Policies

Read ACL Policy

Policies.read_acl_policy(name)[source]

Retrieve the policy body for the named acl policy.

Supported methods:

GET: /sys/policies/acl/{name}. Produces: 200 application/json

Parameters:

name (str | unicode) – The name of the acl policy to retrieve.

Returns:

The response of the request

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

# Create ACL Policy
client.sys.create_or_update_acl_policy(
        name="test-acl-policy", policy='path "sys/health" { capabilities = ["read", "sudo"]}',
    )

client.sys.read_acl_policy("test-acl-policy")

Create or Update ACL Policy

Policies.create_or_update_acl_policy(name, policy, pretty_print=True)[source]

Add a new or update an existing acl policy.

Once a policy is updated, it takes effect immediately to all associated users.

Supported methods:

PUT: /sys/policies/acl/{name}. Produces: 204 (empty body)

Parameters:

  • name (str | unicode) – Specifies the name of the policy to create.

  • policy (str | unicode | dict) – Specifies the policy to create or update.

  • pretty_print (bool) – If True, and provided a dict for the policy argument, send the policy JSON to Vault with β€œpretty” formatting.

Returns:

The response of the request.

Return type:

requests.Response

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

# Create ACL Policy
client.sys.create_or_update_acl_policy(
        name="test-acl-policy", policy='path "sys/health" { capabilities = ["read", "sudo"]}',
    )

# Update ACL Policy
client.sys.create_or_update_acl_policy(
        name="test-acl-policy", policy='path "sys/health" { capabilities = ["read"]}',
    )

List ACL Policies

Policies.list_acl_policies()[source]

List all configured acl policies.

Supported methods:

GET: /sys/policies/acl. Produces: 200 application/json

Returns:

The JSON response of the request.

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

client.sys.create_or_update_acl_policy(
        name="test-acl-policy", policy='path "sys/health" { capabilities = ["read"]}',
    )
client.sys.list_acl_policies()

Delete ACL Policy

Policies.delete_acl_policy(name)[source]

Delete the acl policy with the given name.

This will immediately affect all users associated with this policy.

Supported methods:

DELETE: /sys/policies/acl/{name}. Produces: 204 (empty body)

Parameters:

name (str | unicode) – Specifies the name of the policy to delete.

Returns:

The response of the request.

Return type:

requests.Response

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_acl_policy("test-acl-policy")

Read RGP Policy

Policies.read_rgp_policy(name)[source]

Retrieve the policy body for the named rgp policy.

Supported methods:

GET: /sys/policies/rgp/{name}. Produces: 200 application/json

Parameters:

name (str | unicode) – The name of the rgp policy to retrieve.

Returns:

The response of the request

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

client.sys.create_or_update_rgp_policy(
    name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
)

client.sys.read_rgp_policy("test-rgp-policy")

Create or Update RGP Policy

Policies.create_or_update_rgp_policy(name, policy, enforcement_level)[source]

Add a new or update an existing rgp policy.

Once a policy is updated, it takes effect immediately to all associated users.

Supported methods:

PUT: /sys/policies/rgp/{name}. Produces: 204 (empty body)

Parameters:

  • name (str | unicode) – Specifies the name of the policy to create.

  • policy (str | unicode) – Specifies the policy to create or update.

  • enforcement_level (str | unicode) – Specifies the enforcement level to use. This must be one of advisory, soft-mandatory, or hard-mandatory

Returns:

The response of the request.

Return type:

requests.Response

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

# Create RGP Policy
client.sys.create_or_update_rgp_policy(
        name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
    )

# Update RGP Policy
client.sys.create_or_update_rgp_policy(
        name="test-rgp-policy", policy=policy, enforcement_level="hard-mandatory",
    )

List RGP Policies

Policies.list_rgp_policies()[source]

List all configured rgp policies.

Supported methods:

GET: /sys/policies/rgp. Produces: 200 application/json

Returns:

The JSON response of the request.

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

client.sys.create_or_update_rgp_policy(
        name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
    )
client.sys.list_rgp_policies()

Delete RGP Policy

Policies.delete_rgp_policy(name)[source]

Delete the rgp policy with the given name.

This will immediately affect all users associated with this policy.

Supported methods:

DELETE: /sys/policies/rgp/{name}. Produces: 204 (empty body)

Parameters:

name (str | unicode) – Specifies the name of the policy to delete.

Returns:

The response of the request.

Return type:

requests.Response

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_rgp_policy("test-rgp-policy")

Read EGP Policy

Policies.read_egp_policy(name)[source]

Retrieve the policy body for the named egp policy.

Supported methods:

GET: /sys/policies/egp/{name}. Produces: 200 application/json

Parameters:

name (str | unicode) – The name of the egp policy to retrieve.

Returns:

The response of the request

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

# Create EGP Policy
client.sys.create_or_update_egp_policy(
        name="test-egp-policy", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
    )

client.sys.read_egp_policy("test-egp-policy")

Create or Update EGP Policy

Policies.create_or_update_egp_policy(name, policy, enforcement_level, paths)[source]

Add a new or update an existing egp policy.

Once a policy is updated, it takes effect immediately to all associated users.

Supported methods:

PUT: /sys/policies/egp/{name}. Produces: 204 (empty body)

Parameters:

  • name (str | unicode) – Specifies the name of the policy to create.

  • policy (str | unicode) – Specifies the policy to create or update.

  • enforcement_level (str | unicode) – Specifies the enforcement level to use. This must be one of advisory, soft-mandatory, or hard-mandatory

  • paths (list) – Specifies the paths on which this EGP should be applied.

Returns:

The response of the request.

Return type:

requests.Response

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

# Create EGP Policy
client.sys.create_or_update_egp_policy(
        name="test-egp-policy", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
    )

# Update EGP Policy
client.sys.create_or_update_egp_policy(
        name="test-egp-policy", policy=policy, enforcement_level="hard-mandatory", paths=["/test"],
    )

List EGP Policies

Policies.list_egp_policies()[source]

List all configured egp policies.

Supported methods:

GET: /sys/policies/egp. Produces: 200 application/json

Returns:

The JSON response of the request.

Return type:

dict

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")

policy = """import "time"
import "strings"

main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
    time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""

client.sys.create_or_update_egp_policy(
        name="test-egp-policy1", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
    )
client.sys.list_egp_policies()

Delete EGP Policy

Policies.delete_egp_policy(name)[source]

Delete the egp policy with the given name.

This will immediately affect all users associated with this policy.

Supported methods:

DELETE: /sys/policies/egp/{name}. Produces: 204 (empty body)

Parameters:

name (str | unicode) – Specifies the name of the policy to delete.

Returns:

The response of the request.

Return type:

requests.Response

Examples

import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_egp_policy("test-egp-policy")