From 30a2869d942ea1d25b08bc071f93caeb3005ffd7 Mon Sep 17 00:00:00 2001 From: Damien Goldenberg Date: Wed, 15 May 2019 11:31:28 +0200 Subject: [PATCH 1/3] Add new acl endpoints for tokens, policies and roles --- consul/base.py | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/consul/base.py b/consul/base.py index ee6ab254..c740fcd9 100755 --- a/consul/base.py +++ b/consul/base.py @@ -13,6 +13,16 @@ log = logging.getLogger(__name__) +def args_to_payload(args_map): + return [ + (key, value) + for key, value in + { + k: v for + k, v in args_map.items() if v is not None and k != "self" + }.items() + ] + class ConsulException(Exception): pass @@ -343,6 +353,7 @@ def __init__( self.query = Consul.Query(self) self.coordinate = Consul.Coordinate(self) self.operator = Consul.Operator(self) + self.acl_v2 = Consul class Event(object): """ @@ -1933,6 +1944,79 @@ class ACL(object): def __init__(self, agent): self.agent = agent + def create_token(self, accessor_id=None, secret_id=None, description=None, policies=None, roles=None, service_identities=None, local=None, expiration_time=None, expiration_ttl=None): + return self.agent.http.put( + CB.json(), '/v1/acl/token', params=args_to_payload(locals())) + + def read_token(self, accessor_id): + return self.agent.http.get( + CB.json(), '/v1/acl/token/{}'.format(accessor_id)) + + def read_self_token(self): + return self.agent.http.get( + CB.json(), '/v1/acl/token/self') + + def update_token(self, accessor_id, secret_id=None, description=None, policies=None, roles=None, service_identities=None, local=None, expiration_time=None, expiration_ttl=None): + return self.agent.http.put( + CB.json(), '/v1/acl/policies/{}'.format(accessor_id), params=args_to_payload(locals())) + + def clone_token(self, accessor_id, description=None): + return self.agent.http.put( + CB.json(), '/v1/acl/token/{}/clone'.format(accessor_id), + params=[("description", description)] if description != "" else []) + + def delete_token(self, accessor_id): + return self.agent.http.delete( + CB.json(), '/v1/acl/token/{}'.format(accessor_id)) + + def list_tokens(self, token=None): + return self.agent.http.get( + CB.json(), '/v1/acl/tokens') + + def create_policy(self, name, description=None, rules=None, datacenters=None): + return self.agent.http.put( + CB.json(), '/v1/acl/policy', params=args_to_payload(locals())) + + def read_policy(self, policy_id): + return self.agent.http.get( + CB.json(), '/v1/acl/policy/{}'.format(policy_id)) + + def update_policy(self, policy_id, name, description=None, rules=None, datacenters=None): + return self.agent.http.put( + CB.json(), '/v1/acl/policy/{}'.format(policy_id), args_to_payload(locals())) + + def delete_policy(self, policy_id): + return self.agent.http.delete( + CB.json(), '/v1/acl/policy/{}'.format(policy_id)) + + def list_policies(self, token=None): + return self.agent.http.get( + CB.json(), '/v1/acl/policies') + + def create_role(self, name, description=None, policies=None, service_identities=None): + return self.agent.http.put( + CB.json(), '/v1/acl/role', params=args_to_payload(locals())) + + def read_role(self, role_id): + return self.agent.http.get( + CB.json(), '/v1/acl/role/{}'.format(role_id)) + + def read_role_by_name(self, role_name): + return self.agent.http.get( + CB.json(), '/v1/acl/role/name/{}'.format(role_name)) + + def update_role(self, role_id, name, description=None, policies=None, service_identities=None): + return self.agent.http.put( + CB.json(), '/v1/acl/role/{}'.format(role_id), args_to_payload(locals())) + + def delete_role(self, role_id): + return self.agent.http.delete( + CB.json(), '/v1/acl/role/{}'.format(role_id)) + + def list_roles(self, policy_id=None): + return self.agent.http.get( + CB.json(), '/v1/acl/roles', params=[("policy_id", policy_id)] if policy_id != "" else []) + def list(self, token=None): """ Lists all the active ACL tokens. This is a