def destroy(self, acl_id):
"""Delete the specified ACL
:param str acl_id: The ACL id
:rtype: bool
:raises: consulate.exceptions.Forbidden
"""
response = self._adapter.put(self._build_uri(['destroy', acl_id]))
if response.status_code == 403:
raise exceptions.Forbidden(response.body)
return response.status_code == 200
def update(self, acl_id, name, acl_type='client', rules=None):
"""Update an existing ACL, updating its values or add a new ACL if
the ACL Id specified is not found.
:param str acl_id: The ACL id
:rtype: bool
:raises: consulate.exceptions.Forbidden
"""
payload = {'ID': acl_id, 'Name': name, 'Type': acl_type}
if rules:
payload['Rules'] = rules
response = self._adapter.put(self._build_uri(['update']), payload)
if response.status_code == 403:
raise exceptions.Forbidden(response.body)
return response.status_code == 200
def _get(self, params, query_params=None, raise_on_404=False):
"""Perform a GET request
:param list params: List of path parts
:param dict query_params: Build query parameters
"""
response = self._adapter.get(self._build_uri(params, query_params))
if response.status_code == 200:
return response.body
elif response.status_code == 401:
raise exceptions.ACLDisabled(response.body)
elif response.status_code == 403:
raise exceptions.Forbidden(response.body)
elif response.status_code == 404 and raise_on_404:
raise exceptions.NotFound(response.body)
return []
def response_ok(response, raise_on_404=False):
"""Evaluate the HTTP response and raise the appropriate exception if
required.
:param requests.response response: The HTTP response
:param bool raise_on_404: Raise an exception on 404 error
:rtype: bool
:raises: consulate.exceptions.ConsulateException
"""
if response.status_code == 200:
return True
elif response.status_code == 400:
raise exceptions.ClientError(_response_error(response))
elif response.status_code == 401:
raise exceptions.ACLDisabled(_response_error(response))
elif response.status_code == 403:
raise exceptions.Forbidden(_response_error(response))
elif response.status_code == 404 and raise_on_404:
raise exceptions.NotFound(_response_error(response))
elif response.status_code == 500:
raise exceptions.ServerError(_response_error(response))
return False
def create(self, name, acl_type='client', rules=None):
"""The create endpoint is used to make a new token. A token has a name,
a type, and a set of ACL rules.
The ``name`` property is opaque to Consul. To aid human operators, it
should be a meaningful indicator of the ACL's purpose.
``acl_type`` is either client or management. A management token is
comparable to a root user and has the ability to perform any action
including creating, modifying, and deleting ACLs.
By contrast, a client token can only perform actions as permitted by
the rules associated. Client tokens can never manage ACLs. Given this
limitation, only a management token can be used to make requests to
the create endpoint.
``rules`` is a HCL string defining the rule policy. See
`https://consul.io/docs/internals/acl.html`_ for more information on
defining rules.
The call to create will return the ID of the new ACL.
:param str name: The name of the ACL to create
:param str acl_type: One of "client" or "management"
:param str rules: The rules HCL string
:rtype: str
:raises: consulate.exceptions.Forbidden
"""
payload = {'Name': name, 'Type': acl_type}
if rules:
payload['Rules'] = rules
response = self._adapter.put(self._build_uri(['create']), payload)
if response.status_code == 403:
raise exceptions.Forbidden(response.body)
return response.body.get('ID') or None
