SFLvaultClient object

This is was is called when you run sflvault connect s#1 or other sflvault ... commands.

It wraps all the functionality of querying the remote vault, decrypting and displaying the results.

class sflvault.client.SFLvaultClient(config, shell=False)

This is the main SFLvault Client object.

It is used to script some access to the vault, to retrieve data, to store data, or to create a GUI interface on the top of it.

Whether you want to access a local or remote Vault server, this is the object you need.

Set up initial configuration for function calls

Parameters:

• config – Configuration filename to use.
• shell – if True, the private key will be cached for a while, not asking your password for each query to the vault.

connect(vid, with_show=False, command_line='')

Connect to a distant machine (using SSH for now)

customer_get(customer_id)

Get information to be edited

customer_list(customer_id=None)

List customers in the vault and possibly corresponding to the needed id

Keywords arguments:

customer_id – Id of the needed customer to list

Returns a list of dicts:

[{‘id’: ‘%d’,’name’: ‘blah’}]

customer_put(customer_id, data)

Save the (potentially modified) customer to the Vault

group_add(group_name)

Add a named group to the Vault. Return the group id.

group_del(group_id, delete_cascade=False)

Remove a group from the Vault, making sure no services are left behind.

group_get(group_id)

Get information to be edited

group_list(quiet=False)

Simply list the available groups

group_put(group_id, data)

Save the (potentially modified) Group to the Vault

machine_add(customer_id, name='', fqdn='', ip='', location='', notes='')

Add a machine to the database.

machine_get(machine_id)

Get information to be edited

machine_put(machine_id, data)

Save the (potentially modified) machine to the Vault

search(query, filters=None, verbose=True)

Search the database for query terms.

Arguments:

query: list of REGEXPs to be matched.

filters: dict with keys in [‘groups’, ‘machines’, ‘customers’] that limits the records returned to those matching those constraints. The values can be either int or str (representing an int).

verbose (bool): shows the notes and location attributes for services and machines.

Returns:

Hierarchical view of the results.

service_add(machine_id, parent_service_id, url, group_ids, secret, notes='', metadata=None)

Add a service to the Vault’s database.

Arguments:

machine_id: A m#id machine identifier.

parent_service_id: A s#id, parent service ID, to which you should connect before connecting to the service you’re adding. Specify 0 or None if no parent exist. If you set this, machine_id is disregarded.

url: URL of the service, with username, port and path if required

group_ids: Multiple group IDs the service is part of. See list-groups

notes: Simple text field, with notes.

secret: Password for the service. Plain-text.

metadata: Dictionary with metadata for services (depends on service).

service_get(service_id, decrypt=True, group_id=None)

Get information to be edited

service_get_tree(service_id, with_groups=False)

Get information to be edited

service_passwd(service_id, newsecret)

Updates the password on the Vault for a certain service

service_put(service_id, data)

Save the (potentially modified) service to the Vault

set_getpassfunc(func=None)

Set the function to ask for passphrase.

By default, it is set to _getpass, which asks for the passphrase on the command line, but you can create a new function, that would for example pop-up a window, or use another mechanism to ask for passphrase and continue authentication.

show(service_id, verbose=False, with_groups=False)

Show informations to connect to a particular service

user_list(groups=False)

List users

groups - if True, list groups for each user also

user_passwd(new_passphrase=None)

Change the password protecting the local private key.

user_setup(username, vault_url, passphrase=None)

Sets up the local configuration to communicate with the Vault.

username - the name with which an admin prepared (with add-user)

your account.

vault_url - the URL pointing to the XML-RPC interface of the vault

(typically host://domain.example.org:5000/vault/rpc

passphrase - use the given passphrase instead of asking it on the

command line.

vaultId(vid, prefix, check_alias=True)

Return an integer value for a given VaultID.

A VaultID can be one of the following:

• 123 - treated as is, and assumed to be of type prefix.
• m#123 - checked against prefix, otherwise raises an exception.
• alias - checked against prefix and the aliases that are in the configuration, returns an integer, or raises an exception.

Parameters:check_alias – check for matching aliases if True, otherwise only the two first cases are treated.