o |nhP@s\dZddlZddlmZmZddlmZddlmZm Z ddl m Z m Z GdddeZ dS) zAPPROLE methods module.N) exceptionsutils) VaultApiBase)DEFAULT_MOUNT_POINTALLOWED_TOKEN_TYPES)validate_list_of_strings_paramlist_to_comma_delimitedc@seZdZdZddddddddddddddefddZefddZefddZefd d Zefd d Z efd dZ dddedfddZ dddedfddZ efddZ efddZefddZefddZefddZddefddZdS) AppRolezlUSERPASS Auth Method (API). Reference: https://www.vaultproject.io/api-docs/auth/approle/index.html NcCs|| | d}|dur|tvrd}t|j|dtdt}|D]\}}t||d|dur8t|||<q$| t ||||||| | | ||d t j d||d }|j j||d S) a Create/update approle. Supported methods: POST: /auth/{mount_point}/role/{role_name}. Produces: 204 (empty body) :param role_name: The name for the approle. :type role_name: str | unicode :param bind_secret_id: Require secret_id to be presented when logging in using this approle. :type bind_secret_id: bool :param secret_id_bound_cidrs: Blocks of IP addresses which can perform login operations. :type secret_id_bound_cidrs: list :param secret_id_num_uses: Number of times any secret_id can be used to fetch a token. A value of zero allows unlimited uses. :type secret_id_num_uses: int :param secret_id_ttl: Duration after which a secret_id expires. This can be specified as an integer number of seconds or as a duration value like "5m". :type secret_id_ttl: str | unicode :param enable_local_secret_ids: Secret IDs generated using role will be cluster local. :type enable_local_secret_ids: bool :param token_ttl: Incremental lifetime for generated tokens. This can be specified as an integer number of seconds or as a duration value like "5m". :type token_ttl: str | unicode :param token_max_ttl: Maximum lifetime for generated tokens: This can be specified as an integer number of seconds or as a duration value like "5m". :type token_max_ttl: str | unicode :param token_policies: List of policies to encode onto generated tokens. :type token_policies: list :param token_bound_cidrs: Blocks of IP addresses which can authenticate successfully. :type token_bound_cidrs: list :param token_explicit_max_ttl: If set, will encode an explicit max TTL onto the token. This can be specified as an integer number of seconds or as a duration value like "5m". :type token_explicit_max_ttl: str | unicode :param token_no_default_policy: Do not add the default policy to generated tokens, use only tokens specified in token_policies. :type token_no_default_policy: bool :param token_num_uses: Maximum number of times a generated token may be used. A value of zero allows unlimited uses. :type token_num_uses: int :param token_period: The period, if any, to set on the token. This can be specified as an integer number of seconds or as a duration value like "5m". :type token_period: str | unicode :param token_type: The type of token that should be generated, can be "service", "batch", or "default". :type token_type: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode )secret_id_bound_cidrstoken_policiestoken_bound_cidrsNzRunsupported token_type argument provided "{arg}", supported types: "{token_types}",)arg token_types param_nameparam_argument) bind_secret_idsecret_id_num_uses secret_id_ttlenable_local_secret_ids token_ttl token_max_ttltoken_explicit_max_ttltoken_no_default_policytoken_num_uses token_period token_typez"/v1/auth/{mount_point}/role/{name}) mount_pointnameurljson)rrParamValidationErrorformatjoindictitemsrrupdater remove_nones format_url_adapterpost)self role_namerr rrrrrr r rrrrrrlist_of_strings_params error_msgparamsrrapi_pathr3H/usr/local/lib/python3.10/dist-packages/hvac/api/auth_methods/approle.pycreate_or_update_approlesVC z AppRole.create_or_update_approlecCstjd|d}|jj|dS)ao List existing roles created in the auth method. Supported methods: LIST: /auth/{mount_point}/role. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the list_roles request. :rtype: dict z/v1/auth/{mount_point}/rolerr!rr*r+list)r-rr2r3r3r4 list_roless zAppRole.list_rolescCtjd||d}|jj|dS)a Read role in the auth method. Supported methods: GET: /auth/{mount_point}/role/{role_name}. Produces: 200 application/json :param role_name: The name for the role. :type role_name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role request. :rtype: dict '/v1/auth/{mount_point}/role/{role_name}rr.r7rr*r+getr-r.rr2r3r3r4 read_role zAppRole.read_rolecCr;)an Delete role in the auth method. Supported methods: DELETE: /auth/{mount_point}/role/{role_name}. Produces: 204 (empty body) :param role_name: The name for the role. :type role_name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode r<r=r7)rr*r+deleter@r3r3r4 delete_roles  zAppRole.delete_rolecCr;)a Reads the Role ID of a role in the auth method. Supported methods: GET: /auth/{mount_point}/role/{role_name}/role-id. Produces: 200 application/json :param role_name: The name for the role. :type role_name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict //v1/auth/{mount_point}/role/{role_name}/role-idr=r7r>r@r3r3r4 read_role_idrBzAppRole.read_role_idcC(d|i}tjd||d}|jj||dS)a7 Updates the Role ID of a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/role-id. Produces: 200 application/json :param role_name: The name for the role. :type role_name: str | unicode :param role_id: New value for the Role ID. :type role_id: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict role_idrEr=r rr*r+r,)r-r.rHrr1r2r3r3r4update_role_idszAppRole.update_role_idc Cs|durt|tsd}t|j|t|di}|r"dt|i}||d} | D]\} } t | | d| dur?t | || <q+t j d||d} |j j| ||d S) a5 Generates and issues a new Secret ID on