Source code for hvac.api.system_backend.audit

#!/usr/bin/env python
"""Support for "Audit"-related System Backend Methods."""
from hvac import utils
from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin


[docs]class Audit(SystemBackendMixin):
[docs] def list_enabled_audit_devices(self): """List enabled audit devices. It does not list all available audit devices. This endpoint requires sudo capability in addition to any path-specific capabilities. Supported methods: GET: /sys/audit. Produces: 200 application/json :return: JSON response of the request. :rtype: dict """ return self._adapter.get("/v1/sys/audit")
[docs] def enable_audit_device( self, device_type, description=None, options=None, path=None, local=None ): """Enable a new audit device at the supplied path. The path can be a single word name or a more complex, nested path. Supported methods: PUT: /sys/audit/{path}. Produces: 204 (empty body) :param device_type: Specifies the type of the audit device. :type device_type: str | unicode :param description: Human-friendly description of the audit device. :type description: str | unicode :param options: Configuration options to pass to the audit device itself. This is dependent on the audit device type. :type options: str | unicode :param path: Specifies the path in which to enable the audit device. This is part of the request URL. :type path: str | unicode :param local: Specifies if the audit device is a local only. :type local: bool :return: The response of the request. :rtype: requests.Response """ if path is None: path = device_type params = { "type": device_type, } params.update( utils.remove_nones( { "description": description, "options": options, "local": local, } ) ) api_path = utils.format_url("/v1/sys/audit/{path}", path=path) return self._adapter.post(url=api_path, json=params)
[docs] def disable_audit_device(self, path): """Disable the audit device at the given path. Supported methods: DELETE: /sys/audit/{path}. Produces: 204 (empty body) :param path: The path of the audit device to delete. This is part of the request URL. :type path: str | unicode :return: The response of the request. :rtype: requests.Response """ api_path = utils.format_url("/v1/sys/audit/{path}", path=path) return self._adapter.delete( url=api_path, )
[docs] def calculate_hash(self, path, input_to_hash): """Hash the given input data with the specified audit device's hash function and salt. This endpoint can be used to discover whether a given plaintext string (the input parameter) appears in the audit log in obfuscated form. Supported methods: POST: /sys/audit-hash/{path}. Produces: 204 (empty body) :param path: The path of the audit device to generate hashes for. This is part of the request URL. :type path: str | unicode :param input_to_hash: The input string to hash. :type input_to_hash: str | unicode :return: The JSON response of the request. :rtype: requests.Response """ params = { "input": input_to_hash, } api_path = utils.format_url("/v1/sys/audit-hash/{path}", path=path) return self._adapter.post(url=api_path, json=params)