From db8e620e3db6eee13f70fbb6cfc90a851e4260c1 Mon Sep 17 00:00:00 2001 From: kasium <15907922+kasium@users.noreply.github.com> Date: Mon, 25 Mar 2024 12:13:15 +0100 Subject: [PATCH] Add type stubs for hvac (#11591) --- pyrightconfig.stricter.json | 1 + stubs/hvac/@tests/stubtest_allowlist.txt | 3 + stubs/hvac/METADATA.toml | 2 + stubs/hvac/hvac/__init__.pyi | 3 + stubs/hvac/hvac/adapters.pyi | 60 +++++++ stubs/hvac/hvac/api/__init__.pyi | 7 + stubs/hvac/hvac/api/auth_methods/__init__.pyi | 41 +++++ stubs/hvac/hvac/api/auth_methods/approle.pyi | 54 ++++++ stubs/hvac/hvac/api/auth_methods/aws.pyi | 110 ++++++++++++ stubs/hvac/hvac/api/auth_methods/azure.pyi | 49 ++++++ stubs/hvac/hvac/api/auth_methods/cert.pyi | 41 +++++ stubs/hvac/hvac/api/auth_methods/gcp.pyi | 44 +++++ stubs/hvac/hvac/api/auth_methods/github.pyi | 21 +++ stubs/hvac/hvac/api/auth_methods/jwt.pyi | 60 +++++++ .../hvac/hvac/api/auth_methods/kubernetes.pyi | 35 ++++ stubs/hvac/hvac/api/auth_methods/ldap.pyi | 60 +++++++ .../hvac/hvac/api/auth_methods/legacy_mfa.pyi | 15 ++ stubs/hvac/hvac/api/auth_methods/oidc.pyi | 35 ++++ stubs/hvac/hvac/api/auth_methods/okta.pyi | 29 ++++ stubs/hvac/hvac/api/auth_methods/radius.pyi | 23 +++ stubs/hvac/hvac/api/auth_methods/token.pyi | 74 ++++++++ stubs/hvac/hvac/api/auth_methods/userpass.pyi | 15 ++ .../hvac/api/secrets_engines/__init__.pyi | 39 +++++ .../api/secrets_engines/active_directory.pyi | 28 +++ stubs/hvac/hvac/api/secrets_engines/aws.pyi | 43 +++++ stubs/hvac/hvac/api/secrets_engines/azure.pyi | 23 +++ .../hvac/hvac/api/secrets_engines/consul.pyi | 23 +++ .../hvac/api/secrets_engines/database.pyi | 47 +++++ stubs/hvac/hvac/api/secrets_engines/gcp.pyi | 73 ++++++++ .../hvac/api/secrets_engines/identity.pyi | 163 ++++++++++++++++++ stubs/hvac/hvac/api/secrets_engines/kv.pyi | 18 ++ stubs/hvac/hvac/api/secrets_engines/kv_v1.pyi | 11 ++ stubs/hvac/hvac/api/secrets_engines/kv_v2.pyi | 37 ++++ stubs/hvac/hvac/api/secrets_engines/pki.pyi | 50 ++++++ .../hvac/api/secrets_engines/rabbitmq.pyi | 18 ++ stubs/hvac/hvac/api/secrets_engines/ssh.pyi | 73 ++++++++ .../hvac/api/secrets_engines/transform.pyi | 109 ++++++++++++ .../hvac/hvac/api/secrets_engines/transit.pyi | 114 ++++++++++++ .../hvac/hvac/api/system_backend/__init__.pyi | 63 +++++++ stubs/hvac/hvac/api/system_backend/audit.pyi | 16 ++ stubs/hvac/hvac/api/system_backend/auth.pyi | 30 ++++ .../hvac/api/system_backend/capabilities.pyi | 6 + stubs/hvac/hvac/api/system_backend/health.pyi | 16 ++ stubs/hvac/hvac/api/system_backend/init.pyi | 18 ++ stubs/hvac/hvac/api/system_backend/key.pyi | 29 ++++ stubs/hvac/hvac/api/system_backend/leader.pyi | 5 + stubs/hvac/hvac/api/system_backend/lease.pyi | 11 ++ stubs/hvac/hvac/api/system_backend/mount.pyi | 36 ++++ .../hvac/api/system_backend/namespace.pyi | 6 + .../hvac/hvac/api/system_backend/policies.pyi | 15 ++ stubs/hvac/hvac/api/system_backend/policy.pyi | 7 + stubs/hvac/hvac/api/system_backend/quota.pyi | 19 ++ stubs/hvac/hvac/api/system_backend/raft.pyi | 18 ++ stubs/hvac/hvac/api/system_backend/seal.pyi | 10 ++ .../system_backend/system_backend_mixin.pyi | 8 + .../hvac/hvac/api/system_backend/wrapping.pyi | 6 + stubs/hvac/hvac/api/vault_api_base.pyi | 7 + stubs/hvac/hvac/api/vault_api_category.pyi | 24 +++ stubs/hvac/hvac/aws_utils.pyi | 9 + stubs/hvac/hvac/constants/__init__.pyi | 0 stubs/hvac/hvac/constants/approle.pyi | 4 + stubs/hvac/hvac/constants/aws.pyi | 7 + stubs/hvac/hvac/constants/azure.pyi | 3 + stubs/hvac/hvac/constants/client.pyi | 8 + stubs/hvac/hvac/constants/gcp.pyi | 8 + stubs/hvac/hvac/constants/identity.pyi | 3 + stubs/hvac/hvac/constants/transit.pyi | 12 ++ stubs/hvac/hvac/exceptions.pyi | 42 +++++ stubs/hvac/hvac/utils.pyi | 45 +++++ stubs/hvac/hvac/v1/__init__.pyi | 72 ++++++++ 70 files changed, 2214 insertions(+) create mode 100644 stubs/hvac/@tests/stubtest_allowlist.txt create mode 100644 stubs/hvac/METADATA.toml create mode 100644 stubs/hvac/hvac/__init__.pyi create mode 100644 stubs/hvac/hvac/adapters.pyi create mode 100644 stubs/hvac/hvac/api/__init__.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/__init__.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/approle.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/aws.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/azure.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/cert.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/gcp.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/github.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/jwt.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/kubernetes.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/ldap.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/legacy_mfa.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/oidc.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/okta.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/radius.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/token.pyi create mode 100644 stubs/hvac/hvac/api/auth_methods/userpass.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/__init__.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/active_directory.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/aws.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/azure.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/consul.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/database.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/gcp.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/identity.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/kv.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/kv_v1.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/kv_v2.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/pki.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/rabbitmq.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/ssh.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/transform.pyi create mode 100644 stubs/hvac/hvac/api/secrets_engines/transit.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/__init__.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/audit.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/auth.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/capabilities.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/health.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/init.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/key.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/leader.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/lease.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/mount.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/namespace.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/policies.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/policy.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/quota.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/raft.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/seal.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/system_backend_mixin.pyi create mode 100644 stubs/hvac/hvac/api/system_backend/wrapping.pyi create mode 100644 stubs/hvac/hvac/api/vault_api_base.pyi create mode 100644 stubs/hvac/hvac/api/vault_api_category.pyi create mode 100644 stubs/hvac/hvac/aws_utils.pyi create mode 100644 stubs/hvac/hvac/constants/__init__.pyi create mode 100644 stubs/hvac/hvac/constants/approle.pyi create mode 100644 stubs/hvac/hvac/constants/aws.pyi create mode 100644 stubs/hvac/hvac/constants/azure.pyi create mode 100644 stubs/hvac/hvac/constants/client.pyi create mode 100644 stubs/hvac/hvac/constants/gcp.pyi create mode 100644 stubs/hvac/hvac/constants/identity.pyi create mode 100644 stubs/hvac/hvac/constants/transit.pyi create mode 100644 stubs/hvac/hvac/exceptions.pyi create mode 100644 stubs/hvac/hvac/utils.pyi create mode 100644 stubs/hvac/hvac/v1/__init__.pyi diff --git a/pyrightconfig.stricter.json b/pyrightconfig.stricter.json index ad82249b7..13947d7d7 100644 --- a/pyrightconfig.stricter.json +++ b/pyrightconfig.stricter.json @@ -44,6 +44,7 @@ "stubs/html5lib", "stubs/httplib2", "stubs/humanfriendly", + "stubs/hvac", "stubs/influxdb-client", "stubs/jmespath", "stubs/jsonschema", diff --git a/stubs/hvac/@tests/stubtest_allowlist.txt b/stubs/hvac/@tests/stubtest_allowlist.txt new file mode 100644 index 000000000..76a1cde4d --- /dev/null +++ b/stubs/hvac/@tests/stubtest_allowlist.txt @@ -0,0 +1,3 @@ +# stubtest does not understand that the adapter argument type is an adapter and not abc.ABC +hvac.Client.__init__ +hvac.v1.Client.__init__ diff --git a/stubs/hvac/METADATA.toml b/stubs/hvac/METADATA.toml new file mode 100644 index 000000000..350f94fbd --- /dev/null +++ b/stubs/hvac/METADATA.toml @@ -0,0 +1,2 @@ +version = "2.1.*" +upstream_repository = "https://github.com/hvac/hvac" diff --git a/stubs/hvac/hvac/__init__.pyi b/stubs/hvac/hvac/__init__.pyi new file mode 100644 index 000000000..cc4d88cd6 --- /dev/null +++ b/stubs/hvac/hvac/__init__.pyi @@ -0,0 +1,3 @@ +from hvac.v1 import Client as Client + +__all__ = ("Client",) diff --git a/stubs/hvac/hvac/adapters.pyi b/stubs/hvac/hvac/adapters.pyi new file mode 100644 index 000000000..21938560b --- /dev/null +++ b/stubs/hvac/hvac/adapters.pyi @@ -0,0 +1,60 @@ +from _typeshed import Incomplete +from abc import ABCMeta, abstractmethod +from collections.abc import Mapping +from typing import Any +from typing_extensions import Self + +class Adapter(metaclass=ABCMeta): + @classmethod + def from_adapter(cls, adapter: Adapter) -> Self: ... + base_uri: str + token: str | None + namespace: str | None + session: bool + allow_redirects: bool + ignore_exceptions: bool + strict_http: bool + request_header: bool + def __init__( + self, + base_uri: str = "http://localhost:8200", + token: str | None = None, + cert: tuple[str, str] | None = None, + verify: bool = True, + timeout: int = 30, + proxies: Mapping[str, str] | None = None, + allow_redirects: bool = True, + session: Incomplete | None = None, + namespace: str | None = None, + ignore_exceptions: bool = False, + strict_http: bool = False, + request_header: bool = True, + ) -> None: ... + @staticmethod + def urljoin(*args: object) -> str: ... + def close(self) -> None: ... + def get(self, url: str, **kwargs: Any): ... + def post(self, url: str, **kwargs: Any): ... + def put(self, url: str, **kwargs: Any): ... + def delete(self, url: str, **kwargs: Any): ... + def list(self, url: str, **kwargs: Any): ... + def head(self, url: str, **kwargs: Any): ... + def login(self, url: str, use_token: bool = True, **kwargs: Any): ... + @abstractmethod + def get_login_token(self, response) -> str: ... + @abstractmethod + def request( + self, method, url: str, headers: Mapping[str, str] | None = None, raise_exception: bool = True, **kwargs: Any + ): ... + +class RawAdapter(Adapter): + def get_login_token(self, response) -> str: ... + def request( + self, method: str, url: str, headers: Mapping[str, str] | None = None, raise_exception: bool = True, **kwargs: Any + ): ... + +class JSONAdapter(RawAdapter): + def get_login_token(self, response) -> str: ... + def request(self, *args: Any, **kwargs: Any): ... + +Request = RawAdapter diff --git a/stubs/hvac/hvac/api/__init__.pyi b/stubs/hvac/hvac/api/__init__.pyi new file mode 100644 index 000000000..f794e4d52 --- /dev/null +++ b/stubs/hvac/hvac/api/__init__.pyi @@ -0,0 +1,7 @@ +from hvac.api.auth_methods import AuthMethods as AuthMethods +from hvac.api.secrets_engines import SecretsEngines as SecretsEngines +from hvac.api.system_backend import SystemBackend as SystemBackend +from hvac.api.vault_api_base import VaultApiBase as VaultApiBase +from hvac.api.vault_api_category import VaultApiCategory as VaultApiCategory + +__all__ = ("AuthMethods", "SecretsEngines", "SystemBackend", "VaultApiBase", "VaultApiCategory") diff --git a/stubs/hvac/hvac/api/auth_methods/__init__.pyi b/stubs/hvac/hvac/api/auth_methods/__init__.pyi new file mode 100644 index 000000000..90323a99f --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/__init__.pyi @@ -0,0 +1,41 @@ +from _typeshed import Incomplete + +from hvac.api.auth_methods.approle import AppRole as AppRole +from hvac.api.auth_methods.aws import Aws as Aws +from hvac.api.auth_methods.azure import Azure as Azure +from hvac.api.auth_methods.cert import Cert as Cert +from hvac.api.auth_methods.gcp import Gcp as Gcp +from hvac.api.auth_methods.github import Github as Github +from hvac.api.auth_methods.jwt import JWT as JWT +from