Add docs for auth_cubbyhole

hvac · Apr 13, 2019 · a3213ab · a3213ab
1 parent a928808
commit a3213ab
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/docs/usage/auth_methods/token.rst b/docs/usage/auth_methods/token.rst
@@ -40,10 +40,20 @@ Lookup and revoke tokens via a token accessor:
     same_token = client.lookup_token(token_accessor, accessor=True)
     client.revoke_token(token_accessor, accessor=True)
 
-Wrapping/unwrapping a token:
 
+Wrapping/unwrapping a token:
 
 .. code:: python
 
     wrap = client.create_token(policies=['root'], lease='1h', wrap_ttl='1m')
     result = self.client.unwrap(wrap['wrap_info']['token'])
+
+
+Login with a wrapped token:
+
+.. code:: python
+
+    wrap = client.create_token(policies=['root'], lease='1h', wrap_ttl='1m')
+    new_client = hvac.Client()
+    new_client.auth_cubbyhole(wrap['wrap_info']['token'])
+    assert new_client.token != wrapped_token['wrap_info']['token']
diff --git a/hvac/v1/__init__.py b/hvac/v1/__init__.py
@@ -1165,12 +1165,15 @@ def create_ec2_role_tag(self, role, policies=None, max_ttl=None, instance_id=Non
         return self._adapter.post('/v1/auth/{0}/role/{1}/tag'.format(mount_point, role), json=params)
 
     def auth_cubbyhole(self, token):
-        """POST /v1/sys/wrapping/unwrap
+        """Perform a login request with a wrapped token.
 
-        :param token:
-        :type token:
-        :return:
-        :rtype:
+        Stores the unwrapped token in the resulting Vault response for use by the :py:meth:`hvac.adapters.Adapter`
+            instance under the _adapater Client attribute.
+
+        :param token: Wrapped token
+        :type token: str | unicode
+        :return: The (JSON decoded) response of the auth request
+        :rtype: dict
         """
         self.token = token
         return self.login('/v1/sys/wrapping/unwrap')