1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
Token
=====
Authentication
--------------
.. code:: python
# Token
client.token = 'MY_TOKEN'
assert client.is_authenticated() # => True
Token Management
----------------
Token creation and revocation:
.. code:: python
token = client.auth.token.create(policies=['root'], ttl='1h')
current_token = client.auth.token.lookup_self()
some_other_token = client.auth.token.lookup('xxx')
client.auth.token.revoke('xxx')
client.auth.token.revoke('yyy', orphan=True)
# revoke current token
client.auth.token.revoke_self()
# logout and revoke current token
client.logout(revoke_token=True)
client.auth.token.renew('aaa')
Lookup and revoke tokens via a token accessor:
.. code:: python
token = client.auth.token.create(policies=['root'], ttl='1h')
token_accessor = token['auth']['accessor']
same_token = client.auth.token.lookup(token_accessor, accessor=True)
client.auth.token.revoke(token_accessor, accessor=True)
Wrapping/unwrapping a token:
.. code:: python
wrap = client.auth.token.create(policies=['root'], ttl='1h', wrap_ttl='1m')
result = client.sys.unwrap(wrap['wrap_info']['token'])
Login with a wrapped token:
.. code:: python
wrap = client.auth.token.create(policies=['root'], ttl='1h', wrap_ttl='1m')
new_client = hvac.Client()
new_client.auth_cubbyhole(wrap['wrap_info']['token'])
assert new_client.token != wrapped_token['wrap_info']['token']
|