hvac.api.auth_methods.kubernetes import Kubernetes as Kubernetes +from hvac.api.auth_methods.ldap import Ldap as Ldap +from hvac.api.auth_methods.legacy_mfa import LegacyMfa as LegacyMfa +from hvac.api.auth_methods.oidc import OIDC as OIDC +from hvac.api.auth_methods.okta import Okta as Okta +from hvac.api.auth_methods.radius import Radius as Radius +from hvac.api.auth_methods.token import Token as Token +from hvac.api.auth_methods.userpass import Userpass as Userpass +from hvac.api.vault_api_category import VaultApiCategory + +__all__ = ( + "AuthMethods", + "AppRole", + "Azure", + "Gcp", + "Github", + "JWT", + "Kubernetes", + "Ldap", + "Userpass", + "LegacyMfa", + "OIDC", + "Okta", + "Radius", + "Token", + "Aws", + "Cert", +) + +class AuthMethods(VaultApiCategory): + implemented_classes: Incomplete + unimplemented_classes: Incomplete diff --git a/stubs/hvac/hvac/api/auth_methods/approle.pyi b/stubs/hvac/hvac/api/auth_methods/approle.pyi new file mode 100644 index 000000000..6a32d5167 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/approle.pyi @@ -0,0 +1,54 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +class AppRole(VaultApiBase): + def create_or_update_approle( + self, + role_name, + bind_secret_id: Incomplete | None = None, + secret_id_bound_cidrs: Incomplete | None = None, + secret_id_num_uses: Incomplete | None = None, + secret_id_ttl: Incomplete | None = None, + enable_local_secret_ids: Incomplete | None = None, + token_ttl: Incomplete | None = None, + token_max_ttl: Incomplete | None = None, + token_policies: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + token_explicit_max_ttl: Incomplete | None = None, + token_no_default_policy: Incomplete | None = None, + token_num_uses: Incomplete | None = None, + token_period: Incomplete | None = None, + token_type: Incomplete | None = None, + mount_point="approle", + ): ... + def list_roles(self, mount_point="approle"): ... + def read_role(self, role_name, mount_point="approle"): ... + def delete_role(self, role_name, mount_point="approle"): ... + def read_role_id(self, role_name, mount_point="approle"): ... + def update_role_id(self, role_name, role_id, mount_point="approle"): ... + def generate_secret_id( + self, + role_name, + metadata: Incomplete | None = None, + cidr_list: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + mount_point="approle", + wrap_ttl: Incomplete | None = None, + ): ... + def create_custom_secret_id( + self, + role_name, + secret_id, + metadata: Incomplete | None = None, + cidr_list: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + mount_point="approle", + wrap_ttl: Incomplete | None = None, + ): ... + def read_secret_id(self, role_name, secret_id, mount_point="approle"): ... + def destroy_secret_id(self, role_name, secret_id, mount_point="approle"): ... + def list_secret_id_accessors(self, role_name, mount_point="approle"): ... + def read_secret_id_accessor(self, role_name, secret_id_accessor, mount_point="approle"): ... + def destroy_secret_id_accessor(self, role_name, secret_id_accessor, mount_point="approle"): ... + def login(self, role_id, secret_id: Incomplete | None = None, use_token: bool = True, mount_point="approle"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/aws.pyi b/stubs/hvac/hvac/api/auth_methods/aws.pyi new file mode 100644 index 000000000..f9de9e6af --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/aws.pyi @@ -0,0 +1,110 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +logger: Incomplete + +class Aws(VaultApiBase): + def configure( + self, + max_retries: Incomplete | None = None, + access_key: Incomplete | None = None, + secret_key: Incomplete | None = None, + endpoint: Incomplete | None = None, + iam_endpoint: Incomplete | None = None, + sts_endpoint: Incomplete | None = None, + iam_server_id_header_value: Incomplete | None = None, + mount_point: str = "aws", + ): ... + def read_config(self, mount_point: str = "aws"): ... + def delete_config(self, mount_point: str = "aws"): ... + def configure_identity_integration( + self, iam_alias: Incomplete | None = None, ec2_alias: Incomplete | None = None, mount_point: str = "aws" + ): ... + def read_identity_integration(self, mount_point: str = "aws"): ... + def create_certificate_configuration( + self, cert_name, aws_public_cert, document_type: Incomplete | None = None, mount_point: str = "aws" + ): ... + def read_certificate_configuration(self, cert_name, mount_point: str = "aws"): ... + def delete_certificate_configuration(self, cert_name, mount_point: str = "aws"): ... + def list_certificate_configurations(self, mount_point: str = "aws"): ... + def create_sts_role(self, account_id, sts_role, mount_point: str = "aws"): ... + def read_sts_role(self, account_id, mount_point: str = "aws"): ... + def list_sts_roles(self, mount_point: str = "aws"): ... + def delete_sts_role(self, account_id, mount_point: str = "aws"): ... + def configure_identity_whitelist_tidy( + self, safety_buffer: Incomplete | None = None, disable_periodic_tidy: Incomplete | None = None, mount_point: str = "aws" + ): ... + def read_identity_whitelist_tidy(self, mount_point: str = "aws"): ... + def delete_identity_whitelist_tidy(self, mount_point: str = "aws"): ... + def configure_role_tag_blacklist_tidy( + self, safety_buffer: Incomplete | None = None, disable_periodic_tidy: Incomplete | None = None, mount_point: str = "aws" + ): ... + def read_role_tag_blacklist_tidy(self, mount_point: str = "aws"): ... + def delete_role_tag_blacklist_tidy(self, mount_point: str = "aws"): ... + def create_role( + self, + role, + auth_type: Incomplete | None = None, + bound_ami_id: Incomplete | None = None, + bound_account_id: Incomplete | None = None, + bound_region: Incomplete | None = None, + bound_vpc_id: Incomplete | None = None, + bound_subnet_id: Incomplete | None = None, + bound_iam_role_arn: Incomplete | None = None, + bound_iam_instance_profile_arn: Incomplete | None = None, + bound_ec2_instance_id: Incomplete | None = None, + role_tag: Incomplete | None = None, + bound_iam_principal_arn: Incomplete | None = None, + inferred_entity_type: Incomplete | None = None, + inferred_aws_region: Incomplete | None = None, + resolve_aws_unique_ids: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + period: Incomplete | None = None, + policies: Incomplete | None = None, + allow_instance_migration: Incomplete | None = None, + disallow_reauthentication: Incomplete | None = None, + mount_point: str = "aws", + ): ... + def read_role(self, role, mount_point: str = "aws"): ... + def list_roles(self, mount_point: str = "aws"): ... + def delete_role(self, role, mount_point: str = "aws"): ... + def create_role_tags( + self, + role, + policies: Incomplete | None = None, + max_ttl: Incomplete | None = None, + instance_id: Incomplete | None = None, + allow_instance_migration: Incomplete | None = None, + disallow_reauthentication: Incomplete | None = None, + mount_point: str = "aws", + ): ... + def iam_login( + self, + access_key, + secret_key, + session_token: Incomplete | None = None, + header_value: Incomplete | None = None, + role: Incomplete | None = None, + use_token: bool = True, + region: str = "us-east-1", + mount_point: str = "aws", + ): ... + def ec2_login( + self, + pkcs7, + nonce: Incomplete | None = None, + role: Incomplete | None = None, + use_token: bool = True, + mount_point: str = "aws", + ): ... + def place_role_tags_in_blacklist(self, role_tag, mount_point: str = "aws"): ... + def read_role_tag_blacklist(self, role_tag, mount_point: str = "aws"): ... + def list_blacklist_tags(self, mount_point: str = "aws"): ... + def delete_blacklist_tags(self, role_tag, mount_point: str = "aws"): ... + def tidy_blacklist_tags(self, safety_buffer: str = "72h", mount_point: str = "aws"): ... + def read_identity_whitelist(self, instance_id, mount_point: str = "aws"): ... + def list_identity_whitelist(self, mount_point: str = "aws"): ... + def delete_identity_whitelist_entries(self, instance_id, mount_point: str = "aws"): ... + def tidy_identity_whitelist_entries(self, safety_buffer: str = "72h", mount_point: str = "aws"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/azure.pyi b/stubs/hvac/hvac/api/auth_methods/azure.pyi new file mode 100644 index 000000000..cfa1e2447 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/azure.pyi @@ -0,0 +1,49 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str +logger: Incomplete + +class Azure(VaultApiBase): + def configure( + self, + tenant_id, + resource, + environment: Incomplete | None = None, + client_id: Incomplete | None = None, + client_secret: Incomplete | None = None, + mount_point="azure", + ): ... + def read_config(self, mount_point="azure"): ... + def delete_config(self, mount_point="azure"): ... + def create_role( + self, + name, + policies: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + period: Incomplete | None = None, + bound_service_principal_ids: Incomplete | None = None, + bound_group_ids: Incomplete | None = None, + bound_locations: Incomplete | None = None, + bound_subscription_ids: Incomplete | None = None, + bound_resource_groups: Incomplete | None = None, + bound_scale_sets: Incomplete | None = None, + num_uses: Incomplete | None = None, + mount_point="azure", + ): ... + def read_role(self, name, mount_point="azure"): ... + def list_roles(self, mount_point="azure"): ... + def delete_role(self, name, mount_point="azure"): ... + def login( + self, + role, + jwt, + subscription_id: Incomplete | None = None, + resource_group_name: Incomplete | None = None, + vm_name: Incomplete | None = None, + vmss_name: Incomplete | None = None, + use_token: bool = True, + mount_point="azure", + ): ... diff --git a/stubs/hvac/hvac/api/auth_methods/cert.pyi b/stubs/hvac/hvac/api/auth_methods/cert.pyi new file mode 100644 index 000000000..9fdfc8701 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/cert.pyi @@ -0,0 +1,41 @@ +from hvac.api.vault_api_base import VaultApiBase + +class Cert(VaultApiBase): + def create_ca_certificate_role( + self, + name, + certificate: str = "", + certificate_file: str = "", + allowed_common_names: str = "", + allowed_dns_sans: str = "", + allowed_email_sans: str = "", + allowed_uri_sans: str = "", + allowed_organizational_units: str = "", + required_extensions: str = "", + display_name: str = "", + token_ttl: int = 0, + token_max_ttl: int = 0, + token_policies=[], + token_bound_cidrs=[], + token_explicit_max_ttl: int = 0, + token_no_default_policy: bool = False, + token_num_uses: int = 0, + token_period: int = 0, + token_type: str = "", + mount_point: str = "cert", + ): ... + def read_ca_certificate_role(self, name, mount_point: str = "cert"): ... + def list_certificate_roles(self, mount_point: str = "cert"): ... + def delete_certificate_role(self, name, mount_point: str = "cert"): ... + def configure_tls_certificate(self, mount_point: str = "cert", disable_binding: bool = False): ... + def login( + self, + name: str = "", + cacert: bool = False, + cert_pem: str = "", + key_pem: str = "", + mount_point: str = "cert", + use_token: bool = True, + ): ... + + class CertificateAuthError(Exception): ... diff --git a/stubs/hvac/hvac/api/auth_methods/gcp.pyi b/stubs/hvac/hvac/api/auth_methods/gcp.pyi new file mode 100644 index 000000000..1c619a52f --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/gcp.pyi @@ -0,0 +1,44 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str +logger: Incomplete + +class Gcp(VaultApiBase): + def configure( + self, + credentials: Incomplete | None = None, + google_certs_endpoint="https://www.googleapis.com/oauth2/v3/certs", + mount_point="gcp", + ): ... + def read_config(self, mount_point="gcp"): ... + def delete_config(self, mount_point="gcp"): ... + def create_role( + self, + name, + role_type, + project_id, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + period: Incomplete | None = None, + policies: Incomplete | None = None, + bound_service_accounts: Incomplete | None = None, + max_jwt_exp: Incomplete | None = None, + allow_gce_inference: Incomplete | None = None, + bound_zones: Incomplete | None = None, + bound_regions: Incomplete | None = None, + bound_instance_groups: Incomplete | None = None, + bound_labels: Incomplete | None = None, + mount_point="gcp", + ): ... + def edit_service_accounts_on_iam_role( + self, name, add: Incomplete | None = None, remove: Incomplete | None = None, mount_point="gcp" + ): ... + def edit_labels_on_gce_role( + self, name, add: Incomplete | None = None, remove: Incomplete | None = None, mount_point="gcp" + ): ... + def read_role(self, name, mount_point="gcp"): ... + def list_roles(self, mount_point="gcp"): ... + def delete_role(self, role, mount_point="gcp"): ... + def login(self, role, jwt, use_token: bool = True, mount_point="gcp"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/github.pyi b/stubs/hvac/hvac/api/auth_methods/github.pyi new file mode 100644 index 000000000..4f1ba8eae --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/github.