def decrypt(self, key, ciphertext, context=None): """Decrypts the provided ciphertext using the named key. Parameters: key (str): The transit key ciphertext (str): The ciphertext to decrypt, provided as returned by encrypt. context (bool): Context for key derivation. Required for derived keys. Returns: Value """ method = 'POST' path = self.path('decrypt', key) data = {'ciphertext': ciphertext, 'context': base64_encode(context) if context else None} try: response = yield from self.req_handler(method, path, json=data) result = yield from response.json() except InvalidRequest as error: raise ValueError(error.errors.pop()) result = Value(**result) result['plaintext'] = base64_decode(result['plaintext']) return result
def creds(self, name): """Generates a new set of dynamic credentials based on the named role. Parameters: name (str): The role name """ method = 'GET' path = self.path('creds', name) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def read_cert(self, name): """Read certificate Parameters: name (str): The name of the certificate """ method = 'GET' path = self.path('certs', name) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def creds(self, name): """Generates a dynamic Consul token based on the role definition. Parameters: name (str): The role name Results: Value """ method = 'GET' path = self.path('creds', name) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def read_user(self, user): """Read user. Parameters: user (str): The user name Returns: Value """ user = extract_id(user) method = 'GET' path = self.path('map', 'user-id', user) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def read_app(self, app): """Read app. Parameters: app (str): The application ID Returns: Value """ app = extract_id(app) method = 'GET' path = self.path('map', 'app-id', app) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def read_role(self, name): """Queries the role definition. Parameters: name (str): The role name """ method = 'GET' path = self.path('roles', name) try: response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % name)
def read_group(self, name): """Show group. Parameters: name (str): Name of the LDAP group Returns: Value """ method = 'GET' path = self.path('groups', name) try: response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % name)
def read(self, key): """Reads the value of the key at the given path. Parameters: key (str): The key to read Returns: Value: The key value """ method = 'GET' path = self.path(key) try: response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % key)
def renew(self, lease_id, increment=None): """Renew a secret, requesting to extend the lease. Parameters: lease_id (str): The lease id increment (int): A requested amount of time in seconds to extend the lease. This is advisory. Returns: Value """ method = 'PUT' path = '/sys/renew/%s' % lease_id data = {'increment': format_duration(increment)} response = yield from self.req_handler(method, path, data=data) result = yield from response.json() return Value(**result)
def creds(self, name): """Generates a new set of dynamic credentials based on the named role. This path reads database credentials for a certain role. The database credentials will be generated on demand and will be automatically revoked when the lease is up. Parameters: name (str): The role name Returns: Value """ method = 'GET' path = self.path('creds', name) response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result)
def read(self, key): """Reads the value of the key at the given path. Parameters: path (str): The key name Returns: Value: The key value """ method = 'GET' path = self.path(key) try: response = yield from self.req_handler(method, path) result = yield from response.json() with suppress(KeyError): result['data']['value'] = json.loads(result['data']['value']) return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % path)
def read_key(self, name): """Returns information about a named encryption key. This is a root protected endpoint. Parameters: name (str): The transit key Returns: Value """ method = 'GET' path = self.path('keys', name) try: response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % name)
def read_raw(self, name): """Fetch raw keys for named encryption keys. This path is used to get the underlying encryption keys used for the named keys that are available Parameters: name (str): The transit key Returns: Value """ method = 'GET' path = self.path('raw', name) try: response = yield from self.req_handler(method, path) result = yield from response.json() return Value(**result) except InvalidPath: raise KeyError('%r does not exists' % name)
def encrypt(self, key, plaintext, context=None): """Encrypts the provided plaintext using the named key. Parameters: key (str): The transit key plaintext (str): The plaintext to encrypt context (str): Context for key derivation. Required for derived keys. Returns: Value """ method = 'POST' path = self.path('encrypt', key) data = {'plaintext': base64_encode(plaintext), 'context': base64_encode(context) if context else None} try: response = yield from self.req_handler(method, path, json=data) result = yield from response.json() return Value(**result) except InvalidRequest as error: raise ValueError(error.errors.pop())