Source code for hvac.api.system_backend.mount

from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin


[docs]class Mount(SystemBackendMixin):
[docs] def list_mounted_secrets_engines(self): """Lists all the mounted secrets engines. Supported methods: POST: /sys/mounts. Produces: 200 application/json :return: JSON response of the request. :rtype: dict """ response = self._adapter.get('/v1/sys/mounts') return response.json()
[docs] def retrieve_mount_option(self, mount_point, option_name, default_value=None): secrets_engine_path = '{mount_point}/'.format(mount_point=mount_point) secrets_engines_list = self.list_mounted_secrets_engines()['data'] mount_options = secrets_engines_list[secrets_engine_path].get('options') if mount_options is None: return default_value return mount_options.get(option_name, default_value)
[docs] def enable_secrets_engine(self, backend_type, path=None, description=None, config=None, plugin_name=None, options=None, local=False, seal_wrap=False): """Enable a new secrets engine at the given path. Supported methods: POST: /sys/mounts/{path}. Produces: 204 (empty body) :param backend_type: The name of the backend type, such as "github" or "token". :type backend_type: str | unicode :param path: The path to mount the method on. If not provided, defaults to the value of the "method_type" argument. :type path: str | unicode :param description: A human-friendly description of the mount. :type description: str | unicode :param config: Configuration options for this mount. These are the possible values: * **default_lease_ttl**: The default lease duration, specified as a string duration like "5s" or "30m". * **max_lease_ttl**: The maximum lease duration, specified as a string duration like "5s" or "30m". * **force_no_cache**: Disable caching. * **plugin_name**: The name of the plugin in the plugin catalog to use. * **audit_non_hmac_request_keys**: Comma-separated list of keys that will not be HMAC'd by audit devices in the request data object. * **audit_non_hmac_response_keys**: Comma-separated list of keys that will not be HMAC'd by audit devices in the response data object. * **listing_visibility**: Specifies whether to show this mount in the UI-specific listing endpoint. ("unauth" or "hidden") * **passthrough_request_headers**: Comma-separated list of headers to whitelist and pass from the request to the backend. :type config: dict :param options: Specifies mount type specific options that are passed to the backend. * **version**: <KV> The version of the KV to mount. Set to "2" for mount KV v2. :type options: dict :param plugin_name: Specifies the name of the plugin to use based from the name in the plugin catalog. Applies only to plugin backends. :type plugin_name: str | unicode :param local: <Vault enterprise only> Specifies if the auth method is a local only. Local auth methods are not replicated nor (if a secondary) removed by replication. :type local: bool :param seal_wrap: <Vault enterprise only> Enable seal wrapping for the mount. :type seal_wrap: bool :return: The response of the request. :rtype: requests.Response """ if path is None: path = backend_type params = { 'type': backend_type, 'description': description, 'config': config, 'options': options, 'plugin_name': plugin_name, 'local': local, 'seal_wrap': seal_wrap, } api_path = '/v1/sys/mounts/{path}'.format(path=path) return self._adapter.post( url=api_path, json=params, )
[docs] def disable_secrets_engine(self, path): """Disable the mount point specified by the provided path. Supported methods: DELETE: /sys/mounts/{path}. Produces: 204 (empty body) :param path: Specifies the path where the secrets engine will be mounted. This is specified as part of the URL. :type path: str | unicode :return: The response of the request. :rtype: requests.Response """ api_path = '/v1/sys/mounts/{path}'.format(path=path) return self._adapter.delete( url=api_path, )
[docs] def read_mount_configuration(self, path): """Read the given mount's configuration. Unlike the mounts endpoint, this will return the current time in seconds for each TTL, which may be the system default or a mount-specific value. Supported methods: GET: /sys/mounts/{path}/tune. Produces: 200 application/json :param path: Specifies the path where the secrets engine will be mounted. This is specified as part of the URL. :type path: str | unicode :return: The JSON response of the request. :rtype: requests.Response """ api_path = '/v1/sys/mounts/{path}/tune'.format(path=path) response = self._adapter.get( url=api_path, ) return response.json()
[docs] def tune_mount_configuration(self, path, default_lease_ttl=None, max_lease_ttl=None, description=None, audit_non_hmac_request_keys=None, audit_non_hmac_response_keys=None, listing_visibility=None, passthrough_request_headers=None, options=None): """Tune configuration parameters for a given mount point. Supported methods: POST: /sys/mounts/{path}/tune. Produces: 204 (empty body) :param path: Specifies the path where the secrets engine will be mounted. This is specified as part of the URL. :type path: str | unicode :param mount_point: The path the associated secret backend is mounted :type mount_point: str :param description: Specifies the description of the mount. This overrides the current stored value, if any. :type description: str :param default_lease_ttl: Default time-to-live. This overrides the global default. A value of 0 is equivalent to the system default TTL :type default_lease_ttl: int :param max_lease_ttl: Maximum time-to-live. This overrides the global default. A value of 0 are equivalent and set to the system max TTL. :type max_lease_ttl: int :param audit_non_hmac_request_keys: Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the request data object. :type audit_non_hmac_request_keys: list :param audit_non_hmac_response_keys: Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the response data object. :type audit_non_hmac_response_keys: list :param listing_visibility: Speficies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "". :type listing_visibility: str :param passthrough_request_headers: Comma-separated list of headers to whitelist and pass from the request to the backend. :type passthrough_request_headers: str :param options: Specifies mount type specific options that are passed to the backend. * **version**: <KV> The version of the KV to mount. Set to "2" for mount KV v2. :type options: dict :return: The response from the request. :rtype: request.Response """ # All parameters are optional for this method. Until/unless we include input validation, we simply loop over the # parameters and add which parameters are set. optional_parameters = [ 'default_lease_ttl', 'max_lease_ttl', 'description', 'audit_non_hmac_request_keys', 'audit_non_hmac_response_keys', 'listing_visibility', 'passthrough_request_headers', 'options', ] params = {} for optional_parameter in optional_parameters: if locals().get(optional_parameter) is not None: params[optional_parameter] = locals().get(optional_parameter) api_path = '/v1/sys/mounts/{path}/tune'.format(path=path) return self._adapter.post( url=api_path, json=params, )
[docs] def move_backend(self, from_path, to_path): """Move an already-mounted backend to a new mount point. Supported methods: POST: /sys/remount. Produces: 204 (empty body) :param from_path: Specifies the previous mount point. :type from_path: str | unicode :param to_path: Specifies the new destination mount point. :type to_path: str | unicode :return: The response of the request. :rtype: requests.Response """ params = { 'from': from_path, 'to': to_path, } api_path = '/v1/sys/remount' return self._adapter.post( url=api_path, json=params, )