本文整理汇总了Python中hvac.Client方法的典型用法代码示例。如果您正苦于以下问题:Python hvac.Client方法的具体用法?Python hvac.Client怎么用?Python hvac.Client使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类hvac
的用法示例。
在下文中一共展示了hvac.Client方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _auth_azure
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _auth_azure(self, _client: hvac.Client) -> None:
if self.auth_mount_point:
_client.auth.azure.configure(
tenant_id=self.azure_tenant_id,
resource=self.azure_resource,
client_id=self.key_id,
client_secret=self.secret_id,
mount_point=self.auth_mount_point
)
else:
_client.auth.azure.configure(
tenant_id=self.azure_tenant_id,
resource=self.azure_resource,
client_id=self.key_id,
client_secret=self.secret_id
)
示例2: __init__
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def __init__(self,
db_path=STORAGE_DEFAULT_PATH_MAPPING['vault'],
token=None or os.environ.get('VAULT_TOKEN'),
cert=None,
stash_name='ghost'):
if not HVAC_EXISTS:
raise ImportError('hvac must be installed first')
if not token:
raise GhostError(
'The `VAULT_TOKEN` env var must be set to use this storage '
'type')
self.client = hvac.Client(url=db_path, token=token, cert=cert)
self._stash_name = stash_name
示例3: test_getCert
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def test_getCert(mocker):
clientmock = mocker.MagicMock()
clientmock.write.return_value = {
'StatusCode': 200,
'data': {
'signed_key': "The Cert"
}
}
hvacmock = mocker.patch('hvac.Client')
hvacmock.return_value = clientmock
client = hvac.Client(TESTVAULTCONFIG['vault_addr'])
vault_ca = VaultCA(client)
returned = vault_ca.getCert(
{
'ssh_backend_mount': 'foo',
'ssh_backend_role': 'bar',
'valid_principals': 'test',
'public_key': 'ssh-rsa stuff',
'ttl': '500'
}
)
assert returned == 'The Cert'
示例4: test_getCert_NoCert
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def test_getCert_NoCert(mocker):
clientmock = mocker.MagicMock()
clientmock.write.return_value = {
'StatusCode': 403,
'data': {
'error': "Forbidden"
}
}
hvacmock = mocker.patch('hvac.Client')
hvacmock.return_value = clientmock
client = hvac.Client(TESTVAULTCONFIG['vault_addr'])
vault_ca = VaultCA(client)
with pytest.raises(Exception) as excinfo:
vault_ca.getCert(
{
'ssh_backend_mount': 'foo',
'ssh_backend_role': 'bar',
'valid_principals': 'test',
'public_key': 'ssh-rsa stuff',
'ttl': '500'
}
)
assert 'No certificate in response.' in str(excinfo.value)
示例5: hashivault_client
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def hashivault_client(params):
url = params.get('url')
ca_cert = params.get('ca_cert')
ca_path = params.get('ca_path')
client_cert = params.get('client_cert')
client_key = params.get('client_key')
cert = (client_cert, client_key)
check_verify = params.get('verify')
namespace = params.get('namespace', None)
if check_verify == '' or check_verify:
if ca_cert:
verify = ca_cert
elif ca_path:
verify = ca_path
else:
verify = check_verify
else:
verify = check_verify
client = hvac.Client(url=url, cert=cert, verify=verify, namespace=namespace)
return client
示例6: connect
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def connect():
'''
Connect to the vault server and return the
connected vault client instance.
'''
url = os.environ.get('VAULT_ADDR')
token = os.environ.get('VAULT_TOKEN')
if not url or not token:
halt(
'Failed connecting to vault. ' +
'`VAULT_ADDR` and `VAULT_TOKEN` must be set in your environment.'
)
return Client(url=url, token=token)
示例7: _decrypt_block_device
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _decrypt_block_device(args, client, config):
"""Open a LUKS/dm-crypt encrypted block device
The devices dm-crypt key is retrieved from Vault
:param: args: argparser generated cli arguments
:param: client: hvac.Client for Vault access
:param: config: configparser object of vaultlocker config
"""
block_uuid = args.uuid[0]
if _device_exists(block_uuid):
logger.info('Skipping setup of {} because '
'it already exists.'.format(block_uuid))
return
vault_path = _get_vault_path(block_uuid, config)
stored_data = client.read(vault_path)
if stored_data is None:
raise ValueError('Unable to locate key for {}'.format(block_uuid))
key = stored_data['data']['dmcrypt_key']
dmcrypt.luks_open(key, block_uuid)
示例8: get_username_password
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def get_username_password(vault_server, vault_token: str) -> Dict[str, str]:
vault = hvac.Client(url=vault_server, token=vault_token)
result = {
'username': vault.read('kv/CSR_USERNAME')['data']['value'],
'password': vault.read('kv/CSR_PASSWORD')['data']['value'],
}
return result
示例9: vault_client
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def vault_client(self):
"""Return configured vault client."""
