genvid.toolbox.VaultTool

Warning

This tool is considered in beta. The API is likely to change in the future releases.

class genvid.toolbox.VaultTool(vault_policies_folder: str = '', vault_roles_folder: str = '', **kwargs)

Bases: genvid.toolbox.consul.ConsulTool

A class for interfacing with Vault.

Warning: This class is considered in a beta stage.

DESCRIPTION = 'A tool for interfacing with vault.'
GENVID_VAULT_POLICIES_FOLDER = None

The environment variable pointing to a folder containing Vault policies.

GENVID_VAULT_TOKEN_ROLES_FOLDER = None

The environment variable pointing to a folder containing Vault token roles.

NAME = 'vault'
VAULT_ADDR = None

The environment variable with the Vault address (including the protocol).

VAULT_KEYS = None

The environment variable containing the comma-delimited Vault seal keys.

VAULT_TOKEN = None

The environment variable containing the Vault token used for authentication.

auth_vault()

Authorize the vault client with the current VAULT_TOKEN

create_vault_token(*, role=None, orphan=False, wrap_ttl=None, **properties)

Create a new token with the properties specified

create_vault_token_role(role, *, wrap_ttl=None, **properties)

Create a new token role with the properties specified.

get_vault_client_addr(timeout: float = 30.0)

Return the vault server address.

get_vault_client_url(timeout: float = 0, use_https: bool = False)

Return the vault server url.

init_vault(key_shares=1, key_threshold=1)

Initialize a vault.

This method will set the VAULT_TOKEN and VAULT_KEYS environment variable on success, overriding any value already present.

init_vault_client(timeout: float = 30.0)

Initialize the vault client

The client is initialized using :attr:VAULT_ADDR. If its empty, the discovery service is queried for a vault service and :attr:VAULT_ADDR is set appropriately.

Parameters:timeout – The timeout (in seconds) for the service query.
unseal_vault(timeout: float = 30.0)

Unseal vault with the VAULT_KEYS

vault

The Vault client.

vault_load_policies(folder: typing.Union[str, NoneType] = None)

Load policies from folder.

Policies should have a .hcl extension. The name of the policy is the base name of the file, without the extension.

Parameters:folder – The folder to lookup. Use GENVID_VAULT_POLICIES_FOLDER if None.
vault_load_token_roles(folder: typing.Union[str, NoneType] = None)

Load token roles from folder.

Policies should have a .json extension, containing the properties of the role. If a name property is included, it is used for it. Elsewhere, the name is based on the base name of the file without the extension.

Parameters:folder – The folder to lookup. Use GENVID_VAULT_TOKEN_ROLES_FOLDER if None.
vault_setup()

Setup vault if it is not initialized.