def decrypt(self, key, ciphertext, context=None):
"""Decrypts the provided ciphertext using the named key.
Parameters:
key (str): The transit key
ciphertext (str): The ciphertext to decrypt,
provided as returned by encrypt.
context (bool): Context for key derivation. Required for
derived keys.
Returns:
Value
"""
method = 'POST'
path = self.path('decrypt', key)
data = {'ciphertext': ciphertext,
'context': base64_encode(context) if context else None}
try:
response = yield from self.req_handler(method, path, json=data)
result = yield from response.json()
except InvalidRequest as error:
raise ValueError(error.errors.pop())
result = Value(**result)
result['plaintext'] = base64_decode(result['plaintext'])
return result
def creds(self, name):
"""Generates a new set of dynamic credentials based on the named role.
Parameters:
name (str): The role name
"""
method = 'GET'
path = self.path('creds', name)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def read_cert(self, name):
"""Read certificate
Parameters:
name (str): The name of the certificate
"""
method = 'GET'
path = self.path('certs', name)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def creds(self, name):
"""Generates a dynamic Consul token based on the role definition.
Parameters:
name (str): The role name
Results:
Value
"""
method = 'GET'
path = self.path('creds', name)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def read_user(self, user):
"""Read user.
Parameters:
user (str): The user name
Returns:
Value
"""
user = extract_id(user)
method = 'GET'
path = self.path('map', 'user-id', user)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def read_app(self, app):
"""Read app.
Parameters:
app (str): The application ID
Returns:
Value
"""
app = extract_id(app)
method = 'GET'
path = self.path('map', 'app-id', app)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def read_role(self, name):
"""Queries the role definition.
Parameters:
name (str): The role name
"""
method = 'GET'
path = self.path('roles', name)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % name)
def read_group(self, name):
"""Show group.
Parameters:
name (str): Name of the LDAP group
Returns:
Value
"""
method = 'GET'
path = self.path('groups', name)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % name)
def read(self, key):
"""Reads the value of the key at the given path.
Parameters:
key (str): The key to read
Returns:
Value: The key value
"""
method = 'GET'
path = self.path(key)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % key)
def renew(self, lease_id, increment=None):
"""Renew a secret, requesting to extend the lease.
Parameters:
lease_id (str): The lease id
increment (int): A requested amount of time in seconds
to extend the lease. This is advisory.
Returns:
Value
"""
method = 'PUT'
path = '/sys/renew/%s' % lease_id
data = {'increment': format_duration(increment)}
response = yield from self.req_handler(method, path, data=data)
result = yield from response.json()
return Value(**result)
def creds(self, name):
"""Generates a new set of dynamic credentials based on the named role.
This path reads database credentials for a certain role. The database
credentials will be generated on demand and will be automatically
revoked when the lease is up.
Parameters:
name (str): The role name
Returns:
Value
"""
method = 'GET'
path = self.path('creds', name)
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
def read(self, key):
"""Reads the value of the key at the given path.
Parameters:
path (str): The key name
Returns:
Value: The key value
"""
method = 'GET'
path = self.path(key)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
with suppress(KeyError):
result['data']['value'] = json.loads(result['data']['value'])
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % path)
def read_key(self, name):
"""Returns information about a named encryption key.
This is a root protected endpoint.
Parameters:
name (str): The transit key
Returns:
Value
"""
method = 'GET'
path = self.path('keys', name)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % name)
def read_raw(self, name):
"""Fetch raw keys for named encryption keys.
This path is used to get the underlying encryption keys used
for the named keys that are available
Parameters:
name (str): The transit key
Returns:
Value
"""
method = 'GET'
path = self.path('raw', name)
try:
response = yield from self.req_handler(method, path)
result = yield from response.json()
return Value(**result)
except InvalidPath:
raise KeyError('%r does not exists' % name)
def encrypt(self, key, plaintext, context=None):
"""Encrypts the provided plaintext using the named key.
Parameters:
key (str): The transit key
plaintext (str): The plaintext to encrypt
context (str): Context for key derivation. Required for
derived keys.
Returns:
Value
"""
method = 'POST'
path = self.path('encrypt', key)
data = {'plaintext': base64_encode(plaintext),
'context': base64_encode(context) if context else None}
try:
response = yield from self.req_handler(method, path, json=data)
result = yield from response.json()
return Value(**result)
except InvalidRequest as error:
raise ValueError(error.errors.pop())
