hvac.v1¶
Classes
|
The hvac Client class for HashiCorp’s Vault. |
-
class
hvac.v1.
Client
(url=None, token=None, cert=None, verify=None, timeout=30, proxies=None, allow_redirects=True, session=None, adapter=<class 'hvac.adapters.JSONAdapter'>, namespace=None, **kwargs)[source]¶ Bases:
object
The hvac Client class for HashiCorp’s Vault.
Methods
__init__
([url, token, cert, verify, …])Creates a new hvac client instance.
auth_cubbyhole
(token)Perform a login request with a wrapped token.
delete
(path)DELETE /<path>
get_policy
(name[, parse])Retrieve the policy body for the named policy.
Helper method which returns the authentication status of the client
list
(path)GET /<path>?list=true
login
(url[, use_token])Perform a login request.
logout
([revoke_token])Clears the token used for authentication, optionally revoking it before doing so.
lookup_token
([token, accessor, wrap_ttl])GET /auth/token/lookup/<token>
read
(path[, wrap_ttl])GET /<path>
renew_token
(token[, increment, wrap_ttl])POST /auth/token/renew
revoke_token
(token[, orphan, accessor])POST /auth/token/revoke
write
(path[, wrap_ttl])POST /<path>
Attributes
Accessor for the Client instance’s auth methods.
Read the high availability status and current leader instance of Vault.
GET /sys/key-status
Read the seal status of the Vault.
Accessor for the Client instance’s secrets engines.
Accessor for the Client instance’s system backend methods.
-
__init__
(url=None, token=None, cert=None, verify=None, timeout=30, proxies=None, allow_redirects=True, session=None, adapter=<class 'hvac.adapters.JSONAdapter'>, namespace=None, **kwargs)[source]¶ Creates a new hvac client instance.
- Parameters
url (str) – Base URL for the Vault instance being addressed.
token (str) – Authentication token to include in requests sent to Vault.
cert (tuple) – Certificates for use in requests sent to the Vault instance. This should be a tuple with the certificate and then key.
verify (Union[bool,str]) – Either a boolean to indicate whether TLS verification should be performed when sending requests to Vault, or a string pointing at the CA bundle to use for verification. See http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification.
timeout (int) – The timeout value for requests sent to Vault.
proxies (dict) – Proxies to use when performing requests. See: http://docs.python-requests.org/en/master/user/advanced/#proxies
allow_redirects (bool) – Whether to follow redirects when sending requests to Vault.
session (request.Session) – Optional session object to use when performing request.
adapter (hvac.adapters.Adapter) – Optional class to be used for performing requests. If none is provided, defaults to hvac.adapters.JSONRequest
kwargs (dict) – Additional parameters to pass to the adapter constructor.
namespace (str) – Optional Vault Namespace.
-
property
adapter
¶
-
property
allow_redirects
¶
-
property
auth
¶ Accessor for the Client instance’s auth methods. Provided via the
hvac.api.AuthMethods
class. :return: This Client instance’s associated Auth instance. :rtype: hvac.api.AuthMethods
-
auth_cubbyhole
(token)[source]¶ Perform a login request with a wrapped token.
- Stores the unwrapped token in the resulting Vault response for use by the
hvac.adapters.Adapter()
instance under the _adapater Client attribute.
- Parameters
token (str | unicode) – Wrapped token
- Returns
The (JSON decoded) response of the auth request
- Return type
dict
- Stores the unwrapped token in the resulting Vault response for use by the
-
property
generate_root_status
¶
-
get_policy
(name, parse=False)[source]¶ Retrieve the policy body for the named policy.
- Parameters
name (str | unicode) – The name of the policy to retrieve.
parse (bool) – Specifies whether to parse the policy body using pyhcl or not.
- Returns
The (optionally parsed) policy body for the specified policy.
- Return type
str | dict
-
property
ha_status
¶ Read the high availability status and current leader instance of Vault.
- Returns
The JSON response returned by read_leader_status()
- Return type
dict
-
is_authenticated
()[source]¶ Helper method which returns the authentication status of the client
- Returns
- Return type
-
property
key_status
¶ GET /sys/key-status
- Returns
Information about the current encryption key used by Vault.
- Return type
dict
-
login
(url, use_token=True, **kwargs)[source]¶ Perform a login request.
- Associated request is typically to a path prefixed with “/v1/auth”) and optionally stores the client token sent
in the resulting Vault response for use by the
hvac.adapters.Adapter()
instance under the _adapater Client attribute.
- Parameters
url (str | unicode) – Path to send the authentication request to.
use_token (bool) – if True, uses the token in the response received from the auth request to set the “token” attribute on the the
hvac.adapters.Adapter()
instance under the _adapater Client attribute.kwargs (dict) – Additional keyword arguments to include in the params sent with the request.
- Returns
The response of the auth request.
- Return type
requests.Response
-
logout
(revoke_token=False)[source]¶ Clears the token used for authentication, optionally revoking it before doing so.
- Parameters
revoke_token –
- Returns
- Return type
-
lookup_token
(token=None, accessor=False, wrap_ttl=None)[source]¶ GET /auth/token/lookup/<token>
GET /auth/token/lookup-accessor/<token-accessor>
GET /auth/token/lookup-self
- Parameters
token (str.) –
accessor (str.) –
wrap_ttl (int.) –
- Returns
- Return type
-
property
rekey_status
¶
-
renew_token
(token, increment=None, wrap_ttl=None)[source]¶ POST /auth/token/renew
POST /auth/token/renew-self
- Parameters
token –
increment –
wrap_ttl –
- Returns
- Return type
For calls expecting to hit the renew-self endpoint please use the “renew_self_token” method instead
-
revoke_token
(token, orphan=False, accessor=False)[source]¶ POST /auth/token/revoke
POST /auth/token/revoke-orphan
POST /auth/token/revoke-accessor
- Parameters
token –
orphan –
accessor –
- Returns
- Return type
-
property
seal_status
¶ Read the seal status of the Vault.
This is an unauthenticated endpoint.
- Supported methods:
GET: /sys/seal-status. Produces: 200 application/json
- Returns
The JSON response of the request.
- Return type
dict
-
property
secrets
¶ Accessor for the Client instance’s secrets engines. Provided via the
hvac.api.SecretsEngines
class.- Returns
This Client instance’s associated SecretsEngines instance.
- Return type
-
property
session
¶
-
property
sys
¶ Accessor for the Client instance’s system backend methods. Provided via the
hvac.api.SystemBackend
class.- Returns
This Client instance’s associated SystemBackend instance.
- Return type
-
property
token
¶
-
property
url
¶
-