ST-Configuration-Promotion-Demo/taeh.py at main · Axway/ST-Configuration-Promotion-Demo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import os

import dotenv
import requests


# SETTINGS
dotenv_path = ".env"
dotenv.load_dotenv(dotenv_path)
hashiToken = os.environ.get("VAULT_TOKEN")
hashiHost = os.environ.get("VAULT_HOST")
hashiRole_id = os.environ.get("VAULT_ROLE_ID")
hashiSecret_id = os.environ.get("VAULT_SECRET_ID")


st_secret = os.environ.get("ST_SECRET")


headers = {'X-Vault-Token': hashiToken}
# response = requests.post(hashiHost + '/v1/sys/auth/approle', json={"type": "approle"}, headers=headers, verify=False)
# print(response.status_code, response.text)
# appRole = response.content
# print(appRole)
#
payload = { "policy" : "path \"st_secret/data/taeh\" \n {\n capabilities=[\"read\"]\n}\n" }
response = requests.post(hashiHost + '/v1/sys/policies/acl/st-secret-readonly', json=payload, headers=headers, verify=False)
print(response.status_code, response.text)
stPolicy = response.content
print(stPolicy)

# payload={"bind_secret_id": True,   "local_secret_ids": False,  "token_type":"batch"}
# resource = '/v1/auth/approle/role/st_app'
# response = requests.post(hashiHost + resource, json=payload, headers=headers, verify=False)
# print(response.status_code, response.text)
# appRoleCreate = response.content
# print(appRoleCreate)
#
# resource = '/v1/auth/approle/role/st_app/role-id'
# response = requests.get(hashiHost + resource, headers=headers, verify=False)
# print(response.status_code, response.text)
# roleID = response.json()
# print(roleID)

# resource = '/v1/auth/approle/role/st_app/secret-id'
# payload = {"ttl": "0"}
# response = requests.post(hashiHost + resource, json=payload, headers=headers, verify=False)
# print(response.status_code, response.text, response.json())
# roleID = response.json()
# print(roleID)

resource = '/v1/auth/approle/role/st_app/policies'
payload = {"token_policies": [
    "st-secret-readonly"
]}
response = requests.post(hashiHost + resource, json=payload, headers=headers, verify=False)
print(response.status_code, response.text)
roleID = response.content
print(roleID)

resource = '/v1/sys/mounts/st_secret'
payload = {"token_policies": [
    "st-secret-readonly"
]}
response = requests.post(hashiHost + resource, json={ "type":"kv-v2" }, headers=headers, verify=False)
print(response.status_code, response.text)


resource = '/v1/st_secret/data/taeh'
payload = {"data": {"secret": st_secret}}
response = requests.post(hashiHost + resource, json=payload, headers=headers, verify=False)
print(response.status_code, response.text)