#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Okta methods module."""
from hvac import utils
from hvac.api.vault_api_base import VaultApiBase
DEFAULT_MOUNT_POINT = 'okta'
[docs]class Okta(VaultApiBase):
"""Okta Auth Method (API).
Reference: https://www.vaultproject.io/api/auth/okta/index.html
"""
[docs] def read_config(self, mount_point=DEFAULT_MOUNT_POINT):
"""Read the Okta configuration.
Supported methods:
GET: /auth/{mount_point}/config. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url('/v1/auth/{mount_point}/config', mount_point=mount_point)
return self._adapter.get(
url=api_path,
)
[docs] def list_users(self, mount_point=DEFAULT_MOUNT_POINT):
"""List the users configured in the Okta method.
Supported methods:
LIST: /auth/{mount_point}/users. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url('/v1/auth/{mount_point}/users', mount_point=mount_point)
return self._adapter.list(
url=api_path,
)
[docs] def register_user(self, username, groups=None, policies=None, mount_point=DEFAULT_MOUNT_POINT):
"""Register a new user and maps a set of policies to it.
Supported methods:
POST: /auth/{mount_point}/users/{username}. Produces: 204 (empty body)
:param username: Name of the user.
:type username: str | unicode
:param groups: List or comma-separated string of groups associated with the user.
:type groups: list
:param policies: List or comma-separated string of policies associated with the user.
:type policies: list
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
'username': username,
}
params.update(
utils.remove_nones({
'groups': groups,
'policies': policies,
})
)
api_path = utils.format_url(
'/v1/auth/{mount_point}/users/{username}',
mount_point=mount_point,
username=username,
)
return self._adapter.post(
url=api_path,
json=params,
)
[docs] def read_user(self, username, mount_point=DEFAULT_MOUNT_POINT):
"""Read the properties of an existing username.
Supported methods:
GET: /auth/{mount_point}/users/{username}. Produces: 200 application/json
:param username: Username for this user.
:type username: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
params = {
'username': username,
}
api_path = utils.format_url(
'/v1/auth/{mount_point}/users/{username}',
mount_point=mount_point,
username=username,
)
return self._adapter.get(
url=api_path,
json=params,
)
[docs] def delete_user(self, username, mount_point=DEFAULT_MOUNT_POINT):
"""Delete an existing username from the method.
Supported methods:
DELETE: /auth/{mount_point}/users/{username}. Produces: 204 (empty body)
:param username: Username for this user.
:type username: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
'username': username,
}
api_path = utils.format_url(
'/v1/auth/{mount_point}/users/{username}',
mount_point=mount_point,
username=username,
)
return self._adapter.delete(
url=api_path,
json=params,
)
[docs] def list_groups(self, mount_point=DEFAULT_MOUNT_POINT):
"""List the groups configured in the Okta method.
Supported methods:
LIST: /auth/{mount_point}/groups. Produces: 200 application/json
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url('/v1/auth/{mount_point}/groups', mount_point=mount_point)
return self._adapter.list(
url=api_path,
)
[docs] def register_group(self, name, policies=None, mount_point=DEFAULT_MOUNT_POINT):
"""Register a new group and maps a set of policies to it.
Supported methods:
POST: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body)
:param name: The name of the group.
:type name: str | unicode
:param policies: The list or comma-separated string of policies associated with the group.
:type policies: list
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = utils.remove_nones({
'policies': policies,
})
api_path = utils.format_url(
'/v1/auth/{mount_point}/groups/{name}',
mount_point=mount_point,
name=name,
)
return self._adapter.post(
url=api_path,
json=params,
)
[docs] def read_group(self, name, mount_point=DEFAULT_MOUNT_POINT):
"""Read the properties of an existing group.
Supported methods:
GET: /auth/{mount_point}/groups/{name}. Produces: 200 application/json
:param name: The name for the group.
:type name: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The JSON response of the request.
:rtype: dict
"""
api_path = utils.format_url(
'/v1/auth/{mount_point}/groups/{name}',
mount_point=mount_point,
name=name,
)
return self._adapter.get(
url=api_path,
)
[docs] def delete_group(self, name, mount_point=DEFAULT_MOUNT_POINT):
"""Delete an existing group from the method.
Supported methods:
DELETE: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body)
:param name: The name for the group.
:type name: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
params = {
'name': name,
}
api_path = utils.format_url(
'/v1/auth/{mount_point}/groups/{name}',
mount_point=mount_point,
name=name,
)
return self._adapter.delete(
url=api_path,
json=params,
)
[docs] def login(self, username, password, use_token=True, mount_point=DEFAULT_MOUNT_POINT):
"""Login with the username and password.
Supported methods:
POST: /auth/{mount_point}/login/{username}. Produces: 200 application/json
:param username: Username for this user.
:type username: str | unicode
:param password: Password for the authenticating user.
:type password: str | unicode
:param use_token: if True, uses the token in the response received from the auth request to set the "token"
attribute on the the :py:meth:`hvac.adapters.Adapter` instance under the _adapater Client attribute.
:type use_token: bool
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the login request.
:rtype: dict
"""
params = {
'username': username,
'password': password,
}
api_path = utils.format_url(
'/v1/auth/{mount_point}/login/{username}',
mount_point=mount_point,
username=username,
)
return self._adapter.login(
url=api_path,
use_token=use_token,
json=params,
)