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Github(VaultApiBase): + def configure( + self, + organization, + base_url: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + mount_point="github", + ): ... + def read_configuration(self, mount_point="github"): ... + def map_team(self, team_name, policies: Incomplete | None = None, mount_point="github"): ... + def read_team_mapping(self, team_name, mount_point="github"): ... + def map_user(self, user_name, policies: Incomplete | None = None, mount_point="github"): ... + def read_user_mapping(self, user_name, mount_point="github"): ... + def login(self, token, use_token: bool = True, mount_point="github"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/jwt.pyi b/stubs/hvac/hvac/api/auth_methods/jwt.pyi new file mode 100644 index 000000000..5b4e60a82 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/jwt.pyi @@ -0,0 +1,60 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +class JWT(VaultApiBase): + DEFAULT_PATH: str + def resolve_path(self, path): ... + def configure( + self, + oidc_discovery_url: Incomplete | None = None, + oidc_discovery_ca_pem: Incomplete | None = None, + oidc_client_id: Incomplete | None = None, + oidc_client_secret: Incomplete | None = None, + oidc_response_mode: Incomplete | None = None, + oidc_response_types: Incomplete | None = None, + jwks_url: Incomplete | None = None, + jwks_ca_pem: Incomplete | None = None, + jwt_validation_pubkeys: Incomplete | None = None, + bound_issuer: Incomplete | None = None, + jwt_supported_algs: Incomplete | None = None, + default_role: Incomplete | None = None, + provider_config: Incomplete | None = None, + path: Incomplete | None = None, + ): ... + def read_config(self, path: Incomplete | None = None): ... + def create_role( + self, + name, + user_claim, + allowed_redirect_uris, + role_type: str = "jwt", + bound_audiences: Incomplete | None = None, + clock_skew_leeway: Incomplete | None = None, + expiration_leeway: Incomplete | None = None, + not_before_leeway: Incomplete | None = None, + bound_subject: Incomplete | None = None, + bound_claims: Incomplete | None = None, + groups_claim: Incomplete | None = None, + claim_mappings: Incomplete | None = None, + oidc_scopes: Incomplete | None = None, + bound_claims_type: str = "string", + verbose_oidc_logging: bool = False, + token_ttl: Incomplete | None = None, + token_max_ttl: Incomplete | None = None, + token_policies: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + token_explicit_max_ttl: Incomplete | None = None, + token_no_default_policy: Incomplete | None = None, + token_num_uses: Incomplete | None = None, + token_period: Incomplete | None = None, + token_type: Incomplete | None = None, + path: Incomplete | None = None, + user_claim_json_pointer: Incomplete | None = None, + ): ... + def read_role(self, name, path: Incomplete | None = None): ... + def list_roles(self, path: Incomplete | None = None): ... + def delete_role(self, name, path: Incomplete | None = None): ... + def oidc_authorization_url_request(self, role, redirect_uri, path: Incomplete | None = None): ... + def oidc_callback(self, state, nonce, code, path: Incomplete | None = None): ... + def jwt_login(self, role, jwt, use_token: bool = True, path: Incomplete | None = None): ... diff --git a/stubs/hvac/hvac/api/auth_methods/kubernetes.pyi b/stubs/hvac/hvac/api/auth_methods/kubernetes.pyi new file mode 100644 index 000000000..f77e4c5d7 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/kubernetes.pyi @@ -0,0 +1,35 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Kubernetes(VaultApiBase): + def configure( + self, + kubernetes_host, + kubernetes_ca_cert: Incomplete | None = None, + token_reviewer_jwt: Incomplete | None = None, + pem_keys: Incomplete | None = None, + issuer: Incomplete | None = None, + mount_point="kubernetes", + disable_local_ca_jwt: bool = False, + ): ... + def read_config(self, mount_point="kubernetes"): ... + def create_role( + self, + name, + bound_service_account_names, + bound_service_account_namespaces, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + period: Incomplete | None = None, + policies: Incomplete | None = None, + token_type: str = "", + mount_point="kubernetes", + alias_name_source: Incomplete | None = None, + ): ... + def read_role(self, name, mount_point="kubernetes"): ... + def list_roles(self, mount_point="kubernetes"): ... + def delete_role(self, name, mount_point="kubernetes"): ... + def login(self, role, jwt, use_token: bool = True, mount_point="kubernetes"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/ldap.pyi b/stubs/hvac/hvac/api/auth_methods/ldap.pyi new file mode 100644 index 000000000..1a940a8a5 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/ldap.pyi @@ -0,0 +1,60 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Ldap(VaultApiBase): + def configure( + self, + userdn: Incomplete | None = None, + groupdn: Incomplete | None = None, + url: Incomplete | None = None, + case_sensitive_names: Incomplete | None = None, + starttls: Incomplete | None = None, + tls_min_version: Incomplete | None = None, + tls_max_version: Incomplete | None = None, + insecure_tls: Incomplete | None = None, + certificate: Incomplete | None = None, + binddn: Incomplete | None = None, + bindpass: Incomplete | None = None, + userattr: Incomplete | None = None, + discoverdn: Incomplete | None = None, + deny_null_bind: bool = True, + upndomain: Incomplete | None = None, + groupfilter: Incomplete | None = None, + groupattr: Incomplete | None = None, + use_token_groups: Incomplete | None = None, + token_ttl: Incomplete | None = None, + token_max_ttl: Incomplete | None = None, + mount_point="ldap", + *, + anonymous_group_search: Incomplete | None = None, + client_tls_cert: Incomplete | None = None, + client_tls_key: Incomplete | None = None, + connection_timeout: Incomplete | None = None, + dereference_aliases: Incomplete | None = None, + max_page_size: Incomplete | None = None, + request_timeout: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + token_explicit_max_ttl: Incomplete | None = None, + token_no_default_policy: Incomplete | None = None, + token_num_uses: Incomplete | None = None, + token_period: Incomplete | None = None, + token_policies: Incomplete | None = None, + token_type: Incomplete | None = None, + userfilter: Incomplete | None = None, + username_as_alias: Incomplete | None = None, + ): ... + def read_configuration(self, mount_point="ldap"): ... + def create_or_update_group(self, name, policies: Incomplete | None = None, mount_point="ldap"): ... + def list_groups(self, mount_point="ldap"): ... + def read_group(self, name, mount_point="ldap"): ... + def delete_group(self, name, mount_point="ldap"): ... + def create_or_update_user( + self, username, policies: Incomplete | None = None, groups: Incomplete | None = None, mount_point="ldap" + ): ... + def list_users(self, mount_point="ldap"): ... + def read_user(self, username, mount_point="ldap"): ... + def delete_user(self, username, mount_point="ldap"): ... + def login(self, username, password, use_token: bool = True, mount_point="ldap"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/legacy_mfa.pyi b/stubs/hvac/hvac/api/auth_methods/legacy_mfa.pyi new file mode 100644 index 000000000..37e8bcb40 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/legacy_mfa.pyi @@ -0,0 +1,15 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +SUPPORTED_MFA_TYPES: Incomplete +SUPPORTED_AUTH_METHODS: Incomplete + +class LegacyMfa(VaultApiBase): + def configure(self, mount_point, mfa_type: str = "duo", force: bool = False): ... + def read_configuration(self, mount_point): ... + def configure_duo_access(self, mount_point, host, integration_key, secret_key): ... + def configure_duo_behavior( + self, mount_point, push_info: Incomplete | None = None, user_agent: Incomplete | None = None, username_format: str = "%s" + ): ... + def read_duo_behavior_configuration(self, mount_point): ... diff --git a/stubs/hvac/hvac/api/auth_methods/oidc.pyi b/stubs/hvac/hvac/api/auth_methods/oidc.pyi new file mode 100644 index 000000000..4dbe6b149 --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/oidc.pyi @@ -0,0 +1,35 @@ +from _typeshed import Incomplete + +from hvac.api.auth_methods.jwt import JWT + +class OIDC(JWT): + DEFAULT_PATH: str + def create_role( + self, + name, + user_claim, + allowed_redirect_uris, + role_type: str = "oidc", + bound_audiences: Incomplete | None = None, + clock_skew_leeway: Incomplete | None = None, + expiration_leeway: Incomplete | None = None, + not_before_leeway: Incomplete | None = None, + bound_subject: Incomplete | None = None, + bound_claims: Incomplete | None = None, + groups_claim: Incomplete | None = None, + claim_mappings: Incomplete | None = None, + oidc_scopes: Incomplete | None = None, + bound_claims_type: str = "string", + verbose_oidc_logging: bool = False, + token_ttl: Incomplete | None = None, + token_max_ttl: Incomplete | None = None, + token_policies: Incomplete | None = None, + token_bound_cidrs: Incomplete | None = None, + token_explicit_max_ttl: Incomplete | None = None, + token_no_default_policy: Incomplete | None = None, + token_num_uses: Incomplete | None = None, + token_period: Incomplete | None = None, + token_type: Incomplete | None = None, + path: Incomplete | None = None, + user_claim_json_pointer: Incomplete | None = None, + ) -> None: ... diff --git a/stubs/hvac/hvac/api/auth_methods/okta.pyi b/stubs/hvac/hvac/api/auth_methods/okta.pyi new file mode 100644 index 000000000..c47f7ffaa --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/okta.pyi @@ -0,0 +1,29 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Okta(VaultApiBase): + def configure( + self, + org_name, + api_token: Incomplete | None = None, + base_url: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + bypass_okta_mfa: Incomplete | None = None, + mount_point="okta", + ): ... + def read_config(self, mount_point="okta"): ... + def list_users(self, mount_point="okta"): ... + def register_user( + self, username, groups: Incomplete | None = None, policies: Incomplete | None = None, mount_point="okta" + ): ... + def read_user(self, username, mount_point="okta"): ... + def delete_user(self, username, mount_point="okta"): ... + def list_groups(self, mount_point="okta"): ... + def register_group(self, name, policies: Incomplete | None = None, mount_point="okta"): ... + def read_group(self, name, mount_point="okta"): ... + def delete_group(self, name, mount_point="okta"): ... + def login(self, username, password, use_token: bool = True, mount_point="okta"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/radius.pyi b/stubs/hvac/hvac/api/auth_methods/radius.pyi new file mode 100644 index 000000000..bbfaff2fe --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/radius.