a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/secret-id. Produces: 200 application/json :param role_name: The name for the role. :type role_name: str | unicode :param metadata: Metadata to be tied to the Secret ID. :type metadata: dict :param cidr_list: Blocks of IP addresses which can perform login operations. :type cidr_list: list :param token_bound_cidrs: Blocks of IP addresses which can authenticate successfully. :type token_bound_cidrs: list :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param wrap_ttl: Returns the request as a response-wrapping token. Can be either an integer number of seconds or a string duration of seconds (`15s`), minutes (`20m`), or hours (`25h`). :type wrap_ttl: int | str :return: The JSON response of the read_role_id request. :rtype: dict NQunsupported metadata argument provided "{arg}" ({arg_type}), required type: dict"rarg_typemetadata cidr_listr r1/v1/auth/{mount_point}/role/{role_name}/secret-idr=r!r"wrap_ttl isinstancer&rr#r$typer"dumpsr'rrrr*r+r,) r-r.rNrPr rrSr0r1r/rrr2r3r3r4generate_secret_ids8 zAppRole.generate_secret_idcCs|durt|tsd}t|j|t|dd|i} |r$t|| d<||d} | D]\} } t | | d| durAt | | | <q-t j d||d } |j j| | |d S) a Generates and issues a new Secret ID on a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/custom-secret-id. Produces: 200 application/json :param role_name: The name for the role. :type role_name: str | unicode :param secret_id: The Secret ID to read. :type secret_id: str | unicode :param metadata: Metadata to be tied to the Secret ID. :type metadata: dict :param cidr_list: Blocks of IP addresses which can perform login operations. :type cidr_list: list :param token_bound_cidrs: Blocks of IP addresses which can authenticate successfully. :type token_bound_cidrs: list :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param wrap_ttl: Returns the request as a response-wrapping token. Can be either an integer number of seconds or a string duration of seconds (`15s`), minutes (`20m`), or hours (`25h`). :type wrap_ttl: int | str :return: The JSON response of the read_role_id request. :rtype: dict NrKrL secret_idrNrOrz8/v1/auth/{mount_point}/role/{role_name}/custom-secret-idr=rRrT)r-r.rYrNrPr rrSr0r1r/rrr2r3r3r4create_custom_secret_id)s8" zAppRole.create_custom_secret_idcCrG)aO Read the properties of a Secret ID for a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/secret-id/lookup. Produces: 200 application/json :param role_name: The name for the role :type role_name: str | unicode :param secret_id: The Secret ID to read. :type secret_id: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict rYz8/v1/auth/{mount_point}/role/{role_name}/secret-id/lookupr=r rIr-r.rYrr1r2r3r3r4read_secret_idlzAppRole.read_secret_idcCrG)a Destroys a Secret ID for a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/secret-id/destroy. Produces 204 (empty body) :param role_name: The name for the role :type role_name: str | unicode :param secret_id: The Secret ID to read. :type secret_id: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode rYz9/v1/auth/{mount_point}/role/{role_name}/secret-id/destroyr=r rIr[r3r3r4destroy_secret_idszAppRole.destroy_secret_idcCr;)a Lists accessors of all issued Secret IDs for a role in the auth method. Supported methods: LIST: /auth/{mount_point}/role/{role_name}/secret-id. Produces: 200 application/json :param role_name: The name for the role :type role_name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict rQr=r7r8r@r3r3r4list_secret_id_accessorsrBz AppRole.list_secret_id_accessorscCrG)a{ Read the properties of a Secret ID for a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/secret-id-accessor/lookup. Produces: 200 application/json :param role_name: The name for the role :type role_name: str | unicode :param secret_id_accessor: The accessor for the Secret ID to read. :type secret_id_accessor: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict secret_id_accessorzA/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/lookupr=r rIr-r.r`rr1r2r3r3r4read_secret_id_accessorszAppRole.read_secret_id_accessorcCrG)a Destroys a Secret ID for a role in the auth method. Supported methods: POST: /auth/{mount_point}/role/{role_name}/secret-id-accessor/destroy. Produces: 204 (empty body) :param role_name: The name for the role :type role_name: str | unicode :param secret_id_accessor: The accessor for the Secret ID to read. :type secret_id_accessor: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode r`zB/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/destroyr=r rIrar3r3r4destroy_secret_id_accessorr]z"AppRole.destroy_secret_id_accessorTcCs*||d}tjd|d}|jj|||dS)a Login with APPROLE credentials. Supported methods: POST: /auth/{mount_point}/login. Produces: 200 application/json :param role_id: Role ID of the role. :type role_id: str | unicode :param secret_id: Secret ID of the role. :type secret_id: str | unicode :param use_token: if True, uses the token in the response received from the auth request to set the "token" attribute on the the :py:meth:`hvac.adapters.Adapter` instance under the _adapter Client attribute. :type use_token: bool :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the read_role_id request. :rtype: dict )rHrYz/v1/auth/{mount_point}/loginr6)r! use_tokenr")rr*r+login)r-rHrYrdrr1r2r3r3r4res z AppRole.login)__name__ __module__ __qualname____doc__rr5r:rArDrFrJrXrZr\r^r_rbrcrer3r3r3r4r sX t     C C    r )rir"hvacrrhvac.api.vault_api_baserhvac.constants.approlerr hvac.utilsrrr r3r3r3r4s