Azure Secret Engine (#287)

* Break out wrappers TOC with more depth

* Shorten redudnant heading

* Fix auth=>secret typo, better looking usage links

* Alphabetical

* Remove inadvertently added v1 module path prefix

* Azure secret engine docs

* Azure secret engine tests / test updates

* Azure secret engine class

* update skip version num

docs/usage.rst

@@ -7,4 +7,11 @@ Usage
    usage/secrets_engines/index
    usage/auth_methods/index
    usage/system_backend
+
+Wrappers
+--------
+
+.. toctree::
+   :maxdepth: 3
+
    usage/wrappers/index

docs/usage/auth_methods/azure.rst

@@ -1,7 +1,7 @@
 .. _azure-auth-method:
 
-Azure Auth Method
-==================
+Azure
+=====
 
 .. note::
     Every method under the :py:attr:`Client class's azure attribute<hvac.v1.Client.azure.auth>` includes a `mount_point` parameter that can be used to address the Azure auth method under a custom mount path. E.g., If enabling the Azure auth method using Vault's CLI commands via `vault auth enable -path=my-azure azure`", the `mount_point` parameter in :py:meth:`hvac.api.auth.Azure` methods would be set to "my-azure".

docs/usage/secrets_engines/azure.rst

@@ -1,4 +1,108 @@
 .. _azure-secret-engine:
 
-Azure Secret Engine
-===================
+Azure
+=====
+
+.. note::
+    Every method under the :py:attr:`Azure class<hvac.api.secrets_engines.Azure>` includes a `mount_point` parameter that can be used to address the Azure secret engine under a custom mount path. E.g., If enabling the Azure secret engine using Vault's CLI commands via `vault secrets enable -path=my-azure azure`", the `mount_point` parameter in :py:meth:`hvac.api.secrets_engines.Azure` methods would need to be set to "my-azure".
+
+
+Configure
+---------
+
+:py:meth:`hvac.api.secrets_engines.Azure.configure`
+
+.. code:: python
+
+    import hvac
+    client = hvac.Client()
+
+    client.azure.secret.configure(
+        subscription_id='my-subscription-id',
+        tenant_id='my-tenant-id',
+    )
+
+Read Config
+-----------
+
+:py:meth:`hvac.api.secrets_engines.Azure.read_config`
+
+.. code:: python
+
+    import hvac
+    client = hvac.Client()
+
+    azure_secret_config = client.azure.secret.read_config()
+    print('The Azure secret engine is configured with a subscription ID of {id}'.format(
+        id=azure_secret_config['subscription_id'],
+    ))
+
+Delete Config
+-------------
+
+:py:meth:`hvac.api.secrets_engines.Azure.delete_config`
+
+.. code:: python
+
+    import hvac
+    client = hvac.Client()
+
+    client.azure.secret.delete_config()
+
+Create Or Update A Role
+-----------------------
+
+:py:meth:`hvac.api.secrets_engines.Azure.create_or_update_role`
+
+.. code:: python
+
+    import hvac
+    client = hvac.Client()
+
+
+    azure_roles = [
+        {
+            'role_name': "Contributor",
+            'scope': "/subscriptions/95e675fa-307a-455e-8cdf-0a66aeaa35ae",
+        },
+    ]
+    client.azure.secret.create_or_update_role(
+        name='my-azure-secret-role',
+        azure_roles=azure_roles,
+    )
+
+List Roles
+----------
+
+:py:meth:`hvac.api.secrets_engines.Azure.list_roles`
+
+.. code:: python
+
+    import hvac
+    client = hvac.Client()
+
+    azure_secret_engine_roles = client.azure.secret.list_roles()
+    print('The following Azure secret roles are configured: {roles}'.format(
+        roles=','.join(roles['keys']),
+    ))
+
+
+Generate Credentials
+--------------------
+
+:py:meth:`hvac.api.secrets_engines.Azure.generate_credentials`
+
+.. code:: python
+
+    import hvac
+    from azure.common.credentials import ServicePrincipalCredentials
+
+    client = hvac.Client()
+    azure_creds = client.azure.secret.secret.generate_credentials(
+        name='some-azure-role-name',
+    )
+    azure_spc = ServicePrincipalCredentials(
+        client_id=azure_creds['client_id'],
+        secret=azure_creds['client_secret'],
+        tenant=TENANT_ID,
+    )

