Azure

Note

Every method under the Client class's azure attribute includes a mount_point parameter that can be used to address the Azure auth method under a custom mount path. E.g., If enabling the Azure auth method using Vault’s CLI commands via vault auth enable -path=my-azure azure”, the mount_point parameter in hvac.api.auth_methods.Azure() methods would be set to “my-azure”.

Enabling the Auth Method

hvac.v1.Client.enable_auth_backend()

import hvac
client = hvac.Client()

azure_auth_path = 'company-azure'
description = 'Auth method for use by team members in our company's Azure organization'

if '%s/' % azure_auth_path not in vault_client.list_auth_backends():
    print('Enabling the azure auth backend at mount_point: {path}'.format(
        path=azure_auth_path,
    ))
    client.enable_auth_backend(
        backend_type='azure',
        description=description,
        mount_point=azure_auth_path,
    )

Configure

hvac.api.auth_methods.Azure.configure()

import os
import hvac
client = hvac.Client()

client.auth.azure.configure(
    tenant_id='my-tenant-id'
    resource='my-resource',
    client_id=os.environ.get('AZURE_CLIENT_ID'),
    client_secret=os.environ.get('AZURE_CLIENT_SECRET'),
)

Read Config

hvac.api.auth_methods.Azure.read_config()

import hvac
client = hvac.Client()

read_config = client.auth.azure.read_config()
print('The configured tenant_id is: {id}'.format(id=read_config['tenant_id'))

Delete Config

hvac.api.auth_methods.Azure.delete_config()

import hvac
client = hvac.Client()

client.auth.azure.delete_config()

Create a Role

hvac.api.auth_methods.Azure.create_role()

import hvac
client = hvac.Client()

client.auth.azure.create_role(
    name='my-role',
    policies=policies,
    bound_service_principal_ids=bound_service_principal_ids,
)

Read A Role

hvac.api.auth_methods.Azure.read_role()

import hvac
client = hvac.Client()

role_name = 'my-role'
read_role_response = client.auth.azure.read_role(
    name=role_name,
)
print('Policies for role "{name}": {policies}'.format(
    name='my-role',
    policies=','.join(read_role_response['policies']),
))

List Roles

hvac.api.auth_methods.Azure.list_roles()

import hvac
client = hvac.Client()

roles = client.auth.azure.list_roles()
print('The following Azure auth roles are configured: {roles}'.format(
    roles=','.join(roles['keys']),
))

Delete A Role

hvac.api.auth_methods.Azure.delete_role()

import hvac
client = hvac.Client()

client.auth.azure.delete_role(
    name='my-role',
)

Login

hvac.api.auth_methods.Azure.login()

import hvac
client = hvac.Client()

client.auth.azure.login(
    role=role_name,
    jwt='Some MST JWT...',
)
client.is_authenticated  # ==> returns True