if self._vault_client is None and 'hvac' in sys.modules:
if self.vault_url is not None and self.vault_token is not None:
self._vault_client = hvac.Client(url=self.vault_url, token=self.vault_token)
return self._vault_client
示例10: __init__
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def __init__(self, addr=None, token_path=None):
"""
Connect to Vault and maintain connection
:param addr: URL to connect to Vault at. If None, defaults to
:py:attr:`biweeklybudget.settings.VAULT_ADDR`.
:type addr: str
:param token_path: path to read Vault token from. If None, defaults to
:py:attr:`biweeklybudget.settings.TOKEN_PATH`.
:type token_path: str
"""
if addr is None and 'VAULT_ADDR' in os.environ:
addr = os.environ['VAULT_ADDR']
if token_path is None and 'TOKEN_PATH' in os.environ:
token_path = os.environ['TOKEN_PATH']
# if not in constructor or environment, use settings if possible
if addr is None or token_path is None:
try:
from biweeklybudget import settings
if addr is None:
addr = settings.VAULT_ADDR
if token_path is None:
token_path = settings.TOKEN_PATH
except Exception:
logger.error('ERROR: you must either set the SETTINGS_MODULE '
'environment variable to use a settings module, '
'or export VAULT_ADDR and TOKEN_PATH environment '
'variables.')
raise SystemExit(1)
token_path = os.path.expanduser(token_path)
logger.debug('Connecting to Vault at %s with token from %s',
addr, token_path)
with open(token_path, 'r') as fh:
tkn = fh.read().strip()
self.conn = hvac.Client(url=addr, token=tkn)
assert self.conn.is_authenticated()
logger.debug('Connected to Vault')
示例11: client
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def client(self) -> hvac.Client:
"""
Return an authenticated Hashicorp Vault client.
:rtype: hvac.Client
:return: Vault Client
"""
_client = hvac.Client(url=self.url, **self.kwargs)
if self.auth_type == "approle":
self._auth_approle(_client)
elif self.auth_type == 'aws_iam':
self._auth_aws_iam(_client)
elif self.auth_type == 'azure':
self._auth_azure(_client)
elif self.auth_type == "gcp":
self._auth_gcp(_client)
elif self.auth_type == "github":
self._auth_github(_client)
elif self.auth_type == "kubernetes":
self._auth_kubernetes(_client)
elif self.auth_type == "ldap":
self._auth_ldap(_client)
elif self.auth_type == "radius":
self._auth_radius(_client)
elif self.auth_type == "token":
self._set_token(_client)
elif self.auth_type == "userpass":
self._auth_userpass(_client)
else:
raise VaultError(f"Authentication type '{self.auth_type}' not supported")
if _client.is_authenticated():
return _client
else:
raise VaultError("Vault Authentication Error!")
示例12: _auth_userpass
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _auth_userpass(self, _client: hvac.Client) -> None:
if self.auth_mount_point:
_client.auth_userpass(username=self.username, password=self.password,
mount_point=self.auth_mount_point)
else:
_client.auth_userpass(username=self.username, password=self.password)
示例13: _auth_radius
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _auth_radius(self, _client: hvac.Client) -> None:
if self.auth_mount_point:
_client.auth.radius.configure(host=self.radius_host,
secret=self.radius_secret,
port=self.radius_port,
mount_point=self.auth_mount_point)
else:
_client.auth.radius.configure(host=self.radius_host,
secret=self.radius_secret,
port=self.radius_port)
示例14: _auth_ldap
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _auth_ldap(self, _client: hvac.Client) -> None:
if self.auth_mount_point:
_client.auth.ldap.login(
username=self.username, password=self.password, mount_point=self.auth_mount_point)
else:
_client.auth.ldap.login(
username=self.username, password=self.password)
示例15: _auth_kubernetes
# 需要导入模块: import hvac [as 别名]
# 或者: from hvac import Client [as 别名]
def _auth_kubernetes(self, _client: hvac.Client) -> None:
if not self.kubernetes_jwt_path:
raise VaultError("The kubernetes_jwt_path should be set here. This should not happen.")
with open(self.kubernetes_jwt_path) as f:
jwt = f.read()
if self.auth_mount_point:
_client.auth_kubernetes(role=self.kubernetes_role, jwt=jwt,
mount_point=self.auth_mount_point)
else:
_client.auth_kubernetes(role=self.kubernetes_role, jwt=jwt)