GitHubο
Note
Every method under the Client class's github attribute
includes a mount_point parameter that can be used to address the Github auth method under a custom mount path. E.g., If enabling the Github auth method using Vaultβs CLI commands via vault auth enable -path=my-github githubβ, the mount_point parameter in hvac.api.auth_methods.Github()
methods would be set to βmy-githubβ.
Enabling the Auth Methodο
hvac.api.SystemBackend.enable_auth_method()
import hvac
client = hvac.Client()
github_auth_path = 'company-github'
description = 'Auth method for use by team members in our company's Github organization'
if '%s/' % github_auth_path not in vault_client.sys.list_auth_methods()['data']:
print('Enabling the github auth backend at mount_point: {path}'.format(
path=github_auth_path,
))
client.sys.enable_auth_method(
method_type='github',
description=description,
path=github_auth_path,
)
Configure Connection Parametersο
hvac.api.auth_methods.Github.configure()
import hvac
client = hvac.Client()
client.auth.github.configure(
organization='our-lovely-company',
max_ttl='48h', # i.e., A given token can only be renewed for up to 48 hours
)
Reading Configurationο
hvac.api.auth_methods.Github.read_configuration()
import hvac
client = hvac.Client()
github_config = client.auth.github.read_configuration()
print('The Github auth method is configured with a ttl of: {ttl}'.format(
ttl=github_config['data']['ttl']
)
Mapping Teams to Policiesο
hvac.api.auth_methods.Github.map_team()
import hvac
client = hvac.Client()
teams = [
dict(name='some-dev-team', policies=['dev-team']),
dict(name='admin-team', policies=['administrator']),
]
for team in teams:
client.auth.github.map_team(
team_name=team['name'],
policies=team['policies'],
)
Reading Team Mappingsο
hvac.api.auth_methods.Github.read_team_mapping()
import hvac
client = hvac.Client()
team_name = 'my-super-cool-team'
github_config = client.auth.github.read_team_mapping(
team_name=team_name,
)
print('The Github team {team} is mapped to the following policies: {policies}'.format(
team=team_name,
policies=github_config['data']['value'],
)
Mapping Users to Policiesο
hvac.api.auth_methods.Github.map_user()
import hvac
client = hvac.Client()
users = [
dict(name='some-dev-user', policies=['dev-team']),
dict(name='some-admin-user', policies=['administrator']),
]
for user in users:
client.auth.github.map_user(
user_name=user['name'],
policies=user['policies'],
)
Reading User Mappingsο
hvac.api.auth_methods.Github.read_user_mapping()
import hvac
client = hvac.Client()
user_name = 'some-dev-user'
github_config = client.auth.github.read_user_mapping(
user_name=user_name,
)
print('The Github user "{user}" is mapped to the following policies: {policies}'.format(
user=user_name,
policies=github_config['data']['value'],
)
Authentication / Loginο
hvac.api.auth_methods.Github.login()
Log in and automatically update the underlying βtokenβ attribute on the hvac.adapters.Adapter()
instance:
import hvac
client = hvac.Client()
login_response = client.auth.github.login(token='some personal github token')