def config_lease(self, *, lease, lease_max):
"""Configures the lease settings for generated credentials.
This configures the default lease information used for credentials
generated by this backend. The lease specifies the duration that a
credential will be valid for, as well as the maximum session for
a set of credentials.
The format for the lease is "1h" or integer and then unit. The longest
unit is hour.
Parameters:
lease (str): The lease value provided as a string duration with
time suffix. Hour is the largest suffix.
lease_max (str): The maximum lease value provided as a string
duration with time suffix. Hour is the largest
suffix.
Returns:
bool
"""
method = 'POST'
path = self.path('config/lease')
data = {
'lease': format_duration(lease),
'lease_max': format_duration(lease_max)
}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def config_lease(self, *, lease, lease_max):
"""Configures the lease settings for generated credentials.
This configures the default lease information used for credentials
generated by this backend. The lease specifies the duration that a
credential will be valid for, as well as the maximum session for
a set of credentials.
The format for the lease is "1h" or integer and then unit. The longest
unit is hour.
Parameters:
lease (str): The lease value provided as a string duration with
time suffix. Hour is the largest suffix.
lease_max (str): The maximum lease value provided as a string
duration with time suffix. Hour is the largest
suffix.
Returns:
bool
"""
method = 'POST'
path = self.path('config/lease')
data = {'lease': format_duration(lease),
'lease_max': format_duration(lease_max)}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def write_cert(self,
name,
*,
certificate,
display_name=None,
policies=None,
lease=None):
"""Write certificate
Parameters:
name (str): The name of the certificate
certificate (str): The public certificate that should be trusted.
Must be x509 PEM encoded
display_name (str): The display name to use for clients using this
certificate
policies (list): The policies
lease (str): Lease time in seconds. Defaults to 1 hour
"""
method = 'POST'
path = self.path('certs', name)
data = {
'policies': format_policies(policies),
'display_name': display_name,
'certificate': certificate,
'lease': format_duration(lease)
}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def config_lease(self, lease, lease_max):
"""Configures the lease settings for generated credentials.
If not configured, leases default to 1 hour.
This is a root protected endpoint.
Parameters:
lease (str): The lease value provided as a string duration
with time suffix. Hour is the largest suffix.
lease_max (str): The maximum lease value provided as a string
duration with time suffix. Hour is the largest
suffix.
"""
method = 'POST'
path = self.path('config/lease')
data = {'lease': format_duration(lease),
'lease_max': format_duration(lease_max)}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def config_lease(self, lease, lease_max):
"""Configures the lease settings for generated credentials.
If not configured, leases default to 1 hour.
This is a root protected endpoint.
Parameters:
lease (str): The lease value provided as a string duration
with time suffix. Hour is the largest suffix.
lease_max (str): The maximum lease value provided as a string
duration with time suffix. Hour is the largest
suffix.
"""
method = 'POST'
path = self.path('config/lease')
data = {
'lease': format_duration(lease),
'lease_max': format_duration(lease_max)
}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def write_role(self, name, *, policy, lease=None):
"""Creates or updates the Consul role definition.
Parameters:
name (str): The role name
policy (str): The Consul ACL policy.
Returns:
bool
"""
method = 'POST'
path = self.path('roles', name)
data = {'policy': base64_encode(policy),
'lease': format_duration(lease)}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def renew(self, lease_id, increment=None):
"""Renew a secret, requesting to extend the lease.
Parameters:
lease_id (str): The lease id
increment (int): A requested amount of time in seconds
to extend the lease. This is advisory.
Returns:
Value
"""
method = 'PUT'
path = '/sys/renew/%s' % lease_id
data = {'increment': format_duration(increment)}
response = yield from self.req_handler(method, path, data=data)
result = yield from response.json()
return Value(**result)
def renew(self, lease_id, increment=None):
"""Renew a secret, requesting to extend the lease.
Parameters:
lease_id (str): The lease id
increment (int): A requested amount of time in seconds
to extend the lease. This is advisory.
Returns:
Value
"""
method = 'PUT'
path = '/sys/renew/%s' % lease_id
data = {'increment': format_duration(increment)}
response = yield from self.req_handler(method, path, data=data)
result = yield from response.json()
return Value(**result)
def write_role(self, name, *, policy, lease=None):
"""Creates or updates the Consul role definition.
Parameters:
name (str): The role name
policy (str): The Consul ACL policy.
Returns:
bool
"""
method = 'POST'
path = self.path('roles', name)
data = {
'policy': base64_encode(policy),
'lease': format_duration(lease)
}
response = yield from self.req_handler(method, path, json=data)
return ok(response)
def create(self, *, id=None, policies=None, metadata=None, no_parent=None,
lease=None, display_name=None, num_uses=None):
"""Creates a new token.
Certain options are only available to when called by a root token.
Parameters:
id (str): The ID of the client token. Can only be specified by a
root token. Otherwise, the token ID is a randomly
generated UUID.
policies (list): A list of policies for the token. This must be a
subset of the policies belonging to the token
making the request, unless root. If not specified,
defaults to all the policies of the calling token.
metadata (dict): A map of string to string valued metadata.
This is passed through to the audit backends.
no_parent (bool): If true and set by a root caller, the token will
not have the parent token of the caller. This
creates a token with no parent.
lease (str): The lease period of the token, provided as "1h", where
hour is the largest suffix. If not provided, the token
is valid indefinitely.
display_name (str): The display name of the token. Defaults to
"token".
num_uses (int): The maximum uses for the given token. This can be
used to create a one-time-token or limited use
token. Defaults to no limit.
Returns:
LoginToken: The client token
"""
method = 'POST'
path = self.token_path('create')
data = {'id': id,
'policies': policies,
'metadata': metadata,
'no_parent': no_parent,
'lease': format_duration(lease),
'display_name': display_name,
'num_uses': num_uses}
response = yield from self.req_handler(method, path, json=data)
result = yield from response.json()
return LoginToken(**result)