#!/usr/bin/env python
"""Support for "Audit"-related System Backend Methods."""
from hvac import utils
from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin
[docs]class Audit(SystemBackendMixin):
[docs] def list_enabled_audit_devices(self):
"""List enabled audit devices.
It does not list all available audit devices.
This endpoint requires sudo capability in addition to any path-specific capabilities.
Supported methods:
GET: /sys/audit. Produces: 200 application/json
:return: JSON response of the request.
:rtype: dict
"""
return self._adapter.get("/v1/sys/audit")
[docs] def enable_audit_device(
self, device_type, description=None, options=None, path=None, local=None
):
"""Enable a new audit device at the supplied path.
The path can be a single word name or a more complex, nested path.
Supported methods:
PUT: /sys/audit/{path}. Produces: 204 (empty body)
:param device_type: Specifies the type of the audit device.
:type device_type: str | unicode
:param description: Human-friendly description of the audit device.
:type description: str | unicode
:param options: Configuration options to pass to the audit device itself. This is
dependent on the audit device type.
:type options: str | unicode
:param path: Specifies the path in which to enable the audit device. This is part of
the request URL.
:type path: str | unicode
:param local: Specifies if the audit device is a local only.
:type local: bool
:return: The response of the request.
:rtype: requests.Response
"""
if path is None:
path = device_type
params = {
"type": device_type,
}
params.update(
utils.remove_nones(
{
"description": description,
"options": options,
"local": local,
}
)
)
api_path = utils.format_url("/v1/sys/audit/{path}", path=path)
return self._adapter.post(url=api_path, json=params)
[docs] def disable_audit_device(self, path):
"""Disable the audit device at the given path.
Supported methods:
DELETE: /sys/audit/{path}. Produces: 204 (empty body)
:param path: The path of the audit device to delete. This is part of the request URL.
:type path: str | unicode
:return: The response of the request.
:rtype: requests.Response
"""
api_path = utils.format_url("/v1/sys/audit/{path}", path=path)
return self._adapter.delete(
url=api_path,
)
[docs] def calculate_hash(self, path, input_to_hash):
"""Hash the given input data with the specified audit device's hash function and salt.
This endpoint can be used to discover whether a given plaintext string (the input parameter) appears in the
audit log in obfuscated form.
Supported methods:
POST: /sys/audit-hash/{path}. Produces: 204 (empty body)
:param path: The path of the audit device to generate hashes for. This is part of the request URL.
:type path: str | unicode
:param input_to_hash: The input string to hash.
:type input_to_hash: str | unicode
:return: The JSON response of the request.
:rtype: requests.Response
"""
params = {
"input": input_to_hash,
}
api_path = utils.format_url("/v1/sys/audit-hash/{path}", path=path)
return self._adapter.post(url=api_path, json=params)