def get_client(obj): client = Client( **{k: v for k, v in obj.VAULT_FOR_DYNACONF.items() if v is not None}) if obj.VAULT_ROLE_ID_FOR_DYNACONF is not None: client.auth_approle( role_id=obj.VAULT_ROLE_ID_FOR_DYNACONF, secret_id=obj.get("VAULT_SECRET_ID_FOR_DYNACONF"), ) elif obj.VAULT_ROOT_TOKEN_FOR_DYNACONF is not None: client.token = obj.VAULT_ROOT_TOKEN_FOR_DYNACONF elif obj.VAULT_AUTH_WITH_IAM_FOR_DYNACONF: if boto3 is None: raise ImportError( "boto3 package is not installed in your environment. " "`pip install boto3` or disable the VAULT_AUTH_WITH_IAM") session = boto3.Session() credentials = session.get_credentials() client.auth.aws.iam_login( credentials.access_key, credentials.secret_key, credentials.token, role=obj.VAULT_AUTH_ROLE_FOR_DYNACONF, ) assert client.is_authenticated(), ( "Vault authentication error: is VAULT_TOKEN_FOR_DYNACONF or " "VAULT_ROLE_ID_FOR_DYNACONF defined?") client.kv.default_kv_version = obj.VAULT_KV_VERSION_FOR_DYNACONF return client
def _auth_approle(self, _client: hvac.Client) -> None: if self.auth_mount_point: _client.auth_approle( role_id=self.role_id, secret_id=self.secret_id, mount_point=self.auth_mount_point ) else: _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id)
def get_client(obj): client = Client( **{k: v for k, v in obj.VAULT_FOR_DYNACONF.items() if v is not None}) if obj.VAULT_ROLE_ID_FOR_DYNACONF is not None: client.auth_approle( role_id=obj.VAULT_ROLE_ID_FOR_DYNACONF, secret_id=obj.get("VAULT_SECRET_ID_FOR_DYNACONF"), ) assert client.is_authenticated(), ( "Vault authentication error: is VAULT_TOKEN_FOR_DYNACONF or " "VAULT_ROLE_ID_FOR_DYNACONF defined?") return client
def test_auth_approle(self, test_label, mount_point, role_id, secret_id, requests_mocker): expected_status_code = 200 mock_response = { "auth": { "accessor": "f8b576f9-9146-4173-e174-40257d58015a", "client_token": "3db3d089-7d3c-f531-cd3e-bfe44696a92c", "lease_duration": 600, "metadata": { "role_name": "application1" }, "policies": [ "default" ], "renewable": True }, "data": None, "lease_duration": 0, "lease_id": "", "renewable": False, "request_id": "2eb635ad-a763-926a-9815-4cb4d14a40f9", "warnings": None, "wrap_info": None } mock_url = 'http://localhost:8200/v1/auth/{0}/login'.format( 'approle' if mount_point is None else mount_point, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) client = Client() if mount_point is None: actual_response = client.auth_approle( role_id=role_id, secret_id=secret_id, ) else: actual_response = client.auth_approle( role_id=role_id, secret_id=secret_id, mount_point=mount_point, ) self.assertEquals( first=mock_response, second=actual_response, )
def _auth_approle(self, _client: hvac.Client) -> None: _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id)