o |nh,@s4dZddlmZddlmZdZGdddeZdS)zOkta methods module.)utils) VaultApiBaseoktac@seZdZdZdddddefddZefddZefddZddefd d Zefd d Z efd dZ efddZ defddZ efddZ efddZdefddZdS)OktazaOkta Auth Method (API). Reference: https://www.vaultproject.io/api/auth/okta/index.html Nc CsBd|i}|t|||||dtjd|d} |jj| |dS)aConfigure the connection parameters for Okta. This path honors the distinction between the create and update capabilities inside ACL policies. Supported methods: POST: /auth/{mount_point}/config. Produces: 204 (empty body) :param org_name: Name of the organization to be used in the Okta API. :type org_name: str | unicode :param api_token: Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled. :type api_token: str | unicode :param base_url: If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com. :type base_url: str | unicode :param ttl: Duration after which authentication will be expired. :type ttl: str | unicode :param max_ttl: Maximum duration after which authentication will be expired. :type max_ttl: str | unicode :param bypass_okta_mfa: Whether to bypass an Okta MFA request. Useful if using one of Vault's built-in MFA mechanisms, but this will also cause certain other statuses to be ignored, such as PASSWORD_EXPIRED. :type bypass_okta_mfa: bool :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the request. :rtype: requests.Response org_name) api_tokenbase_urlttlmax_ttlbypass_okta_mfa/v1/auth/{mount_point}/config mount_pointurljsonupdater remove_nones format_url_adapterpost) selfrrrr r r rparamsapi_pathrE/usr/local/lib/python3.10/dist-packages/hvac/api/auth_methods/okta.py configures&' zOkta.configurecCtjd|d}|jj|dS)aIRead the Okta configuration. Supported methods: GET: /auth/{mount_point}/config. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict r r rrrrgetrrrrrr read_configK  zOkta.read_configcCr)aZList the users configured in the Okta method. Supported methods: LIST: /auth/{mount_point}/users. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/auth/{mount_point}/usersr rrrrlistr"rrr list_users]r$zOkta.list_userscCs>d|i}|t||dtjd||d}|jj||dS)aRegister a new user and maps a set of policies to it. Supported methods: POST: /auth/{mount_point}/users/{username}. Produces: 204 (empty body) :param username: Name of the user. :type username: str | unicode :param groups: List or comma-separated string of groups associated with the user. :type groups: list :param policies: List or comma-separated string of policies associated with the user. :type policies: list :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the request. :rtype: requests.Response username)groupspolicies'/v1/auth/{mount_point}/users/{username}rr(rr)rr(r)r*rrrrrr register_useros$zOkta.register_usercC(d|i}tjd||d}|jj||dS)aRead the properties of an existing username. Supported methods: GET: /auth/{mount_point}/users/{username}. Produces: 200 application/json :param username: Username for this user. :type username: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict r(r+r,rr rr(rrrrrr read_userzOkta.read_usercCr.)aDelete an existing username from the method. Supported methods: DELETE: /auth/{mount_point}/users/{username}. Produces: 204 (empty body) :param username: Username for this user. :type username: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the request. :rtype: requests.Response r(r+r,rrrrdeleter/rrr delete_userr1zOkta.delete_usercCr)a\List the groups configured in the Okta method. Supported methods: LIST: /auth/{mount_point}/groups. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/auth/{mount_point}/groupsr rr%r"rrr list_groupsr$zOkta.list_groupscCs.td|i}tjd||d}|jj||dS)a=Register a new group and maps a set of policies to it. Supported methods: POST: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body) :param name: The name of the group. :type name: str | unicode :param policies: The list or comma-separated string of policies associated with the group. :type policies: list :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the request. :rtype: requests.Response r*$/v1/auth/{mount_point}/groups/{name}rnamer)rrrrr)rr8r*rrrrrrregister_groupszOkta.register_groupcCstjd||d}|jj|dS)aRead the properties of an existing group. Supported methods: GET: /auth/{mount_point}/groups/{name}. Produces: 200 application/json :param name: The name for the group. :type name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict r6r7rr )rr8rrrrr read_groups zOkta.read_groupcCr.)aDelete an existing group from the method. Supported methods: DELETE: /auth/{mount_point}/groups/{name}. Produces: 204 (empty body) :param name: The name for the group. :type name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the request. :rtype: requests.Response r8r6r7rr2)rr8rrrrrr delete_groupr1zOkta.delete_groupTcCs,||d}tjd||d}|jj|||dS)aLogin with the username and password. Supported methods: POST: /auth/{mount_point}/login/{username}. Produces: 200 application/json :param username: Username for this user. :type username: str | unicode :param password: Password for the authenticating user. :type password: str | unicode :param use_token: if True, uses the token in the response received from the auth request to set the "token" attribute on the :py:meth:`hvac.adapters.Adapter` instance under the _adapter Client attribute. :type use_token: bool :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The response of the login request. :rtype: dict )r(passwordz'/v1/auth/{mount_point}/login/{username}r,)r use_tokenr)rrrlogin)rr(r<r=rrrrrrr>+sz Okta.login)__name__ __module__ __qualname____doc__DEFAULT_MOUNT_POINTrr#r'r-r0r4r5r9r:r;r>rrrrr s* <  (    rN)rBhvacrhvac.api.vault_api_baserrCrrrrrs