privileged endpoint, and From c67c39e9f702fdbaa5b966bbcca3eea71af37aa3 Mon Sep 17 00:00:00 2001 From: Damien Goldenberg Date: Wed, 15 May 2019 14:39:08 +0200 Subject: [PATCH 2/3] Add the auth method and bind rules endpoints --- consul/base.py | 45 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/consul/base.py b/consul/base.py index c740fcd9..40fd893b 100755 --- a/consul/base.py +++ b/consul/base.py @@ -353,7 +353,6 @@ def __init__( self.query = Consul.Query(self) self.coordinate = Consul.Coordinate(self) self.operator = Consul.Operator(self) - self.acl_v2 = Consul class Event(object): """ @@ -1969,7 +1968,7 @@ def delete_token(self, accessor_id): return self.agent.http.delete( CB.json(), '/v1/acl/token/{}'.format(accessor_id)) - def list_tokens(self, token=None): + def list_tokens(self): return self.agent.http.get( CB.json(), '/v1/acl/tokens') @@ -1989,7 +1988,7 @@ def delete_policy(self, policy_id): return self.agent.http.delete( CB.json(), '/v1/acl/policy/{}'.format(policy_id)) - def list_policies(self, token=None): + def list_policies(self): return self.agent.http.get( CB.json(), '/v1/acl/policies') @@ -2017,6 +2016,46 @@ def list_roles(self, policy_id=None): return self.agent.http.get( CB.json(), '/v1/acl/roles', params=[("policy_id", policy_id)] if policy_id != "" else []) + def create_auth_method(self, auth_method_name, auth_method_type, config, description=None): + return self.agent.http.put( + CB.json(), '/v1/acl/auth-method', params=args_to_payload(locals())) + + def read_auth_method(self, auth_method_name): + return self.agent.http.put( + CB.json(), '/v1/acl/auth-method/{}'.format(auth_method_name)) + + def update_auth_method(self, auth_method_name, auth_method_type, config, description=None): + return self.agent.http.put( + CB.json(), '/v1/acl/auth-method/{}'.format(auth_method_name), args_to_payload(locals())) + + def delete_auth_method(self, auth_method_name): + return self.agent.http.delete( + CB.json(), '/v1/acl/auth-method/{}'.format(auth_method_name)) + + def list_auth_methods(self): + return self.agent.http.get( + CB.json(), '/v1/acl/auth-methods') + + def create_binding_rule(self, binding_rule, bind_type, bind_name, description=None, selector=None): + return self.agent.http.put( + CB.json(), '/v1/acl/binding-rule', params=args_to_payload(locals())) + + def read_binding_rule(self, binding_rule_id): + return self.agent.http.put( + CB.json(), '/v1/acl/binding-rule/{}'.format(binding_rule_id)) + + def update_binding_rule(self, binding_rule_id, auth_method, bind_type, bind_name, description=None, selector=None): + return self.agent.http.put( + CB.json(), '/v1/acl/binding-rule/{}'.format(binding_rule_id), args_to_payload(locals())) + + def delete_binding_rule(self, binding_rule_id): + return self.agent.http.delete( + CB.json(), '/v1/acl/binding-rule/{}'.format(binding_rule_id)) + + def list_binding_rules(self): + return self.agent.http.get( + CB.json(), '/v1/acl/binding-rules') + def list(self, token=None): """ Lists all the active ACL tokens. This is a privileged endpoint, and From 9b57cc8954258d9407bcae7bde223a44e14b6993 Mon Sep 17 00:00:00 2001 From: Damien Goldenberg Date: Mon, 27 Jan 2020 15:53:54 +0100 Subject: [PATCH 3/3] Fix path --- consul/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/consul/base.py b/consul/base.py index 40fd893b..d51aa1fb 100755 --- a/consul/base.py +++ b/consul/base.py @@ -1957,7 +1957,7 @@ def read_self_token(self): def update_token(self, accessor_id, secret_id=None, description=None, policies=None, roles=None, service_identities=None, local=None, expiration_time=None, expiration_ttl=None): return self.agent.http.put( - CB.json(), '/v1/acl/policies/{}'.format(accessor_id), params=args_to_payload(locals())) + CB.json(), '/v1/acl/token/{}'.format(accessor_id), params=args_to_payload(locals())) def clone_token(self, accessor_id, description=None): return self.agent.http.put(