hvac.v1๏
Classes:
|
The hvac Client class for HashiCorp's Vault. |
- class hvac.v1.Client(url=None, token=None, cert=None, verify=None, timeout=30, proxies=None, allow_redirects=True, session=None, adapter=<class 'hvac.adapters.JSONAdapter'>, namespace=None, **kwargs)[source]๏
Bases:
objectThe hvac Client class for HashiCorpโs Vault.
Methods:
__init__([url,ย token,ย cert,ย verify,ย ...])Creates a new hvac client instance.
auth_cubbyhole(token)Perform a login request with a wrapped token.
delete(path)DELETE /<path>
get_policy(name[,ย parse])Retrieve the policy body for the named policy.
Helper method which returns the authentication status of the client
list(path)GET /<path>?list=true
login(url[,ย use_token])Perform a login request.
logout([revoke_token])Clears the token used for authentication, optionally revoking it before doing so.
lookup_token([token,ย accessor,ย wrap_ttl])GET /auth/token/lookup/<token>
read(path[,ย wrap_ttl])GET /<path>
renew_token(token[,ย increment,ย wrap_ttl])POST /auth/token/renew
revoke_token(token[,ย orphan,ย accessor])POST /auth/token/revoke
write(path,ย wrap_ttl,ย **kwargs)POST /<path>
write_data(path,ย *[,ย data,ย wrap_ttl])Write data to a path.
Attributes:
Adapter for all client's connections.
Accessor for the Client instance's auth methods.
Read the high availability status and current leader instance of Vault.
GET /sys/key-status
Read the seal status of the Vault.
Accessor for the Client instance's secrets engines.
Accessor for the Client instance's system backend methods.
- __init__(url=None, token=None, cert=None, verify=None, timeout=30, proxies=None, allow_redirects=True, session=None, adapter=<class 'hvac.adapters.JSONAdapter'>, namespace=None, **kwargs)[source]๏
Creates a new hvac client instance.
- Parameters:
url (str) โ Base URL for the Vault instance being addressed.
token (str) โ Authentication token to include in requests sent to Vault.
cert (tuple) โ Certificates for use in requests sent to the Vault instance. This should be a tuple with the certificate and then key.
verify (Union[bool,str]) โ Either a boolean to indicate whether TLS verification should be performed when sending requests to Vault, or a string pointing at the CA bundle to use for verification. See http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification.
timeout (int) โ The timeout value for requests sent to Vault.
proxies (dict) โ Proxies to use when performing requests. See: http://docs.python-requests.org/en/master/user/advanced/#proxies
allow_redirects (bool) โ Whether to follow redirects when sending requests to Vault.
session (request.Session) โ Optional session object to use when performing request.
adapter (hvac.adapters.Adapter) โ Optional class to be used for performing requests. If none is provided, defaults to hvac.adapters.JSONRequest.
kwargs (dict) โ Additional parameters to pass to the adapter constructor.
namespace (str) โ Optional Vault Namespace.
- property adapter๏
Adapter for all clientโs connections.
- property allow_redirects๏
- property auth๏
Accessor for the Client instanceโs auth methods. Provided via the
hvac.api.AuthMethodsclass. :return: This Client instanceโs associated Auth instance. :rtype: hvac.api.AuthMethods
- auth_cubbyhole(token)[source]๏
Perform a login request with a wrapped token.
- Stores the unwrapped token in the resulting Vault response for use by the
hvac.adapters.Adapter() instance under the _adapter Client attribute.
- Parameters:
token (str | unicode) โ Wrapped token
- Returns:
The (JSON decoded) response of the auth request
- Return type:
dict
- Stores the unwrapped token in the resulting Vault response for use by the
- property generate_root_status๏
- get_policy(name, parse=False)[source]๏
Retrieve the policy body for the named policy.
- Parameters:
name (str | unicode) โ The name of the policy to retrieve.
parse (bool) โ Specifies whether to parse the policy body using pyhcl or not.