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Radius(VaultApiBase): + def configure( + self, + host, + secret, + port: Incomplete | None = None, + unregistered_user_policies: Incomplete | None = None, + dial_timeout: Incomplete | None = None, + nas_port: Incomplete | None = None, + mount_point="radius", + ): ... + def read_configuration(self, mount_point="radius"): ... + def register_user(self, username, policies: Incomplete | None = None, mount_point="radius"): ... + def list_users(self, mount_point="radius"): ... + def read_user(self, username, mount_point="radius"): ... + def delete_user(self, username, mount_point="radius"): ... + def login(self, username, password, use_token: bool = True, mount_point="radius"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/token.pyi b/stubs/hvac/hvac/api/auth_methods/token.pyi new file mode 100644 index 000000000..9d630231c --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/token.pyi @@ -0,0 +1,74 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Token(VaultApiBase): + def create( + self, + id: Incomplete | None = None, + role_name: Incomplete | None = None, + policies: Incomplete | None = None, + meta: Incomplete | None = None, + no_parent: bool = False, + no_default_policy: bool = False, + renewable: bool = True, + ttl: Incomplete | None = None, + type: Incomplete | None = None, + explicit_max_ttl: Incomplete | None = None, + display_name: str = "token", + num_uses: int = 0, + period: Incomplete | None = None, + entity_alias: Incomplete | None = None, + wrap_ttl: Incomplete | None = None, + mount_point="token", + ): ... + def create_orphan( + self, + id: Incomplete | None = None, + role_name: Incomplete | None = None, + policies: Incomplete | None = None, + meta: Incomplete | None = None, + no_default_policy: bool = False, + renewable: bool = True, + ttl: Incomplete | None = None, + type: Incomplete | None = None, + explicit_max_ttl: Incomplete | None = None, + display_name: str = "token", + num_uses: int = 0, + period: Incomplete | None = None, + entity_alias: Incomplete | None = None, + wrap_ttl: Incomplete | None = None, + mount_point="token", + ): ... + def list_accessors(self, mount_point="token"): ... + def lookup(self, token, mount_point="token"): ... + def lookup_self(self, mount_point="token"): ... + def lookup_accessor(self, accessor, mount_point="token"): ... + def renew(self, token, increment: Incomplete | None = None, wrap_ttl: Incomplete | None = None, mount_point="token"): ... + def renew_self(self, increment: Incomplete | None = None, wrap_ttl: Incomplete | None = None, mount_point="token"): ... + def renew_accessor( + self, accessor, increment: Incomplete | None = None, wrap_ttl: Incomplete | None = None, mount_point="token" + ): ... + def revoke(self, token, mount_point="token"): ... + def revoke_self(self, mount_point="token"): ... + def revoke_accessor(self, accessor, mount_point="token"): ... + def revoke_and_orphan_children(self, token, mount_point="token"): ... + def read_role(self, role_name, mount_point="token"): ... + def list_roles(self, mount_point="token"): ... + def create_or_update_role( + self, + role_name, + allowed_policies: Incomplete | None = None, + disallowed_policies: Incomplete | None = None, + orphan: bool = False, + renewable: bool = True, + path_suffix: Incomplete | None = None, + allowed_entity_aliases: Incomplete | None = None, + mount_point="token", + token_period: Incomplete | None = None, + token_explicit_max_ttl: Incomplete | None = None, + ): ... + def delete_role(self, role_name, mount_point="token"): ... + def tidy(self, mount_point="token"): ... diff --git a/stubs/hvac/hvac/api/auth_methods/userpass.pyi b/stubs/hvac/hvac/api/auth_methods/userpass.pyi new file mode 100644 index 000000000..60677915c --- /dev/null +++ b/stubs/hvac/hvac/api/auth_methods/userpass.pyi @@ -0,0 +1,15 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Userpass(VaultApiBase): + def create_or_update_user( + self, username, password: Incomplete | None = None, policies: Incomplete | None = None, mount_point="userpass", **kwargs + ): ... + def list_user(self, mount_point="userpass"): ... + def read_user(self, username, mount_point="userpass"): ... + def delete_user(self, username, mount_point="userpass"): ... + def update_password_on_user(self, username, password, mount_point="userpass"): ... + def login(self, username, password, use_token: bool = True, mount_point="userpass"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/__init__.pyi b/stubs/hvac/hvac/api/secrets_engines/__init__.pyi new file mode 100644 index 000000000..fe226a4ed --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/__init__.pyi @@ -0,0 +1,39 @@ +from _typeshed import Incomplete + +from hvac.api.secrets_engines.active_directory import ActiveDirectory as ActiveDirectory +from hvac.api.secrets_engines.aws import Aws as Aws +from hvac.api.secrets_engines.azure import Azure as Azure +from hvac.api.secrets_engines.database import Database as Database +from hvac.api.secrets_engines.gcp import Gcp as Gcp +from hvac.api.secrets_engines.identity import Identity as Identity +from hvac.api.secrets_engines.kv import Kv as Kv +from hvac.api.secrets_engines.kv_v1 import KvV1 as KvV1 +from hvac.api.secrets_engines.kv_v2 import KvV2 as KvV2 +from hvac.api.secrets_engines.pki import Pki as Pki +from hvac.api.secrets_engines.rabbitmq import RabbitMQ as RabbitMQ +from hvac.api.secrets_engines.ssh import Ssh as Ssh +from hvac.api.secrets_engines.transform import Transform as Transform +from hvac.api.secrets_engines.transit import Transit as Transit +from hvac.api.vault_api_category import VaultApiCategory + +__all__ = ( + "Aws", + "Azure", + "Gcp", + "ActiveDirectory", + "Identity", + "Kv", + "KvV1", + "KvV2", + "Pki", + "Transform", + "Transit", + "SecretsEngines", + "Database", + "RabbitMQ", + "Ssh", +) + +class SecretsEngines(VaultApiCategory): + implemented_classes: Incomplete + unimplemented_classes: Incomplete diff --git a/stubs/hvac/hvac/api/secrets_engines/active_directory.pyi b/stubs/hvac/hvac/api/secrets_engines/active_directory.pyi new file mode 100644 index 000000000..1f9553368 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/active_directory.pyi @@ -0,0 +1,28 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class ActiveDirectory(VaultApiBase): + def configure( + self, + binddn: Incomplete | None = None, + bindpass: Incomplete | None = None, + url: Incomplete | None = None, + userdn: Incomplete | None = None, + upndomain: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + mount_point="ad", + *args, + **kwargs, + ): ... + def read_config(self, mount_point="ad"): ... + def create_or_update_role( + self, name, service_account_name: Incomplete | None = None, ttl: Incomplete | None = None, mount_point="ad" + ): ... + def read_role(self, name, mount_point="ad"): ... + def list_roles(self, mount_point="ad"): ... + def delete_role(self, name, mount_point="ad"): ... + def generate_credentials(self, name, mount_point="ad"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/aws.pyi b/stubs/hvac/hvac/api/secrets_engines/aws.pyi new file mode 100644 index 000000000..dd2dde1d8 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/aws.pyi @@ -0,0 +1,43 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +class Aws(VaultApiBase): + def configure_root_iam_credentials( + self, + access_key, + secret_key, + region: Incomplete | None = None, + iam_endpoint: Incomplete | None = None, + sts_endpoint: Incomplete | None = None, + max_retries: Incomplete | None = None, + mount_point="aws", + ): ... + def rotate_root_iam_credentials(self, mount_point="aws"): ... + def configure_lease(self, lease, lease_max, mount_point="aws"): ... + def read_lease_config(self, mount_point="aws"): ... + def create_or_update_role( + self, + name, + credential_type, + policy_document: Incomplete | None = None, + default_sts_ttl: Incomplete | None = None, + max_sts_ttl: Incomplete | None = None, + role_arns: Incomplete | None = None, + policy_arns: Incomplete | None = None, + legacy_params: bool = False, + iam_tags: Incomplete | None = None, + mount_point="aws", + ): ... + def read_role(self, name, mount_point="aws"): ... + def list_roles(self, mount_point="aws"): ... + def delete_role(self, name, mount_point="aws"): ... + def generate_credentials( + self, + name, + role_arn: Incomplete | None = None, + ttl: Incomplete | None = None, + endpoint: str = "creds", + mount_point="aws", + role_session_name: Incomplete | None = None, + ): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/azure.pyi b/stubs/hvac/hvac/api/secrets_engines/azure.pyi new file mode 100644 index 000000000..ba49483b2 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/azure.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Azure(VaultApiBase): + def configure( + self, + subscription_id, + tenant_id, + client_id: Incomplete | None = None, + client_secret: Incomplete | None = None, + environment: Incomplete | None = None, + mount_point="azure", + ): ... + def read_config(self, mount_point="azure"): ... + def delete_config(self, mount_point="azure"): ... + def create_or_update_role( + self, name, azure_roles, ttl: Incomplete | None = None, max_ttl: Incomplete | None = None, mount_point="azure" + ): ... + def list_roles(self, mount_point="azure"): ... + def generate_credentials(self, name, mount_point="azure"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/consul.pyi b/stubs/hvac/hvac/api/secrets_engines/consul.pyi new file mode 100644 index 000000000..b51d841e7 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/consul.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Consul(VaultApiBase): + def configure_access(self, address, token, scheme: Incomplete | None = None, mount_point="consul"): ... + def create_or_update_role( + self, + name, + policy: Incomplete | None = None, + policies: Incomplete | None = None, + token_type: Incomplete | None = None, + local: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + mount_point="consul", + ): ... + def read_role(self, name, mount_point="consul"): ... + def list_roles(self, mount_point="consul"): ... + def delete_role(self, name, mount_point="consul"): ... + def generate_credentials(self, name, mount_point="consul"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/database.pyi b/stubs/hvac/hvac/api/secrets_engines/database.pyi new file mode 100644 index 000000000..6f016ec1e --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/database.pyi @@ -0,0 +1,47 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Database(VaultApiBase): + def configure( + self, + name, + plugin_name, + verify_connection: Incomplete | None = None, + allowed_roles: Incomplete | None = None, + root_rotation_statements: Incomplete | None = None, + mount_point="database", + *args, + **kwargs, + ): ... + def rotate_root_credentials(self, name, mount_point="database"): ... + def read_connection(self, name, mount_point="database"): ... + def list_connections(self, mount_point="database"): ... + def delete_connection(self, name, mount_point="database"): ... + def reset_connection(self, name, mount_point="database"): ... + def create_role( + self, + name, + db_name, + creation_statements, + default_ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + revocation_statements: Incomplete | None = None, + rollback_statements: Incomplete | None = None, + renew_statements: Incomplete | None = None, + mount_point="database", + ): ... + def create_static_role( + self, name, db_name, username, rotation_statements, rotation_period: int = 86400, mount_point="database" + ): ... + def read_role(self, name, mount_point="database"): ... + def read_static_role(self, name, mount_point="database"): ... + def list_roles(self, mount_point="database"): ... + def list_static_roles(self, mount_point="database"): ... + def delete_role(self, name, mount_point="database"): ... + def delete_static_role(self, name, mount_point="database"): ... + def generate_credentials(self, name, mount_point="database"): ... + def get_static_credentials(self, name, mount_point="database"): ... + def rotate_static_role_credentials(self, name, mount_point="database"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/gcp.pyi b/stubs/hvac/hvac/api/secrets_engines/gcp.pyi new file mode 100644 index 000000000..0c027af5b --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/gcp.pyi @@ -0,0 +1,73 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Gcp(VaultApiBase): + def configure( + self, + credentials: Incomplete | None = None, + ttl: Incomplete | None = None, + max_ttl: Incomplete | None = None, + mount_point="gcp", + ): ... + def rotate_root_credentials(self, mount_point="gcp"): ... + def read_config(self, mount_point="gcp"): ... + def create_or_update_roleset( + self, + name, + project, + bindings, + secret_type: Incomplete | None = None, + token_scopes: Incomplete | None = None, + mount_point="gcp", + ): ... + def rotate_roleset_account(self, name, mount_point="gcp"): ... + def rotate_roleset_account_key(self, name, mount_point="gcp"): ... + def read_roleset(self, name, mount_point="gcp"): ... + def list_rolesets(self, mount_point="gcp"): ... + def delete_roleset(self, name, mount_point="gcp"): ... + def generate_oauth2_access_token(self, roleset, mount_point="gcp"): ... + def generate_service_account_key( + self, + roleset, + key_algorithm: str = "KEY_ALG_RSA_2048", + key_type: str = "TYPE_GOOGLE_CREDENTIALS_FILE", + method: str = "POST", + mount_point="gcp", + ): ... + def create_or_update_static_account( + self, + name, + service_account_email, + bindings: Incomplete | None = None, + secret_type: Incomplete | None = None, + token_scopes: Incomplete | None = None, + mount_point="gcp", + ): ... + def rotate_static_account_key(self, name, mount_point="gcp"): ... + def read_static_account(self, name, mount_point="gcp"): ... + def list_static_accounts(self, mount_point="gcp"): ... + def delete_static_account(self, name, mount_point="gcp"): ... + def generate_static_account_oauth2_access_token(self, name, mount_point="gcp"): ... + def generate_static_account_service_account_key( + self, + name, + key_algorithm: str = "KEY_ALG_RSA_2048", + key_type: str = "TYPE_GOOGLE_CREDENTIALS_FILE", + method: str = "POST", + mount_point="gcp", + ): ... + def create_or_update_impersonated_account( + self, + name, + service_account_email, + token_scopes: Incomplete | None = None, + ttl: Incomplete | None = None, + mount_point="gcp", + ): ... + def read_impersonated_account(self, name, mount_point="gcp"): ... + def list_impersonated_accounts(self, mount_point="gcp"): ... + def delete_impersonated_account(self, name, mount_point="gcp"): ... + def generate_impersonated_account_oauth2_access_token(self, name, mount_point="gcp"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/identity.pyi b/stubs/hvac/hvac/api/secrets_engines/identity.pyi new file mode 100644 index 000000000..8d8ecb44e --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/identity.pyi @@ -0,0 +1,163 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str +logger: Incomplete + +class Identity(VaultApiBase): + def create_or_update_entity( + self, + name, + entity_id: Incomplete | None = None, + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + disabled: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def create_or_update_entity_by_name( + self, + name, + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + disabled: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def read_entity(self, entity_id, mount_point: str = "identity"): ... + def read_entity_by_name(self, name, mount_point: str = "identity"): ... + def update_entity( + self, + entity_id, + name: Incomplete | None = None, + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + disabled: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def delete_entity(self, entity_id, mount_point: str = "identity"): ... + def delete_entity_by_name(self, name, mount_point: str = "identity"): ... + def list_entities(self, method: str = "LIST", mount_point: str = "identity"): ... + def list_entities_by_name(self, method: str = "LIST", mount_point: str = "identity"): ... + def merge_entities( + self, + from_entity_ids, + to_entity_id, + force: Incomplete | None = None, + mount_point: str = "identity", + conflicting_alias_ids_to_keep: Incomplete | None = None, + ): ... + def create_or_update_entity_alias( + self, name, canonical_id, mount_accessor, alias_id: Incomplete | None = None, mount_point: str = "identity" + ): ... + def read_entity_alias(self, alias_id, mount_point: str = "identity"): ... + def update_entity_alias(self, alias_id, name, canonical_id, mount_accessor, mount_point: str = "identity"): ... + def list_entity_aliases(self, method: str = "LIST", mount_point: str = "identity"): ... + def delete_entity_alias(self, alias_id, mount_point: str = "identity"): ... + @staticmethod + def validate_member_id_params_for_group_type(group_type, params, member_group_ids, member_entity_ids): ... + def create_or_update_group( + self, + name, + group_id: Incomplete | None = None, + group_type: str = "internal", + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + member_group_ids: Incomplete | None = None, + member_entity_ids: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def read_group(self, group_id, mount_point: str = "identity"): ... + def update_group( + self, + group_id, + name, + group_type: str = "internal", + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + member_group_ids: Incomplete | None = None, + member_entity_ids: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def delete_group(self, group_id, mount_point: str = "identity"): ... + def list_groups(self, method: str = "LIST", mount_point: str = "identity"): ... + def list_groups_by_name(self, method: str = "LIST", mount_point: str = "identity"): ... + def create_or_update_group_by_name( + self, + name, + group_type: str = "internal", + metadata: Incomplete | None = None, + policies: Incomplete | None = None, + member_group_ids: Incomplete | None = None, + member_entity_ids: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def read_group_by_name(self, name, mount_point: str = "identity"): ... + def delete_group_by_name(self, name, mount_point: str = "identity"): ... + def create_or_update_group_alias( + self, + name, + alias_id: Incomplete | None = None, + mount_accessor: Incomplete | None = None, + canonical_id: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def update_group_alias( + self, + entity_id, + name, + mount_accessor: Incomplete | None = None, + canonical_id: Incomplete | None = None, + mount_point="identity", + ): ... + def read_group_alias(self, alias_id, mount_point: str = "identity"): ... + def delete_group_alias(self, entity_id, mount_point: str = "identity"): ... + def list_group_aliases(self, method: str = "LIST", mount_point: str = "identity"): ... + def lookup_entity( + self, + name: Incomplete | None = None, + entity_id: Incomplete | None = None, + alias_id: Incomplete | None = None, + alias_name: Incomplete | None = None, + alias_mount_accessor: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def lookup_group( + self, + name: Incomplete | None = None, + group_id: Incomplete | None = None, + alias_id: Incomplete | None = None, + alias_name: Incomplete | None = None, + alias_mount_accessor: Incomplete | None = None, + mount_point: str = "identity", + ): ... + def configure_tokens_backend(self, issuer: Incomplete | None = None, mount_point: str = "identity"): ... + def read_tokens_backend_configuration(self, mount_point: str = "identity"): ... + def create_named_key( + self, + name, + rotation_period: str = "24h", + verification_ttl: str = "24h", + allowed_client_ids: Incomplete | None = None, + algorithm: str = "RS256", + mount_point: str = "identity", + ): ... + def read_named_key(self, name, mount_point: str = "identity"): ... + def delete_named_key(self, name, mount_point: str = "identity"): ... + def list_named_keys(self, mount_point: str = "identity"): ... + def rotate_named_key(self, name, verification_ttl, mount_point: str = "identity"): ... + def create_or_update_role( + self, + name, + key, + template: Incomplete | None = None, + client_id: Incomplete | None = None, + ttl: str = "24h", + mount_point: str = "identity", + ): ... + def read_role(self, name, mount_point: str = "identity"): ... + def delete_role(self, name, mount_point: str = "identity"): ... + def list_roles(self, mount_point: str = "identity"): ... + def generate_signed_id_token(self, name, mount_point: str = "identity"): ... + def introspect_signed_id_token(self, token, client_id: Incomplete | None = None, mount_point: str = "identity"): ... + def read_well_known_configurations(self, mount_point: str = "identity"): ... + def read_active_public_keys(self, mount_point: str = "identity"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/kv.pyi b/stubs/hvac/hvac/api/secrets_engines/kv.pyi new file mode 100644 index 000000000..1f4a3de38 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/kv.pyi @@ -0,0 +1,18 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +logger: Incomplete + +class Kv(VaultApiBase): + allowed_kv_versions: Incomplete + def __init__(self, adapter, default_kv_version: str = "2") -> None: ... + @property + def v1(self): ... + @property + def v2(self): ... + @property + def default_kv_version(self): ... + @default_kv_version.setter + def default_kv_version(self, default_kv_version) -> None: ... + def __getattr__(self, item): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/kv_v1.pyi b/stubs/hvac/hvac/api/secrets_engines/kv_v1.pyi new file mode 100644 index 000000000..c64b3c75c --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/kv_v1.pyi @@ -0,0 +1,11 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class KvV1(VaultApiBase): + def read_secret(self, path, mount_point="secret"): ... + def list_secrets(self, path, mount_point="secret"): ... + def create_or_update_secret(self, path, secret, method: Incomplete | None = None, mount_point="secret"): ... + def delete_secret(self, path, mount_point="secret"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/kv_v2.pyi b/stubs/hvac/hvac/api/secrets_engines/kv_v2.pyi new file mode 100644 index 000000000..6996f136e --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/kv_v2.pyi @@ -0,0 +1,37 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class KvV2(VaultApiBase): + def configure( + self, + max_versions: int = 10, + cas_required: Incomplete | None = None, + delete_version_after: str = "0s", + mount_point="secret", + ): ... + def read_configuration(self, mount_point="secret"): ... + def read_secret(self, path, mount_point="secret", raise_on_deleted_version: Incomplete | None = None): ... + def read_secret_version( + self, path, version: Incomplete | None = None, mount_point="secret", raise_on_deleted_version: Incomplete | None = None + ): ... + def create_or_update_secret(self, path, secret, cas: Incomplete | None = None, mount_point="secret"): ... + def patch(self, path, secret, mount_point="secret"): ... + def delete_latest_version_of_secret(self, path, mount_point="secret"): ... + def delete_secret_versions(self, path, versions, mount_point="secret"): ... + def undelete_secret_versions(self, path, versions, mount_point="secret"): ... + def destroy_secret_versions(self, path, versions, mount_point="secret"): ... + def list_secrets(self, path, mount_point="secret"): ... + def read_secret_metadata(self, path, mount_point="secret"): ... + def update_metadata( + self, + path, + max_versions: Incomplete | None = None, + cas_required: Incomplete | None = None, + delete_version_after: str = "0s", + mount_point="secret", + custom_metadata: Incomplete | None = None, + ): ... + def delete_metadata_and_all_versions(self, path, mount_point="secret"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/pki.pyi b/stubs/hvac/hvac/api/secrets_engines/pki.pyi new file mode 100644 index 000000000..b8ee9bc1c --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/pki.pyi @@ -0,0 +1,50 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Pki(VaultApiBase): + def read_ca_certificate(self, mount_point="pki"): ... + def read_ca_certificate_chain(self, mount_point="pki"): ... + def read_certificate(self, serial, mount_point="pki"): ... + def list_certificates(self, mount_point="pki"): ... + def submit_ca_information(self, pem_bundle, mount_point="pki"): ... + def read_crl_configuration(self, mount_point="pki"): ... + def set_crl_configuration( + self, + expiry: Incomplete | None = None, + disable: Incomplete | None = None, + extra_params: Incomplete | None = None, + mount_point="pki", + ): ... + def read_urls(self, mount_point="pki"): ... + def set_urls(self, params, mount_point="pki"): ... + def read_crl(self, mount_point="pki"): ... + def rotate_crl(self, mount_point="pki"): ... + def generate_intermediate( + self, type, common_name, extra_params: Incomplete | None = None, mount_point="pki", wrap_ttl: Incomplete | None = None + ): ... + def set_signed_intermediate(self, certificate, mount_point="pki"): ... + def generate_certificate( + self, name, common_name, extra_params: Incomplete | None = None, mount_point="pki", wrap_ttl: Incomplete | None = None + ): ... + def revoke_certificate(self, serial_number, mount_point="pki"): ... + def create_or_update_role(self, name, extra_params: Incomplete | None = None, mount_point="pki"): ... + def read_role(self, name, mount_point="pki"): ... + def list_roles(self, mount_point="pki"): ... + def delete_role(self, name, mount_point="pki"): ... + def generate_root( + self, type, common_name, extra_params: Incomplete | None = None, mount_point="pki", wrap_ttl: Incomplete | None = None + ): ... + def delete_root(self, mount_point="pki"): ... + def sign_intermediate(self, csr, common_name, extra_params: Incomplete | None = None, mount_point="pki"): ... + def sign_self_issued(self, certificate, mount_point="pki"): ... + def sign_certificate(self, name, csr, common_name, extra_params: Incomplete | None = None, mount_point="pki"): ... + def sign_verbatim(self, csr, name: bool = False, extra_params: Incomplete | None = None, mount_point="pki"): ... + def tidy(self, extra_params: Incomplete | None = None, mount_point="pki"): ... + def read_issuer(self, issuer_ref, mount_point="pki"): ... + def list_issuers(self, mount_point="pki"): ... + def update_issuer(self, issuer_ref, extra_params: Incomplete | None = None, mount_point="pki"): ... + def revoke_issuer(self, issuer_ref, mount_point="pki"): ... + def delete_issuer(self, issuer_ref, mount_point="pki"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/rabbitmq.pyi b/stubs/hvac/hvac/api/secrets_engines/rabbitmq.pyi new file mode 100644 index 000000000..6c77c2ed6 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/rabbitmq.pyi @@ -0,0 +1,18 @@ +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class RabbitMQ(VaultApiBase): + def configure( + self, + connection_uri: str = "", + username: str = "", + password: str = "", + verify_connection: bool = True, + mount_point="rabbitmq", + ): ... + def configure_lease(self, ttl, max_ttl, mount_point="rabbitmq"): ... + def create_role(self, name, tags: str = "", vhosts: str = "", vhost_topics: str = "", mount_point: str = "rabbitmq"): ... + def read_role(self, name, mount_point="rabbitmq"): ... + def delete_role(self, name, mount_point="rabbitmq"): ... + def generate_credentials(self, name, mount_point="rabbitmq"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/ssh.pyi b/stubs/hvac/hvac/api/secrets_engines/ssh.pyi new file mode 100644 index 000000000..8697ec503 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/ssh.pyi @@ -0,0 +1,73 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Ssh(VaultApiBase): + def create_or_update_key(self, name: str = "", key: str = "", mount_point: str = "ssh"): ... + def delete_key(self, name: str = "", mount_point: str = "ssh"): ... + def create_role( + self, + name: str = "", + key: str = "", + admin_user: str = "", + default_user: str = "", + cidr_list: str = "", + exclude_cidr_list: str = "", + port: int = 22, + key_type: str = "", + key_bits: int = 1024, + install_script: str = "", + allowed_users: str = "", + allowed_users_template: str = "", + allowed_domains: str = "", + key_option_specs: str = "", + ttl: str = "", + max_ttl: str = "", + allowed_critical_options: str = "", + allowed_extensions: str = "", + default_critical_options: Incomplete | None = None, + default_extensions: Incomplete | None = None, + allow_user_certificates: str = "", + allow_host_certificates: bool = False, + allow_bare_domains: bool = False, + allow_subdomains: bool = False, + allow_user_key_ids: bool = False, + key_id_format: str = "", + allowed_user_key_lengths: Incomplete | None = None, + algorithm_signer: str = "", + mount_point="ssh", + ): ... + def read_role(self, name: str = "", mount_point: str = "ssh"): ... + def list_roles(self, mount_point: str = "ssh"): ... + def delete_role(self, name: str = "", mount_point: str = "ssh"): ... + def list_zeroaddress_roles(self, mount_point: str = "ssh"): ... + def configure_zeroaddress_roles(self, roles: str = "", mount_point: str = "ssh"): ... + def delete_zeroaddress_role(self, mount_point: str = "ssh"): ... + def generate_ssh_credentials(self, name: str = "", username: str = "", ip: str = "", mount_point: str = "ssh"): ... + def list_roles_by_ip(self, ip: str = "", mount_point: str = "ssh"): ... + def verify_ssh_otp(self, otp, mount_point="ssh"): ... + def submit_ca_information( + self, + private_key: str = "", + public_key: str = "", + generate_signing_key: bool = True, + key_type: str = "ssh-rsa", + key_bits: int = 0, + mount_point: str = "ssh", + ): ... + def delete_ca_information(self, mount_point: str = "ssh"): ... + def read_public_key(self, mount_point: str = "ssh"): ... + def sign_ssh_key( + self, + name: str = "", + public_key: str = "", + ttl: str = "", + valid_principals: str = "", + cert_type: str = "user", + key_id: str = "", + critical_options: Incomplete | None = None, + extensions: Incomplete | None = None, + mount_point: str = "ssh", + ): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/transform.pyi b/stubs/hvac/hvac/api/secrets_engines/transform.pyi new file mode 100644 index 000000000..b1a89f8f9 --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/transform.pyi @@ -0,0 +1,109 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Transform(VaultApiBase): + def create_or_update_role(self, name, transformations, mount_point: str = "transform"): ... + def read_role(self, name, mount_point: str = "transform"): ... + def list_roles(self, mount_point: str = "transform"): ... + def delete_role(self, name, mount_point: str = "transform"): ... + def create_or_update_transformation( + self, + name, + transform_type, + template, + tweak_source: str = "supplied", + masking_character: str = "*", + allowed_roles: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def create_or_update_fpe_transformation( + self, + name, + template, + tweak_source: str = "supplied", + allowed_roles: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def create_or_update_masking_transformation( + self, + name, + template, + masking_character: str = "*", + allowed_roles: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def create_or_update_tokenization_transformation( + self, + name, + max_ttl: int = 0, + mapping_mode: str = "default", + allowed_roles: Incomplete | None = None, + stores: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def read_transformation(self, name, mount_point: str = "transform"): ... + def list_transformations(self, mount_point: str = "transform"): ... + def delete_transformation(self, name, mount_point: str = "transform"): ... + def create_or_update_template(self, name, template_type, pattern, alphabet, mount_point: str = "transform"): ... + def read_template(self, name, mount_point: str = "transform"): ... + def list_templates(self, mount_point: str = "transform"): ... + def delete_template(self, name, mount_point: str = "transform"): ... + def create_or_update_alphabet(self, name, alphabet, mount_point: str = "transform"): ... + def read_alphabet(self, name, mount_point: str = "transform"): ... + def list_alphabets(self, mount_point: str = "transform"): ... + def delete_alphabet(self, name, mount_point: str = "transform"): ... + def create_or_update_tokenization_store( + self, + name, + driver, + connection_string, + username: Incomplete | None = None, + password: Incomplete | None = None, + type: str = "sql", + supported_transformations: Incomplete | None = None, + schema: str = "public", + max_open_connections: int = 4, + max_idle_connections: int = 4, + max_connection_lifetime: int = 0, + mount_point: str = "transform", + ): ... + def encode( + self, + role_name, + value: Incomplete | None = None, + transformation: Incomplete | None = None, + tweak: Incomplete | None = None, + batch_input: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def decode( + self, + role_name, + value: Incomplete | None = None, + transformation: Incomplete | None = None, + tweak: Incomplete | None = None, + batch_input: Incomplete | None = None, + mount_point: str = "transform", + ): ... + def validate_token( + self, role_name, value, transformation, batch_input: Incomplete | None = None, mount_point: str = "transform" + ): ... + def check_tokenization( + self, role_name, value, transformation, batch_input: Incomplete | None = None, mount_point: str = "transform" + ): ... + def retrieve_token_metadata( + self, role_name, value, transformation, batch_input: Incomplete | None = None, mount_point: str = "transform" + ): ... + def snapshot_tokenization_state(self, name, limit: int = 1000, continuation: str = "", mount_point: str = "transform"): ... + def restore_tokenization_state(self, name, values, mount_point: str = "transform"): ... + def export_decoded_tokenization_state( + self, name, limit: int = 1000, continuation: str = "", mount_point: str = "transform" + ): ... + def rotate_tokenization_key(self, transform_name, mount_point: str = "transform"): ... + def update_tokenization_key_config(self, transform_name, min_decryption_version, mount_point: str = "transform"): ... + def list_tokenization_key_configuration(self, mount_point: str = "transform"): ... + def read_tokenization_key_configuration(self, transform_name, mount_point: str = "transform"): ... + def trim_tokenization_key_version(self, transform_name, min_available_version, mount_point: str = "transform"): ... diff --git a/stubs/hvac/hvac/api/secrets_engines/transit.pyi b/stubs/hvac/hvac/api/secrets_engines/transit.pyi new file mode 100644 index 000000000..5d5e5060a --- /dev/null +++ b/stubs/hvac/hvac/api/secrets_engines/transit.pyi @@ -0,0 +1,114 @@ +from _typeshed import Incomplete + +from hvac.api.vault_api_base import VaultApiBase + +DEFAULT_MOUNT_POINT: str + +class Transit(VaultApiBase): + def create_key( + self, + name, + convergent_encryption: Incomplete | None = None, + derived: Incomplete | None = None, + exportable: Incomplete | None = None, + allow_plaintext_backup: Incomplete | None = None, + key_type: Incomplete | None = None, + mount_point="transit", + auto_rotate_period: Incomplete | None = None, + ): ... + def read_key(self, name, mount_point="transit"): ... + def list_keys(self, mount_point="transit"): ... + def delete_key(self, name, mount_point="transit"): ... + def update_key_configuration( + self, + name, + min_decryption_version: Incomplete | None = None, + min_encryption_version: Incomplete | None = None, + deletion_allowed: Incomplete | None = None, + exportable: Incomplete | None = None, + allow_plaintext_backup: Incomplete | None = None, + mount_point="transit", + auto_rotate_period: Incomplete | None = None, + ): ... + def rotate_key(self, name, mount_point="transit"): ... + def export_key(self, name, key_type, version: Incomplete | None = None, mount_point="transit"): ... + def encrypt_data( + self, + name, + plaintext: Incomplete | None = None, + context: Incomplete | None = None, + key_version: Incomplete | None = None, + nonce: Incomplete | None = None, + batch_input: Incomplete | None = None, + type: Incomplete | None = None, + convergent_encryption: Incomplete | None = None, + mount_point="transit", + ): ... + def decrypt_data( + self, + name, + ciphertext: Incomplete | None = None, + context: Incomplete | None = None, + nonce: Incomplete | None = None, + batch_input: Incomplete | None = None, + mount_point="transit", + ): ... + def rewrap_data( + self, + name, + ciphertext, + context: Incomplete | None = None, + key_version: Incomplete | None = None, + nonce: Incomplete | None = None, + batch_input: Incomplete | None = None, + mount_point="transit", + ): ... + def generate_data_key( + self, + name, + key_type, + context: Incomplete | None = None, + nonce: Incomplete | None = None, + bits: Incomplete | None = None, + mount_point="transit", + ): ... + def generate_random_bytes( + self, n_bytes: Incomplete | None = None, output_format: Incomplete | None = None, mount_point="transit" + ): ... + def hash_data( + self, hash_input, algorithm: Incomplete | None = None, output_format: Incomplete | None = None, mount_point="transit" + ): ... + def generate_hmac( + self, name, hash_input, key_version: Incomplete | None = None, algorithm: Incomplete | None = None, mount_point="transit" + ): ... + def sign_data( + self, + name, + hash_input: Incomplete | None = None, + key_version: Incomplete | None = None, + hash_algorithm: Incomplete | None = None, + context: Incomplete | None = None, + prehashed: Incomplete | None = None, + signature_algorithm: Incomplete | None = None, + marshaling_algorithm: Incomplete | None = None, + salt_length: Incomplete | None = None, + mount_point="transit", + batch_input: Incomplete | None = None, + ): ... + def verify_signed_data( + self, + name, + hash_input, + signature: Incomplete | None = None, + hmac: Incomplete | None = None, + hash_algorithm: Incomplete | None = None, + context: Incomplete | None = None, + prehashed: Incomplete | None = None, + signature_algorithm: Incomplete | None = None, + salt_length: Incomplete | None = None, + marshaling_algorithm: Incomplete | None = None, + mount_point="transit", + ): ... + def backup_key(self, name, mount_point="transit"): ... + def restore_key(self, backup, name: Incomplete | None = None, force: Incomplete | None = None, mount_point="transit"): ... + def trim_key(self, name, min_version, mount_point="transit"): ... diff --git a/stubs/hvac/hvac/api/system_backend/__init__.pyi b/stubs/hvac/hvac/api/system_backend/__init__.pyi new file mode 100644 index 000000000..23533ef38 