docs/usage/wrappers/azure.rst

@@ -1,12 +1,14 @@
 Azure
 =====
 
-The :py:class:`hvac.api.azure.Azure` instance under the :py:attr:`Client class's azure attribute<hvac.v1.Client.azure>` is a wrapper to expose either the :py:class:`Azure auth method class<hvac.api.auth.Azure>` or the :py:class:`Azure secret engine class<hvac.api.secrets_engines.Azure>`. The instances of these classes are under the :py:meth:`auth<hvac.v1.api.azure.Azure.auth>` and :py:meth:`secret<hvac.v1.api.azure.Azure.secret>` attributes respectively.
+The :py:class:`hvac.api.azure.Azure` instance under the :py:attr:`Client class's azure attribute<hvac.v1.Client.azure>` is a wrapper to expose either the :py:class:`Azure auth method class<hvac.api.auth.Azure>` or the :py:class:`Azure secret engine class<hvac.api.secrets_engines.Azure>`. The instances of these classes are under the :py:meth:`auth<hvac.api.azure.Azure.auth>` and :py:meth:`secret<hvac.api.azure.Azure.secret>` attributes respectively.
 
 Auth Method
 -----------
 
-:ref:`azure-auth-method`.
+.. note::
+
+	Additional examples available at: :ref:`Azure Auth Method Usage<azure-auth-method>`.
 
 Calling a Azure auth method:
 
@@ -30,7 +32,9 @@ Calling a Azure auth method:
 Secret Engine
 -------------
 
-:ref:`azure-secret-engine`.
+.. note::
+
+	Additional examples available at: :ref:`Azure Secret Engine Usage<azure-secret-engine>`.
 
 Calling a Azure secret engine method:
 
@@ -43,10 +47,10 @@ Calling a Azure secret engine method:
 	client.azure.secret.configure(
 		# [...]
 	)
-	client.azure.auth.create_or_update_role(
+	client.azure.secret.create_or_update_role(
 		name='some-azure-role-name',
 	)
-	azure_creds = client.azure.auth.generate_credentials(
+	azure_creds = client.azure.secret.generate_credentials(
 		name='some-azure-role-name',
 	)
 	azure_spc = ServicePrincipalCredentials(

docs/usage/wrappers/index.rst

@@ -4,5 +4,5 @@ Wrappers
 .. toctree::
    :maxdepth: 2
 
-   kv
    azure
+   kv

hvac/api/azure.py

@@ -3,7 +3,7 @@
 import logging
 
 from hvac.api.auth import azure as azure_auth_method
-# from hvac.api.secrets_engines import azure as azure_secret_engine
+from hvac.api.secrets_engines import azure as azure_secret_engine
 from hvac.api.vault_api_base import VaultApiBase
 
 logger = logging.getLogger(__name__)
@@ -25,7 +25,7 @@ def __init__(self, adapter):
         super(Azure, self).__init__(adapter=adapter)
 
         self._azure_auth = azure_auth_method.Azure(adapter=self._adapter)
-        # self._azure_secret = azure_secret_engine.Azure(adapter=self._adapter)
+        self._azure_secret = azure_secret_engine.Azure(adapter=self._adapter)
 
     @property
     def auth(self):
@@ -39,14 +39,11 @@ def auth(self):
     @property
     def secret(self):
         """Accessor for Azure secret engine instance. Provided via the :py:class:`hvac.api.secrets_engines.Azure` class.
-        .. warning::
-
-            Note: Not currently implemented.
 
         :return: This Azure instance's associated secrets_engines.Azure instance.
         :rtype: hvac.api.secrets_engines.Azure
         """
-        raise NotImplementedError
+        return self._azure_secret
 
     def __getattr__(self, item):
         """Overridden magic method used to direct method calls to the appropriate auth or secret Azure instance.
@@ -58,7 +55,7 @@ def __getattr__(self, item):
         """
         if hasattr(self._azure_auth, item):
             return getattr(self._azure_auth, item)
-        # elif hasattr(self._azure_secret, item):
-        #     return getattr(self._azure_secret, item)
+        elif hasattr(self._azure_secret, item):
+            return getattr(self._azure_secret, item)
 
         raise AttributeError

hvac/api/secrets_engines/__init__.py

@@ -2,11 +2,13 @@
 Vault secrets engines endpoints
 
 """
+from hvac.api.secrets_engines.azure import Azure
 from hvac.api.secrets_engines.kv import Kv
 from hvac.api.secrets_engines.kv_v1 import KvV1
 from hvac.api.secrets_engines.kv_v2 import KvV2
 
 __all__ = (
+    'Azure',
     'Kv',
     'KvV1',
     'KvV2',