount_point=mount_point,
username=username,
)
return self._adapter.get(
url=api_path,
json=params,
)
[docs] def delete_user(self, username, mount_point=DEFAULT_MOUNT_POINT):
"""Delete an existing username from the method.
Supported methods:
DELETE: /auth/{mount_point}/users/{username}. Produces: 204 (empty body)
:param username: Username for this user.
:type username: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
"username": username,
}
api_path = utils.format_url(
"/v1/auth/{mount_point}/users/{username}",
mount_point=mount_point,
username=username,
)
return self._adapter.delete(
url=api_path,
json=params,
)
[docs] def list_groups(self, mount_point=DEFAULT_MOUNT_POINT):
"""List the groups configured in the Okta method.
Supported methods:
LIST: /auth/{mount_point}/groups. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url(
"/v1/auth/{mount_point}/groups", mount_point=mount_point
)
return self._adapter.list(
url=api_path,
)
[docs] def register_group(self, name, policies=None, mount_point=DEFAULT_MOUNT_POINT):
"""Register a new group and maps a set of policies to it.
Supported methods:
POST: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body)
:param name: The name of the group.
:type name: str | unicode
:param policies: The list or comma-separated string of policies associated with the group.
:type policies: list
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = utils.remove_nones(
{
"policies": policies,
}
)
api_path = utils.format_url(
"/v1/auth/{mount_point}/groups/{name}",
mount_point=mount_point,
name=name,
)
return self._adapter.post(
url=api_path,
json=params,
)
[docs] def read_group(self, name, mount_point=DEFAULT_MOUNT_POINT):
"""Read the properties of an existing group.
Supported methods:
GET: /auth/{mount_point}/groups/{name}. Produces: 200 application/json
:param name: The name for the group.
:type name: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url(
"/v1/auth/{mount_point}/groups/{name}",
mount_point=mount_point,
name=name,
)
return self._adapter.get(
url=api_path,
)
[docs] def delete_group(self, name, mount_point=DEFAULT_MOUNT_POINT):
"""Delete an existing group from the method.
Supported methods:
DELETE: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body)
:param name: The name for the group.
:type name: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
"name": name,
}
api_path = utils.format_url(
"/v1/auth/{mount_point}/groups/{name}",
mount_point=mount_point,
name=name,
)
return self._adapter.delete(
url=api_path,
json=params,
)
[docs] def login(
self, username, password, use_token=True, mount_point=DEFAULT_MOUNT_POINT
):
"""Login with the username and password.
Supported methods:
POST: /auth/{mount_point}/login/{username}. Produces: 200 application/json
:param username: Username for this user.
:type username: str | unicode
:param password: Password for the authenticating user.
:type password: str | unicode
:param use_token: if True, uses the token in the response received from the auth request to set the "token"
attribute on the :py:meth:`hvac.adapters.Adapter` instance under the _adapter Client attribute.
:type use_token: bool
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the login request.
:rtype: dict
"""
params = {
"username": username,
"password": password,
}
api_path = utils.format_url(
"/v1/auth/{mount_point}/login/{username}",
mount_point=mount_point,
username=username,
)
return self._adapter.login(
url=api_path,
use_token=use_token,
json=params,
)