- Returns:
The (optionally parsed) policy body for the specified policy.
- Return type:
str | dict
- property ha_status๏
Read the high availability status and current leader instance of Vault.
- Returns:
The JSON response returned by read_leader_status()
- Return type:
dict
- is_authenticated()[source]๏
Helper method which returns the authentication status of the client
- Returns:
- Return type:
- property key_status๏
GET /sys/key-status
- Returns:
Information about the current encryption key used by Vault.
- Return type:
dict
- login(url, use_token=True, **kwargs)[source]๏
Perform a login request.
- Associated request is typically to a path prefixed with โ/v1/authโ) and optionally stores the client token sent
in the resulting Vault response for use by the
hvac.adapters.Adapter()instance under the _adapter Client attribute.
- Parameters:
url (str | unicode) โ Path to send the authentication request to.
use_token (bool) โ if True, uses the token in the response received from the auth request to set the โtokenโ attribute on the the
hvac.adapters.Adapter()instance under the _adapter Client attribute.kwargs (dict) โ Additional keyword arguments to include in the params sent with the request.
- Returns:
The response of the auth request.
- Return type:
requests.Response
- logout(revoke_token=False)[source]๏
Clears the token used for authentication, optionally revoking it before doing so.
- Parameters:
revoke_token โ
- Returns:
- Return type:
- lookup_token(token=None, accessor=False, wrap_ttl=None)[source]๏
GET /auth/token/lookup/<token>
GET /auth/token/lookup-accessor/<token-accessor>
GET /auth/token/lookup-self
- Parameters:
token (str.) โ
accessor (str.) โ
wrap_ttl (int.) โ
- Returns:
- Return type:
- read(path, wrap_ttl=None)[source]๏
GET /<path>
- Parameters:
path โ
wrap_ttl โ
- Returns:
- Return type:
- property rekey_status๏
- renew_token(token, increment=None, wrap_ttl=None)[source]๏
POST /auth/token/renew
POST /auth/token/renew-self
- Parameters:
token โ
increment โ
wrap_ttl โ
- Returns:
- Return type:
For calls expecting to hit the renew-self endpoint please use the โrenew_selfโ method on โhvac_client.auth.tokenโ instead
- revoke_token(token, orphan=False, accessor=False)[source]๏
POST /auth/token/revoke
POST /auth/token/revoke-orphan
POST /auth/token/revoke-accessor
- Parameters:
token โ
orphan โ
accessor โ
- Returns:
- Return type:
- property seal_status๏
Read the seal status of the Vault.
This is an unauthenticated endpoint.
- Supported methods:
GET: /sys/seal-status. Produces: 200 application/json
- Returns:
The JSON response of the request.
- Return type:
dict
- property secrets๏
Accessor for the Client instanceโs secrets engines. Provided via the
hvac.api.SecretsEnginesclass.- Returns:
This Client instanceโs associated SecretsEngines instance.
- Return type:
- property session๏
- property sys๏
Accessor for the Client instanceโs system backend methods. Provided via the
hvac.api.SystemBackendclass.- Returns:
This Client instanceโs associated SystemBackend instance.
- Return type:
- property token๏
- property url๏
- write(path: str, wrap_ttl: str | None, **kwargs: Dict[str, Any])[source]๏
POST /<path>
Write data to a path. Because this method uses kwargs for the data to write, โpathโ and โwrap_ttlโ data keys cannot be used. If these names are needed, or if the key names are not known at design time, consider using the write_data method.
- Parameters:
path (str) โ
wrap_ttl (str | None) โ
kwargs (dict) โ
- Returns:
- Return type:
- write_data(path: str, *, data: Dict[str, Any] | None = None, wrap_ttl: str | None = None)[source]๏
Write data to a path. Similar to write() without restrictions on data keys.
- Supported methods:
POST /<path>
- Parameters:
path (str) โ
data (dict | None) โ
wrap_ttl (str | None) โ
- Returns:
- Return type: