Oktaο
Note
Every method under the Client class's okta attribute
includes a mount_point parameter that can be used to address the Okta auth method under a custom mount path. E.g., If enabling the Okta auth method using Vaultβs CLI commands via vault secret enable -path=my-okta oktaβ, the mount_point parameter in Source reference: hvac.api.auth_methods.Okta()
methods would be set to βmy-oktaβ.
Enabling the Auth Methodο
Source reference: hvac.v1.client.sys.enable_secrets_engine()
import hvac
client = hvac.Client()
okta_path = 'company-okta'
description = 'Auth method for use by team members in our company's Okta organization'
if '%s/' % okta_path not in vault_client.sys.list_auth_methods()['data']:
print('Enabling the okta secret backend at mount_point: {path}'.format(
path=okta_secret_path,
))
client.sys.enable_auth_method(
method_type='okta',
description=description,
path=okta_secret_path,
)
Configureο
Source reference: hvac.api.auth_methods.Okta.configure()
import hvac
client = hvac.Client()
client.auth.okta.configure(
org_name='hvac-project'
)
Read Configο
Source reference: hvac.api.auth_methods.Okta.read_config()
import hvac
client = hvac.Client()
okta_config = client.auth.okta.read_config()
print('The Okta auth method at path /okta has a configured organization name of: {name}'.format(
name=okta_config['data']['org_name'],
))
List Usersο
Source reference: hvac.api.auth_methods.Okta.list_users()
import hvac
client = hvac.Client()
users = client.auth.okta.list_users()
print('The following Okta users are registered: {users}'.format(
users=','.join(users['data']['keys']),
))
Register Userο
Source reference: hvac.api.auth_methods.Okta.register_user()
import hvac
client = hvac.Client()
client.auth.okta.register_user(
username='hvac-person',
policies=['hvac-admin'],
)
Read Userο
Source reference: hvac.api.auth_methods.Okta.read_user()
import hvac
client = hvac.Client()
read_user = client.auth.okta.read_user(
username='hvac-person',
)
print('Okta user "{name}" has the following attached policies: {policies}'.format(
name='hvac-person',
policies=', '.join(read_user['data']['policies'],
))
Delete Userο
Source reference: hvac.api.auth_methods.Okta.delete_user()
import hvac
client = hvac.Client()
client.auth.okta.delete_user(
username='hvac-person'
)
List Groupsο
Source reference: hvac.api.auth_methods.Okta.list_groups()
import hvac
client = hvac.Client()
groups = client.auth.okta.list_groups()
print('The following Okta groups are registered: {groups}'.format(
groups=','.join(groups['data']['keys']),
))
Register Groupο
Source reference: hvac.api.auth_methods.Okta.register_group()
import hvac
client = hvac.Client()
client.auth.okta.register_group(
name='hvac-group',
policies=['hvac-group-members'],
)
Read Groupο
Source reference: hvac.api.auth_methods.Okta.read_group()
import hvac
client = hvac.Client()
read_group = client.auth.okta.read_group(
name='hvac-group',
)
print('Okta group "{name}" has the following attached policies: {policies}'.format(
name='hvac-group',
policies=', '.join(read_group['data']['policies'],
))
Delete Groupο
Source reference: hvac.api.auth_methods.Okta.delete_group()
import hvac
client = hvac.Client()
client.auth.okta.delete_group(
name='hvac-group',
)
Loginο
Source reference: hvac.api.auth_methods.Okta.login()
from getpass import getpass
import hvac
client = hvac.Client()
password_prompt = 'Please enter your password for the Okta authentication backend: '
okta_password = getpass(prompt=password_prompt)
client.auth.okta.login(
username='hvac-person',
password=okta_password,
)