def raise_for_error(status_code, message=None, errors=None):
"""Helper method to raise exceptions based on the status code of a response received back from Vault.
:param status_code: Status code received in a response from Vault.
:type status_code: int
:param message: Optional message to include in a resulting exception.
:type message: str
:param errors: Optional errors to include in a resulting exception.
:type errors: list | str
:raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden |
hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError |
hvac.exceptions.VaultNotInitialized | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError
"""
if status_code == 400:
raise exceptions.InvalidRequest(message, errors=errors)
elif status_code == 401:
raise exceptions.Unauthorized(message, errors=errors)
elif status_code == 403:
raise exceptions.Forbidden(message, errors=errors)
elif status_code == 404:
raise exceptions.InvalidPath(message, errors=errors)
elif status_code == 429:
raise exceptions.RateLimitExceeded(message, errors=errors)
elif status_code == 500:
raise exceptions.InternalServerError(message, errors=errors)
elif status_code == 501:
raise exceptions.VaultNotInitialized(message, errors=errors)
elif status_code == 503:
raise exceptions.VaultDown(message, errors=errors)
else:
raise exceptions.UnexpectedError(message)
def revoke_token(self, token, orphan=False, accessor=False):
"""
POST /auth/token/revoke/<token>
POST /auth/token/revoke-orphan/<token>
POST /auth/token/revoke-accessor/<token-accessor>
"""
if accessor and orphan:
msg = "revoke_token does not support 'orphan' and 'accessor' flags together"
raise exceptions.InvalidRequest(msg)
elif accessor:
self._post('/v1/auth/token/revoke-accessor/{0}'.format(token))
elif orphan:
self._post('/v1/auth/token/revoke-orphan/{0}'.format(token))
else:
self._post('/v1/auth/token/revoke/{0}'.format(token))
def __raise_error(self, status_code, message=None, errors=None):
if status_code == 400:
raise exceptions.InvalidRequest(message, errors=errors)
elif status_code == 401:
raise exceptions.Unauthorized(message, errors=errors)
elif status_code == 403:
raise exceptions.Forbidden(message, errors=errors)
elif status_code == 404:
raise exceptions.InvalidPath(message, errors=errors)
elif status_code == 429:
raise exceptions.RateLimitExceeded(message, errors=errors)
elif status_code == 500:
raise exceptions.InternalServerError(message, errors=errors)
elif status_code == 503:
raise exceptions.VaultDown(message, errors=errors)
else:
raise exceptions.UnexpectedError(message)
def revoke_token(self, token, orphan=False, accessor=False):
"""
POST /auth/token/revoke
POST /auth/token/revoke-orphan
POST /auth/token/revoke-accessor
"""
if accessor and orphan:
msg = "revoke_token does not support 'orphan' and 'accessor' flags together"
raise exceptions.InvalidRequest(msg)
elif accessor:
params = { 'accessor': token }
self._post('/v1/auth/token/revoke-accessor', json=params)
elif orphan:
params = { 'token': token }
self._post('/v1/auth/token/revoke-orphan', json=params)
else:
params = { 'token': token }
self._post('/v1/auth/token/revoke', json=params)
def __request(self, method, url, headers=None, **kwargs):
url = self._url + url
if not headers:
headers = {}
if self.token:
headers['X-Vault-Token'] = self.token
_kwargs = self._kwargs.copy()
_kwargs.update(kwargs)
response = requests.request(method,
url,
headers=headers,
**_kwargs)
if response.status_code >= 400 and response.status_code < 600:
errors = response.json().get('errors')
if response.status_code == 400:
raise exceptions.InvalidRequest(errors=errors)
elif response.status_code == 401:
raise exceptions.Unauthorized(errors=errors)
elif response.status_code == 403:
raise exceptions.Forbidden(errors=errors)
elif response.status_code == 404:
raise exceptions.InvalidPath(errors=errors)
elif response.status_code == 429:
raise exceptions.RateLimitExceeded(errors=errors)
elif response.status_code == 500:
raise exceptions.InternalServerError(errors=errors)
elif response.status_code == 503:
raise exceptions.VaultDown(errors=errors)
else:
raise exceptions.UnexpectedError()
return response
