1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
.. _azure-auth-method:
Azure
=====
.. note::
Every method under the :py:attr:`Client class's azure attribute<hvac.v1.Client.azure.auth>` includes a `mount_point` parameter that can be used to address the Azure auth method under a custom mount path. E.g., If enabling the Azure auth method using Vault's CLI commands via `vault auth enable -path=my-azure azure`", the `mount_point` parameter in :py:meth:`hvac.api.auth_methods.Azure` methods would be set to "my-azure".
Enabling the Auth Method
------------------------
:py:meth:`hvac.api.SystemBackend.enable_auth_method`
.. code:: python
import hvac
client = hvac.Client()
azure_auth_path = 'company-azure'
description = 'Auth method for use by team members in our company's Azure organization'
if '%s/' % azure_auth_path not in client.sys.list_auth_methods()['data']:
print('Enabling the azure auth backend at mount_point: {path}'.format(
path=azure_auth_path,
))
client.sys.enable_auth_method(
method_type='azure',
description=description,
path=azure_auth_path,
)
Configure
---------
:py:meth:`hvac.api.auth_methods.Azure.configure`
.. code:: python
import os
import hvac
client = hvac.Client()
client.auth.azure.configure(
tenant_id='my-tenant-id'
resource='my-resource',
client_id=os.environ.get('AZURE_CLIENT_ID'),
client_secret=os.environ.get('AZURE_CLIENT_SECRET'),
)
Read Config
-----------
:py:meth:`hvac.api.auth_methods.Azure.read_config`
.. code:: python
import hvac
client = hvac.Client()
read_config = client.auth.azure.read_config()
print('The configured tenant_id is: {id}'.format(id=read_config['tenant_id'))
Delete Config
-------------
:py:meth:`hvac.api.auth_methods.Azure.delete_config`
.. code:: python
import hvac
client = hvac.Client()
client.auth.azure.delete_config()
Create a Role
-------------
:py:meth:`hvac.api.auth_methods.Azure.create_role`
.. code:: python
import hvac
client = hvac.Client()
client.auth.azure.create_role(
name='my-role',
policies=policies,
bound_service_principal_ids=bound_service_principal_ids,
)
Read A Role
-----------
:py:meth:`hvac.api.auth_methods.Azure.read_role`
.. code:: python
import hvac
client = hvac.Client()
role_name = 'my-role'
read_role_response = client.auth.azure.read_role(
name=role_name,
)
print('Policies for role "{name}": {policies}'.format(
name='my-role',
policies=','.join(read_role_response['policies']),
))
List Roles
----------
:py:meth:`hvac.api.auth_methods.Azure.list_roles`
.. code:: python
import hvac
client = hvac.Client()
roles = client.auth.azure.list_roles()
print('The following Azure auth roles are configured: {roles}'.format(
roles=','.join(roles['keys']),
))
Delete A Role
-------------
:py:meth:`hvac.api.auth_methods.Azure.delete_role`
.. code:: python
import hvac
client = hvac.Client()
client.auth.azure.delete_role(
name='my-role',
)
Login
-----
:py:meth:`hvac.api.auth_methods.Azure.login`
.. code:: python
import hvac
client = hvac.Client()
client.auth.azure.login(
role=role_name,
jwt='Some MST JWT...',
)
client.is_authenticated # ==> returns True
|
