Merge pull request #215 from bbayszczak/add_secret_tuning_params

add tuning params to tune_secret_backend method
hvac · Jul 13, 2018 · 93e8cae · 93e8cae
2 parents 09188e1 + 2cac0c8
commit 93e8cae
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,4 +11,4 @@
 /cover
 *~
 
-/hvac/version
+/hvac/version
diff --git a/hvac/v1/__init__.py b/hvac/v1/__init__.py
@@ -321,20 +321,56 @@ def enable_secret_backend(self, backend_type, description=None, mount_point=None
 
         self._post('/v1/sys/mounts/{0}'.format(mount_point), json=params)
 
-    def tune_secret_backend(self, backend_type, mount_point=None, default_lease_ttl=None, max_lease_ttl=None):
+    def tune_secret_backend(self, backend_type, mount_point=None, default_lease_ttl=None, max_lease_ttl=None, description=None,
+                            audit_non_hmac_request_keys=None, audit_non_hmac_response_keys=None, listing_visibility=None,
+                            passthrough_request_headers=None):
         """
         POST /sys/mounts/<mount point>/tune
+
+        :param backend_type: Type of the secret backend to modify
+        :type backend_type: str
+        :param mount_point: The path the associated secret backend is mounted
+        :type mount_point: str
+        :param description: Specifies the description of the mount. This overrides the current stored value, if any.
+        :type description: str
+        :param default_lease_ttl: Default time-to-live. This overrides the global default. A value of 0 is equivalent to the system default TTL
+        :type default_lease_ttl: int
+        :param max_lease_ttl: Maximum time-to-live. This overrides the global default. A value of 0 are equivalent and set to the system max TTL.
+        :type max_lease_ttl: int
+        :param audit_non_hmac_request_keys: Specifies the comma-separated list of keys that will not be HMAC'd by
+        audit devices in the request data object.
+        :type audit_non_hmac_request_keys: list
+        :param audit_non_hmac_response_keys: Specifies the comma-separated list of keys that will not be HMAC'd
+        by audit devices in the response data object.
+        :type audit_non_hmac_response_keys: list
+        :param listing_visibility: Speficies whether to show this mount in the UI-specific listing endpoint.
+        Valid values are "unauth" or "".
+        :type listing_visibility: str
+        :param passthrough_request_headers: Comma-separated list of headers to whitelist and pass from the request
+        to the backend.
+        :type passthrough_request_headers: str
+
+        :return: dict, The JSON response from Vault
         """
 
         if not mount_point:
             mount_point = backend_type
-
-        params = {
-            'default_lease_ttl': default_lease_ttl,
-            'max_lease_ttl': max_lease_ttl
-        }
-
-        self._post('/v1/sys/mounts/{0}/tune'.format(mount_point), json=params)
+        # All parameters are optional for this method. Until/unless we include input validation, we simply loop over the
+        # parameters and add which parameters are set.
+        optional_parameters = [
+            'default_lease_ttl',
+            'max_lease_ttl',
+            'description',
+            'audit_non_hmac_request_keys',
+            'audit_non_hmac_response_keys',
+            'listing_visibility',
+            'passthrough_request_headers',
+        ]
+        params = {}
+        for optional_parameter in optional_parameters:
+            if locals().get(optional_parameter) is not None:
+                params[optional_parameter] = locals().get(optional_parameter)
+        return self._post('/v1/sys/mounts/{0}/tune'.format(mount_point), json=params)
 
     def get_secret_backend_tuning(self, backend_type, mount_point=None):
         """