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/__init__.pyi @@ -0,0 +1,63 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.audit import Audit as Audit +from hvac.api.system_backend.auth import Auth as Auth +from hvac.api.system_backend.capabilities import Capabilities as Capabilities +from hvac.api.system_backend.health import Health as Health +from hvac.api.system_backend.init import Init as Init +from hvac.api.system_backend.key import Key as Key +from hvac.api.system_backend.leader import Leader as Leader +from hvac.api.system_backend.lease import Lease as Lease +from hvac.api.system_backend.mount import Mount as Mount +from hvac.api.system_backend.namespace import Namespace as Namespace +from hvac.api.system_backend.policies import Policies as Policies +from hvac.api.system_backend.policy import Policy as Policy +from hvac.api.system_backend.quota import Quota as Quota +from hvac.api.system_backend.raft import Raft as Raft +from hvac.api.system_backend.seal import Seal as Seal +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin as SystemBackendMixin +from hvac.api.system_backend.wrapping import Wrapping as Wrapping +from hvac.api.vault_api_category import VaultApiCategory + +__all__ = ( + "Audit", + "Auth", + "Capabilities", + "Health", + "Init", + "Key", + "Leader", + "Lease", + "Mount", + "Namespace", + "Policies", + "Policy", + "Quota", + "Raft", + "Seal", + "SystemBackend", + "SystemBackendMixin", + "Wrapping", +) + +class SystemBackend( + VaultApiCategory, + Audit, + Auth, + Capabilities, + Health, + Init, + Key, + Leader, + Lease, + Mount, + Namespace, + Policies, + Policy, + Quota, + Raft, + Seal, + Wrapping, +): + implemented_classes: Incomplete + unimplemented_classes: Incomplete diff --git a/stubs/hvac/hvac/api/system_backend/audit.pyi b/stubs/hvac/hvac/api/system_backend/audit.pyi new file mode 100644 index 000000000..b1e5bc0d7 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/audit.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Audit(SystemBackendMixin): + def list_enabled_audit_devices(self): ... + def enable_audit_device( + self, + device_type, + description: Incomplete | None = None, + options: Incomplete | None = None, + path: Incomplete | None = None, + local: Incomplete | None = None, + ): ... + def disable_audit_device(self, path): ... + def calculate_hash(self, path, input_to_hash): ... diff --git a/stubs/hvac/hvac/api/system_backend/auth.pyi b/stubs/hvac/hvac/api/system_backend/auth.pyi new file mode 100644 index 000000000..70f37609f --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/auth.pyi @@ -0,0 +1,30 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Auth(SystemBackendMixin): + def list_auth_methods(self): ... + def enable_auth_method( + self, + method_type, + description: Incomplete | None = None, + config: Incomplete | None = None, + plugin_name: Incomplete | None = None, + local: bool = False, + path: Incomplete | None = None, + **kwargs, + ): ... + def disable_auth_method(self, path): ... + def read_auth_method_tuning(self, path): ... + def tune_auth_method( + self, + path, + default_lease_ttl: Incomplete | None = None, + max_lease_ttl: Incomplete | None = None, + description: Incomplete | None = None, + audit_non_hmac_request_keys: Incomplete | None = None, + audit_non_hmac_response_keys: Incomplete | None = None, + listing_visibility: Incomplete | None = None, + passthrough_request_headers: Incomplete | None = None, + **kwargs, + ): ... diff --git a/stubs/hvac/hvac/api/system_backend/capabilities.pyi b/stubs/hvac/hvac/api/system_backend/capabilities.pyi new file mode 100644 index 000000000..7dab2917e --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/capabilities.pyi @@ -0,0 +1,6 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Capabilities(SystemBackendMixin): + def get_capabilities(self, paths, token: Incomplete | None = None, accessor: Incomplete | None = None): ... diff --git a/stubs/hvac/hvac/api/system_backend/health.pyi b/stubs/hvac/hvac/api/system_backend/health.pyi new file mode 100644 index 000000000..10ff11620 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/health.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Health(SystemBackendMixin): + def read_health_status( + self, + standby_ok: Incomplete | None = None, + active_code: Incomplete | None = None, + standby_code: Incomplete | None = None, + dr_secondary_code: Incomplete | None = None, + performance_standby_code: Incomplete | None = None, + sealed_code: Incomplete | None = None, + uninit_code: Incomplete | None = None, + method: str = "HEAD", + ): ... diff --git a/stubs/hvac/hvac/api/system_backend/init.pyi b/stubs/hvac/hvac/api/system_backend/init.pyi new file mode 100644 index 000000000..c936f9a39 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/init.pyi @@ -0,0 +1,18 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Init(SystemBackendMixin): + def read_init_status(self): ... + def is_initialized(self): ... + def initialize( + self, + secret_shares: Incomplete | None = None, + secret_threshold: Incomplete | None = None, + pgp_keys: Incomplete | None = None, + root_token_pgp_key: Incomplete | None = None, + stored_shares: Incomplete | None = None, + recovery_shares: Incomplete | None = None, + recovery_threshold: Incomplete | None = None, + recovery_pgp_keys: Incomplete | None = None, + ): ... diff --git a/stubs/hvac/hvac/api/system_backend/key.pyi b/stubs/hvac/hvac/api/system_backend/key.pyi new file mode 100644 index 000000000..49897874e --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/key.pyi @@ -0,0 +1,29 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Key(SystemBackendMixin): + def read_root_generation_progress(self): ... + def start_root_token_generation(self, otp: Incomplete | None = None, pgp_key: Incomplete | None = None): ... + def generate_root(self, key, nonce): ... + def cancel_root_generation(self): ... + def get_encryption_key_status(self): ... + def rotate_encryption_key(self): ... + def read_rekey_progress(self, recovery_key: bool = False): ... + def start_rekey( + self, + secret_shares: int = 5, + secret_threshold: int = 3, + pgp_keys: Incomplete | None = None, + backup: bool = False, + require_verification: bool = False, + recovery_key: bool = False, + ): ... + def cancel_rekey(self, recovery_key: bool = False): ... + def rekey(self, key, nonce: Incomplete | None = None, recovery_key: bool = False): ... + def rekey_multi(self, keys, nonce: Incomplete | None = None, recovery_key: bool = False): ... + def read_backup_keys(self, recovery_key: bool = False): ... + def cancel_rekey_verify(self): ... + def rekey_verify(self, key, nonce): ... + def rekey_verify_multi(self, keys, nonce): ... + def read_rekey_verify_progress(self): ... diff --git a/stubs/hvac/hvac/api/system_backend/leader.pyi b/stubs/hvac/hvac/api/system_backend/leader.pyi new file mode 100644 index 000000000..c46711c1b --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/leader.pyi @@ -0,0 +1,5 @@ +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Leader(SystemBackendMixin): + def read_leader_status(self): ... + def step_down(self): ... diff --git a/stubs/hvac/hvac/api/system_backend/lease.pyi b/stubs/hvac/hvac/api/system_backend/lease.pyi new file mode 100644 index 000000000..817ae2a42 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/lease.pyi @@ -0,0 +1,11 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Lease(SystemBackendMixin): + def read_lease(self, lease_id): ... + def list_leases(self, prefix): ... + def renew_lease(self, lease_id, increment: Incomplete | None = None): ... + def revoke_lease(self, lease_id): ... + def revoke_prefix(self, prefix): ... + def revoke_force(self, prefix): ... diff --git a/stubs/hvac/hvac/api/system_backend/mount.pyi b/stubs/hvac/hvac/api/system_backend/mount.pyi new file mode 100644 index 000000000..729b29cf8 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/mount.pyi @@ -0,0 +1,36 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Mount(SystemBackendMixin): + def list_mounted_secrets_engines(self): ... + def retrieve_mount_option(self, mount_point, option_name, default_value: Incomplete | None = None): ... + def enable_secrets_engine( + self, + backend_type, + path: Incomplete | None = None, + description: Incomplete | None = None, + config: Incomplete | None = None, + plugin_name: Incomplete | None = None, + options: Incomplete | None = None, + local: bool = False, + seal_wrap: bool = False, + **kwargs, + ): ... + def disable_secrets_engine(self, path): ... + def read_mount_configuration(self, path): ... + def tune_mount_configuration( + self, + path, + default_lease_ttl: Incomplete | None = None, + max_lease_ttl: Incomplete | None = None, + description: Incomplete | None = None, + audit_non_hmac_request_keys: Incomplete | None = None, + audit_non_hmac_response_keys: Incomplete | None = None, + listing_visibility: Incomplete | None = None, + passthrough_request_headers: Incomplete | None = None, + options: Incomplete | None = None, + force_no_cache: Incomplete | None = None, + **kwargs, + ): ... + def move_backend(self, from_path, to_path): ... diff --git a/stubs/hvac/hvac/api/system_backend/namespace.pyi b/stubs/hvac/hvac/api/system_backend/namespace.pyi new file mode 100644 index 000000000..68e86561c --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/namespace.pyi @@ -0,0 +1,6 @@ +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Namespace(SystemBackendMixin): + def create_namespace(self, path): ... + def list_namespaces(self): ... + def delete_namespace(self, path): ... diff --git a/stubs/hvac/hvac/api/system_backend/policies.pyi b/stubs/hvac/hvac/api/system_backend/policies.pyi new file mode 100644 index 000000000..324b0e4da --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/policies.pyi @@ -0,0 +1,15 @@ +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Policies(SystemBackendMixin): + def list_acl_policies(self): ... + def read_acl_policy(self, name): ... + def create_or_update_acl_policy(self, name, policy, pretty_print: bool = True): ... + def delete_acl_policy(self, name): ... + def list_rgp_policies(self): ... + def read_rgp_policy(self, name): ... + def create_or_update_rgp_policy(self, name, policy, enforcement_level): ... + def delete_rgp_policy(self, name): ... + def list_egp_policies(self): ... + def read_egp_policy(self, name): ... + def create_or_update_egp_policy(self, name, policy, enforcement_level, paths): ... + def delete_egp_policy(self, name): ... diff --git a/stubs/hvac/hvac/api/system_backend/policy.pyi b/stubs/hvac/hvac/api/system_backend/policy.pyi new file mode 100644 index 000000000..51de631b3 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/policy.pyi @@ -0,0 +1,7 @@ +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Policy(SystemBackendMixin): + def list_policies(self): ... + def read_policy(self, name): ... + def create_or_update_policy(self, name, policy, pretty_print: bool = True): ... + def delete_policy(self, name): ... diff --git a/stubs/hvac/hvac/api/system_backend/quota.pyi b/stubs/hvac/hvac/api/system_backend/quota.pyi new file mode 100644 index 000000000..a197212ee --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/quota.pyi @@ -0,0 +1,19 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Quota(SystemBackendMixin): + def read_quota(self, name): ... + def list_quotas(self): ... + def create_or_update_quota( + self, + name, + rate, + path: Incomplete | None = None, + interval: Incomplete | None = None, + block_interval: Incomplete | None = None, + role: Incomplete | None = None, + rate_limit_type: Incomplete | None = None, + inheritable: Incomplete | None = None, + ): ... + def delete_quota(self, name): ... diff --git a/stubs/hvac/hvac/api/system_backend/raft.pyi b/stubs/hvac/hvac/api/system_backend/raft.pyi new file mode 100644 index 000000000..7a13149ed --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/raft.pyi @@ -0,0 +1,18 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Raft(SystemBackendMixin): + def join_raft_cluster( + self, + leader_api_addr, + retry: bool = False, + leader_ca_cert: Incomplete | None = None, + leader_client_cert: Incomplete | None = None, + leader_client_key: Incomplete | None = None, + ): ... + def read_raft_config(self): ... + def remove_raft_node(self, server_id): ... + def take_raft_snapshot(self): ... + def restore_raft_snapshot(self, snapshot): ... + def force_restore_raft_snapshot(self, snapshot): ... diff --git a/stubs/hvac/hvac/api/system_backend/seal.pyi