Azureο
Note
Every method under the Client class's azure attribute
includes a mount_point parameter that can be used to address the Azure auth method under a custom mount path. E.g., If enabling the Azure auth method using Vaultβs CLI commands via vault auth enable -path=my-azure azureβ, the mount_point parameter in hvac.api.auth_methods.Azure()
methods would be set to βmy-azureβ.
Enabling the Auth Methodο
hvac.api.SystemBackend.enable_auth_method()
import hvac
client = hvac.Client()
azure_auth_path = 'company-azure'
description = 'Auth method for use by team members in our company's Azure organization'
if '%s/' % azure_auth_path not in client.sys.list_auth_methods()['data']:
print('Enabling the azure auth backend at mount_point: {path}'.format(
path=azure_auth_path,
))
client.sys.enable_auth_method(
method_type='azure',
description=description,
path=azure_auth_path,
)
Configureο
hvac.api.auth_methods.Azure.configure()
import os
import hvac
client = hvac.Client()
client.auth.azure.configure(
tenant_id='my-tenant-id'
resource='my-resource',
client_id=os.environ.get('AZURE_CLIENT_ID'),
client_secret=os.environ.get('AZURE_CLIENT_SECRET'),
)
Read Configο
hvac.api.auth_methods.Azure.read_config()
import hvac
client = hvac.Client()
read_config = client.auth.azure.read_config()
print('The configured tenant_id is: {id}'.format(id=read_config['tenant_id'))
Delete Configο
hvac.api.auth_methods.Azure.delete_config()
import hvac
client = hvac.Client()
client.auth.azure.delete_config()
Create a Roleο
hvac.api.auth_methods.Azure.create_role()
import hvac
client = hvac.Client()
client.auth.azure.create_role(
name='my-role',
policies=policies,
bound_service_principal_ids=bound_service_principal_ids,
)
Read A Roleο
hvac.api.auth_methods.Azure.read_role()
import hvac
client = hvac.Client()
role_name = 'my-role'
read_role_response = client.auth.azure.read_role(
name=role_name,
)
print('Policies for role "{name}": {policies}'.format(
name='my-role',
policies=','.join(read_role_response['policies']),
))
List Rolesο
hvac.api.auth_methods.Azure.list_roles()
import hvac
client = hvac.Client()
roles = client.auth.azure.list_roles()
print('The following Azure auth roles are configured: {roles}'.format(
roles=','.join(roles['keys']),
))
Delete A Roleο
hvac.api.auth_methods.Azure.delete_role()
import hvac
client = hvac.Client()
client.auth.azure.delete_role(
name='my-role',
)
Loginο
hvac.api.auth_methods.Azure.login()
import hvac
client = hvac.Client()
client.auth.azure.login(
role=role_name,
jwt='Some MST JWT...',
)
client.is_authenticated # ==> returns True