예제 #1
0
def get_client(obj):
    client = Client(
        **{k: v
           for k, v in obj.VAULT_FOR_DYNACONF.items() if v is not None})
    if obj.VAULT_ROLE_ID_FOR_DYNACONF is not None:
        client.auth_approle(
            role_id=obj.VAULT_ROLE_ID_FOR_DYNACONF,
            secret_id=obj.get("VAULT_SECRET_ID_FOR_DYNACONF"),
        )
    elif obj.VAULT_ROOT_TOKEN_FOR_DYNACONF is not None:
        client.token = obj.VAULT_ROOT_TOKEN_FOR_DYNACONF
    elif obj.VAULT_AUTH_WITH_IAM_FOR_DYNACONF:
        if boto3 is None:
            raise ImportError(
                "boto3 package is not installed in your environment. "
                "`pip install boto3` or disable the VAULT_AUTH_WITH_IAM")

        session = boto3.Session()
        credentials = session.get_credentials()
        client.auth.aws.iam_login(
            credentials.access_key,
            credentials.secret_key,
            credentials.token,
            role=obj.VAULT_AUTH_ROLE_FOR_DYNACONF,
        )
    assert client.is_authenticated(), (
        "Vault authentication error: is VAULT_TOKEN_FOR_DYNACONF or "
        "VAULT_ROLE_ID_FOR_DYNACONF defined?")
    client.kv.default_kv_version = obj.VAULT_KV_VERSION_FOR_DYNACONF
    return client
예제 #2
0
 def _auth_approle(self, _client: hvac.Client) -> None:
     if self.auth_mount_point:
         _client.auth_approle(
             role_id=self.role_id, secret_id=self.secret_id, mount_point=self.auth_mount_point
         )
     else:
         _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id)
예제 #3
0
def get_client(obj):
    client = Client(
        **{k: v
           for k, v in obj.VAULT_FOR_DYNACONF.items() if v is not None})
    if obj.VAULT_ROLE_ID_FOR_DYNACONF is not None:
        client.auth_approle(
            role_id=obj.VAULT_ROLE_ID_FOR_DYNACONF,
            secret_id=obj.get("VAULT_SECRET_ID_FOR_DYNACONF"),
        )
    assert client.is_authenticated(), (
        "Vault authentication error: is VAULT_TOKEN_FOR_DYNACONF or "
        "VAULT_ROLE_ID_FOR_DYNACONF defined?")
    return client
예제 #4
0
    def test_auth_approle(self, test_label, mount_point, role_id, secret_id, requests_mocker):
        expected_status_code = 200
        mock_response = {
            "auth": {
                "accessor": "f8b576f9-9146-4173-e174-40257d58015a",
                "client_token": "3db3d089-7d3c-f531-cd3e-bfe44696a92c",
                "lease_duration": 600,
                "metadata": {
                    "role_name": "application1"
                },
                "policies": [
                    "default"
                ],
                "renewable": True
            },
            "data": None,
            "lease_duration": 0,
            "lease_id": "",
            "renewable": False,
            "request_id": "2eb635ad-a763-926a-9815-4cb4d14a40f9",
            "warnings": None,
            "wrap_info": None
        }
        mock_url = 'http://localhost:8200/v1/auth/{0}/login'.format(
            'approle' if mount_point is None else mount_point,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )
        client = Client()
        if mount_point is None:
            actual_response = client.auth_approle(
                role_id=role_id,
                secret_id=secret_id,
            )
        else:
            actual_response = client.auth_approle(
                role_id=role_id,
                secret_id=secret_id,
                mount_point=mount_point,
            )

        self.assertEquals(
            first=mock_response,
            second=actual_response,
        )
예제 #5
0
 def _auth_approle(self, _client: hvac.Client) -> None:
     _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id)