b/stubs/hvac/hvac/api/system_backend/seal.pyi new file mode 100644 index 000000000..a0eb8ea76 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/seal.pyi @@ -0,0 +1,10 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Seal(SystemBackendMixin): + def is_sealed(self): ... + def read_seal_status(self): ... + def seal(self): ... + def submit_unseal_key(self, key: Incomplete | None = None, reset: bool = False, migrate: bool = False): ... + def submit_unseal_keys(self, keys, migrate: bool = False): ... diff --git a/stubs/hvac/hvac/api/system_backend/system_backend_mixin.pyi b/stubs/hvac/hvac/api/system_backend/system_backend_mixin.pyi new file mode 100644 index 000000000..44090cd45 --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/system_backend_mixin.pyi @@ -0,0 +1,8 @@ +from _typeshed import Incomplete +from abc import ABCMeta + +from hvac.api.vault_api_base import VaultApiBase + +logger: Incomplete + +class SystemBackendMixin(VaultApiBase, metaclass=ABCMeta): ... diff --git a/stubs/hvac/hvac/api/system_backend/wrapping.pyi b/stubs/hvac/hvac/api/system_backend/wrapping.pyi new file mode 100644 index 000000000..4ca4167cb --- /dev/null +++ b/stubs/hvac/hvac/api/system_backend/wrapping.pyi @@ -0,0 +1,6 @@ +from _typeshed import Incomplete + +from hvac.api.system_backend.system_backend_mixin import SystemBackendMixin + +class Wrapping(SystemBackendMixin): + def unwrap(self, token: Incomplete | None = None): ... diff --git a/stubs/hvac/hvac/api/vault_api_base.pyi b/stubs/hvac/hvac/api/vault_api_base.pyi new file mode 100644 index 000000000..f2b672321 --- /dev/null +++ b/stubs/hvac/hvac/api/vault_api_base.pyi @@ -0,0 +1,7 @@ +from abc import ABCMeta +from logging import Logger + +logger: Logger + +class VaultApiBase(metaclass=ABCMeta): + def __init__(self, adapter) -> None: ... diff --git a/stubs/hvac/hvac/api/vault_api_category.pyi b/stubs/hvac/hvac/api/vault_api_category.pyi new file mode 100644 index 000000000..66fe39f99 --- /dev/null +++ b/stubs/hvac/hvac/api/vault_api_category.pyi @@ -0,0 +1,24 @@ +from abc import ABCMeta, abstractmethod +from collections.abc import Sequence +from logging import Logger + +from hvac.adapters import Adapter +from hvac.api.vault_api_base import VaultApiBase + +logger: Logger + +class VaultApiCategory(VaultApiBase, metaclass=ABCMeta): + implemented_class_names: Sequence[str] + def __init__(self, adapter: Adapter) -> None: ... + def __getattr__(self, item): ... + @property + def adapter(self) -> Adapter: ... + @adapter.setter + def adapter(self, adapter: Adapter) -> None: ... + @property + @abstractmethod + def implemented_classes(self): ... + @property + def unimplemented_classes(self) -> None: ... + @staticmethod + def get_private_attr_name(class_name): ... diff --git a/stubs/hvac/hvac/aws_utils.pyi b/stubs/hvac/hvac/aws_utils.pyi new file mode 100644 index 000000000..134fd4b2f --- /dev/null +++ b/stubs/hvac/hvac/aws_utils.pyi @@ -0,0 +1,9 @@ +class SigV4Auth: + access_key: str + secret_key: str + session_token: str | None + region: str + def __init__(self, access_key: str, secret_key: str, session_token: str | None = None, region: str = "us-east-1") -> None: ... + def add_auth(self, request) -> None: ... + +def generate_sigv4_auth_request(header_value: str | None = None): ... diff --git a/stubs/hvac/hvac/constants/__init__.pyi b/stubs/hvac/hvac/constants/__init__.pyi new file mode 100644 index 000000000..e69de29bb diff --git a/stubs/hvac/hvac/constants/approle.pyi b/stubs/hvac/hvac/constants/approle.pyi new file mode 100644 index 000000000..1eb6dc9a0 --- /dev/null +++ b/stubs/hvac/hvac/constants/approle.pyi @@ -0,0 +1,4 @@ +from collections.abc import Iterable + +DEFAULT_MOUNT_POINT: str +ALLOWED_TOKEN_TYPES: Iterable[str] diff --git a/stubs/hvac/hvac/constants/aws.pyi b/stubs/hvac/hvac/constants/aws.pyi new file mode 100644 index 000000000..7fed919b4 --- /dev/null +++ b/stubs/hvac/hvac/constants/aws.pyi @@ -0,0 +1,7 @@ +from collections.abc import Iterable + +DEFAULT_MOUNT_POINT: str +ALLOWED_CREDS_ENDPOINTS: Iterable[str] +ALLOWED_CREDS_TYPES: Iterable[str] +ALLOWED_IAM_ALIAS_TYPES: Iterable[str] +ALLOWED_EC2_ALIAS_TYPES: Iterable[str] diff --git a/stubs/hvac/hvac/constants/azure.pyi b/stubs/hvac/hvac/constants/azure.pyi new file mode 100644 index 000000000..c857aa27d --- /dev/null +++ b/stubs/hvac/hvac/constants/azure.pyi @@ -0,0 +1,3 @@ +from collections.abc import Iterable + +VALID_ENVIRONMENTS: Iterable[str] diff --git a/stubs/hvac/hvac/constants/client.pyi b/stubs/hvac/hvac/constants/client.pyi new file mode 100644 index 000000000..81d22815b --- /dev/null +++ b/stubs/hvac/hvac/constants/client.pyi @@ -0,0 +1,8 @@ +from hvac.utils import _DeprecateProperty + +DEPRECATED_PROPERTIES: dict[str, _DeprecateProperty] +DEFAULT_URL: str +VAULT_CACERT: str | None +VAULT_CAPATH: str | None +VAULT_CLIENT_CERT: str | None +VAULT_CLIENT_KEY: str | None diff --git a/stubs/hvac/hvac/constants/gcp.pyi b/stubs/hvac/hvac/constants/gcp.pyi new file mode 100644 index 000000000..1c0bd6786 --- /dev/null +++ b/stubs/hvac/hvac/constants/gcp.pyi @@ -0,0 +1,8 @@ +from collections.abc import Iterable + +DEFAULT_MOUNT_POINT: str +ALLOWED_ROLE_TYPES: Iterable[str] +ALLOWED_SECRETS_TYPES: Iterable[str] +SERVICE_ACCOUNT_KEY_ALGORITHMS: Iterable[str] +SERVICE_ACCOUNT_KEY_TYPES: Iterable[str] +GCP_CERTS_ENDPOINT: str diff --git a/stubs/hvac/hvac/constants/identity.pyi b/stubs/hvac/hvac/constants/identity.pyi new file mode 100644 index 000000000..ec4f9638f --- /dev/null +++ b/stubs/hvac/hvac/constants/identity.pyi @@ -0,0 +1,3 @@ +from collections.abc import Iterable + +ALLOWED_GROUP_TYPES: Iterable[str] diff --git a/stubs/hvac/hvac/constants/transit.pyi b/stubs/hvac/hvac/constants/transit.pyi new file mode 100644 index 000000000..af633211f --- /dev/null +++ b/stubs/hvac/hvac/constants/transit.pyi @@ -0,0 +1,12 @@ +from collections.abc import Iterable +from re import Pattern + +ALLOWED_KEY_TYPES: Iterable[str] +ALLOWED_EXPORT_KEY_TYPES: Iterable[str] +ALLOWED_DATA_KEY_TYPES: Iterable[str] +ALLOWED_DATA_KEY_BITS: Iterable[int] +ALLOWED_HASH_DATA_ALGORITHMS: Iterable[str] +ALLOWED_HASH_DATA_FORMATS: Iterable[str] +ALLOWED_SIGNATURE_ALGORITHMS: Iterable[str] +ALLOWED_MARSHALING_ALGORITHMS: Iterable[str] +ALLOWED_SALT_LENGTHS: Pattern[str] diff --git a/stubs/hvac/hvac/exceptions.pyi b/stubs/hvac/hvac/exceptions.pyi new file mode 100644 index 000000000..5aec65640 --- /dev/null +++ b/stubs/hvac/hvac/exceptions.pyi @@ -0,0 +1,42 @@ +from collections.abc import Iterable +from typing import Any +from typing_extensions import Self + +class VaultError(Exception): + errors: Iterable[Any] | str | None + method: str | None + url: str | None + text: str | None + json: object + def __init__( + self, + message: str | None = None, + errors: Iterable[Any] | str | None = None, + method: str | None = None, + url: str | None = None, + text: str | None = None, + json: object | None = None, + ) -> None: ... + @classmethod + def from_status( + cls, + status_code: int, + message: str | None = ..., + errors: Iterable[Any] | str | None = ..., + method: str | None = ..., + url: str | None = ..., + text: str | None = ..., + json: object | None = ..., + ) -> Self: ... + +class InvalidRequest(VaultError): ... +class Unauthorized(VaultError): ... +class Forbidden(VaultError): ... +class InvalidPath(VaultError): ... +class RateLimitExceeded(VaultError): ... +class InternalServerError(VaultError): ... +class VaultNotInitialized(VaultError): ... +class VaultDown(VaultError): ... +class UnexpectedError(VaultError): ... +class BadGateway(VaultError): ... +class ParamValidationError(VaultError): ... diff --git a/stubs/hvac/hvac/utils.pyi b/stubs/hvac/hvac/utils.pyi new file mode 100644 index 000000000..75e86eb61 --- /dev/null +++ b/stubs/hvac/hvac/utils.pyi @@ -0,0 +1,45 @@ +from collections.abc import Callable, Iterable, Mapping +from typing import Any, NoReturn, TypedDict, TypeVar +from typing_extensions import NotRequired + +class _DeprecateProperty(TypedDict): + to_be_removed_in_version: str + client_property: str + new_property: NotRequired[str] + +_T = TypeVar("_T") +_K = TypeVar("_K") +_V = TypeVar("_V") + +def raise_for_error( + method: str, + url: str, + status_code: int, + message: str | None = None, + errors: Iterable[Any] | str | None = None, + text: str | None = None, + json: object | None = None, +) -> NoReturn: ... +def aliased_parameter( + name: str, *aliases: str, removed_in_version: str | None, position: int | None = None, raise_on_multiple: bool = True +) -> Callable[..., Any]: ... +def generate_parameter_deprecation_message( + to_be_removed_in_version: str, old_parameter_name: str, new_parameter_name: str | None = None, extra_notes: str | None = None +) -> str: ... +def generate_method_deprecation_message( + to_be_removed_in_version: str, old_method_name: str, method_name: str | None = None, module_name: str | None = None +) -> str: ... +def generate_property_deprecation_message( + to_be_removed_in_version: str, old_name: str, new_name: str, new_attribute: str, module_name: str = "Client" +) -> str: ... +def getattr_with_deprecated_properties(obj: object, item: str, deprecated_properties: dict[str, _DeprecateProperty]) -> Any: ... +def deprecated_method(to_be_removed_in_version: str, new_method: Callable[..., Any] | None = None) -> Callable[..., Any]: ... +def validate_list_of_strings_param(param_name: str, param_argument: Iterable[Any] | str) -> None: ... +def list_to_comma_delimited(list_param: Iterable[str] | None) -> str: ... +def get_token_from_env() -> str | None: ... +def comma_delimited_to_list(list_param: Iterable[_T]) -> Iterable[_T]: ... + +# the docstring states that this function returns a bool, but the code does not return anything +def validate_pem_format(param_name: str, param_argument: str) -> None: ... +def remove_nones(params: Mapping[_K, _V | None]) -> Mapping[_K, _V]: ... +def format_url(format_str: str, *args: Any, **kwargs: Any) -> str: ... diff --git a/stubs/hvac/hvac/v1/__init__.pyi b/stubs/hvac/hvac/v1/__init__.pyi new file mode 100644 index 000000000..716cdd835 --- /dev/null +++ b/stubs/hvac/hvac/v1/__init__.pyi @@ -0,0 +1,72 @@ +from _typeshed import Incomplete +from typing import Any + +from hvac.adapters import Adapter + +has_hcl_parser: bool + +class Client: + def __init__( + self, + url: str | None = None, + token: str | None = None, + cert: tuple[str, str] | None = None, + verify: bool | str | None = None, + timeout: int = 30, + proxies: dict[str, str] | None = None, + allow_redirects: bool = True, + session: Incomplete | None = None, + adapter: type[Adapter] = ..., + namespace: Incomplete | None = None, + **kwargs: Any, + ) -> None: ... + def __getattr__(self, name: str) -> Any: ... + @property + def adapter(self) -> Adapter: ... + @adapter.setter + def adapter(self, adapter: Adapter) -> None: ... + @property + def url(self) -> str: ... + @url.setter + def url(self, url: str) -> None: ... + @property + def token(self) -> str: ... + @token.setter + def token(self, token: str) -> None: ... + @property + def session(self): ... + @session.setter + def session(self, session) -> None: ... + @property + def allow_redirects(self) -> bool: ... + @allow_redirects.setter + def allow_redirects(self, allow_redirects: bool) -> None: ... + @property + def auth(self): ... + @property + def secrets(self): ... + @property + def sys(self): ... + @property + def generate_root_status(self): ... + @property + def key_status(self): ... + @property + def rekey_status(self): ... + @property + def ha_status(self): ... + @property + def seal_status(self): ... + def read(self, path: str, wrap_ttl: int | str | None = None): ... + def list(self, path: str): ... + def write(self, path: str, wrap_ttl: int | str | None, **kwargs: Any): ... + def write_data(self, path: str, *, data: dict[str, Any] | None = None, wrap_ttl: int | str | None = None): ... + def delete(self, path: str) -> None: ... + def get_policy(self, name: str, parse: bool = False): ... + def lookup_token(self, token: str | None = None, accessor: bool = False, wrap_ttl: int | str | None = None): ... + def revoke_token(self, token: str, orphan: bool = False, accessor: bool = False) -> None: ... + def renew_token(self, token: str, increment: bool | None = None, wrap_ttl: int | str | None = None): ... + def logout(self, revoke_token: bool = False) -> None: ... + def is_authenticated(self) -> bool: ... + def auth_cubbyhole(self, token: str): ... + def login(self, url: str, use_token: bool = True, **kwargs: Any): ...