Policiesο
Read ACL Policyο
- Policies.read_acl_policy(name)[source]
Retrieve the policy body for the named acl policy.
- Supported methods:
GET: /sys/policies/acl/{name}. Produces: 200 application/json
- Parameters:
name (str | unicode) β The name of the acl policy to retrieve.
- Returns:
The response of the request
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
# Create ACL Policy
client.sys.create_or_update_acl_policy(
name="test-acl-policy", policy='path "sys/health" { capabilities = ["read", "sudo"]}',
)
client.sys.read_acl_policy("test-acl-policy")
Create or Update ACL Policyο
- Policies.create_or_update_acl_policy(name, policy, pretty_print=True)[source]
Add a new or update an existing acl policy.
Once a policy is updated, it takes effect immediately to all associated users.
- Supported methods:
PUT: /sys/policies/acl/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to create.
policy (str | unicode | dict) β Specifies the policy to create or update.
pretty_print (bool) β If True, and provided a dict for the policy argument, send the policy JSON to Vault with βprettyβ formatting.
- Returns:
The response of the request.
- Return type:
requests.Response
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
# Create ACL Policy
client.sys.create_or_update_acl_policy(
name="test-acl-policy", policy='path "sys/health" { capabilities = ["read", "sudo"]}',
)
# Update ACL Policy
client.sys.create_or_update_acl_policy(
name="test-acl-policy", policy='path "sys/health" { capabilities = ["read"]}',
)
List ACL Policiesο
- Policies.list_acl_policies()[source]
List all configured acl policies.
- Supported methods:
GET: /sys/policies/acl. Produces: 200 application/json
- Returns:
The JSON response of the request.
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.create_or_update_acl_policy(
name="test-acl-policy", policy='path "sys/health" { capabilities = ["read"]}',
)
client.sys.list_acl_policies()
Delete ACL Policyο
- Policies.delete_acl_policy(name)[source]
Delete the acl policy with the given name.
This will immediately affect all users associated with this policy.
- Supported methods:
DELETE: /sys/policies/acl/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to delete.
- Returns:
The response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_acl_policy("test-acl-policy")
Read RGP Policyο
- Policies.read_rgp_policy(name)[source]
Retrieve the policy body for the named rgp policy.
- Supported methods:
GET: /sys/policies/rgp/{name}. Produces: 200 application/json
- Parameters:
name (str | unicode) β The name of the rgp policy to retrieve.
- Returns:
The response of the request
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
client.sys.create_or_update_rgp_policy(
name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
)
client.sys.read_rgp_policy("test-rgp-policy")
Create or Update RGP Policyο
- Policies.create_or_update_rgp_policy(name, policy, enforcement_level)[source]
Add a new or update an existing rgp policy.
Once a policy is updated, it takes effect immediately to all associated users.
- Supported methods:
PUT: /sys/policies/rgp/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to create.
policy (str | unicode) β Specifies the policy to create or update.
enforcement_level (str | unicode) β Specifies the enforcement level to use. This must be one of advisory, soft-mandatory, or hard-mandatory
- Returns:
The response of the request.
- Return type:
requests.Response
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
# Create RGP Policy
client.sys.create_or_update_rgp_policy(
name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
)
# Update RGP Policy
client.sys.create_or_update_rgp_policy(
name="test-rgp-policy", policy=policy, enforcement_level="hard-mandatory",
)
List RGP Policiesο
- Policies.list_rgp_policies()[source]
List all configured rgp policies.
- Supported methods:
GET: /sys/policies/rgp. Produces: 200 application/json
- Returns:
The JSON response of the request.
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
client.sys.create_or_update_rgp_policy(
name="test-rgp-policy", policy=policy, enforcement_level="soft-mandatory"
)
client.sys.list_rgp_policies()
Delete RGP Policyο
- Policies.delete_rgp_policy(name)[source]
Delete the rgp policy with the given name.
This will immediately affect all users associated with this policy.
- Supported methods:
DELETE: /sys/policies/rgp/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to delete.
- Returns:
The response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_rgp_policy("test-rgp-policy")
Read EGP Policyο
- Policies.read_egp_policy(name)[source]
Retrieve the policy body for the named egp policy.
- Supported methods:
GET: /sys/policies/egp/{name}. Produces: 200 application/json
- Parameters:
name (str | unicode) β The name of the egp policy to retrieve.
- Returns:
The response of the request
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
# Create EGP Policy
client.sys.create_or_update_egp_policy(
name="test-egp-policy", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
)
client.sys.read_egp_policy("test-egp-policy")
Create or Update EGP Policyο
- Policies.create_or_update_egp_policy(name, policy, enforcement_level, paths)[source]
Add a new or update an existing egp policy.
Once a policy is updated, it takes effect immediately to all associated users.
- Supported methods:
PUT: /sys/policies/egp/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to create.
policy (str | unicode) β Specifies the policy to create or update.
enforcement_level (str | unicode) β Specifies the enforcement level to use. This must be one of advisory, soft-mandatory, or hard-mandatory
paths (list) β Specifies the paths on which this EGP should be applied.
- Returns:
The response of the request.
- Return type:
requests.Response
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
# Create EGP Policy
client.sys.create_or_update_egp_policy(
name="test-egp-policy", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
)
# Update EGP Policy
client.sys.create_or_update_egp_policy(
name="test-egp-policy", policy=policy, enforcement_level="hard-mandatory", paths=["/test"],
)
List EGP Policiesο
- Policies.list_egp_policies()[source]
List all configured egp policies.
- Supported methods:
GET: /sys/policies/egp. Produces: 200 application/json
- Returns:
The JSON response of the request.
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
policy = """import "time"
import "strings"
main = rule when not strings.has_prefix(request.path, "auth/ldap/login") {
time.load(token.creation_time).unix > time.load("2017-09-17T13:25:29Z").unix
}
"""
client.sys.create_or_update_egp_policy(
name="test-egp-policy1", policy=policy, enforcement_level="soft-mandatory", paths=["/test"]
)
client.sys.list_egp_policies()
Delete EGP Policyο
- Policies.delete_egp_policy(name)[source]
Delete the egp policy with the given name.
This will immediately affect all users associated with this policy.
- Supported methods:
DELETE: /sys/policies/egp/{name}. Produces: 204 (empty body)
- Parameters:
name (str | unicode) β Specifies the name of the policy to delete.
- Returns:
The response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url="https://127.0.0.1:8200")
client.sys.delete_egp_policy("test-egp-policy")