vault_api_client {vaultr} | R Documentation |
Vault Low-Level Client
Description
Vault Low-Level Client
Vault Low-Level Client
Details
Low-level API client. This can be used to directly communicate with the vault server. This object will primarily be useful for debugging, testing or developing new vault methods, but is nonetheless described here.
Super class
vaultr::vault_client_object
-> vault_api_client
Public fields
addr
The vault address (with protocol, hostname and port)
base_url
The base url (with protocol, hostname, port and api version path)
tls_config
Information used in TLS config, if used
namespace
The vault namespace, if used
token
The vault token, if authenticated
version
The vault server version, once queried
Methods
Public methods
Inherited methods
Method new()
Create a new api client
Usage
vault_api_client$new(addr = NULL, tls_config = NULL, namespace = NULL)
Arguments
addr
Address of the vault server
tls_config
Optional TLS config
namespace
Optional namespace
Method request()
Make a request to the api. Typically you should use
one of the higher-level wrappers, such as $GET
or $POST
.
Usage
vault_api_client$request(verb, path, ..., token = self$token)
Arguments
verb
The HTTP verb to use, as a
httr
function (e.g., passhttr::GET
for aGET
request).path
The request path
...
Additional arguments passed to the
httr
functiontoken
Optional token, overriding the client token
Method is_authenticated()
Test if the vault client currently holds a vault token. This method does not verify the token - only test that is present.
Usage
vault_api_client$is_authenticated()
Method set_token()
Set a token within the client
Usage
vault_api_client$set_token(token, verify = FALSE, quiet = FALSE)
Arguments
token
String, with the new vault client token
verify
Logical, indicating if we should test that the token is valid. If
TRUE
, then we use$verify_token()
to test the token before setting it and if it is not valid an error will be thrown and the token not set.quiet
Logical, if
TRUE
, then informational messages will be suppressed.
Method verify_token()
Test that a token is valid with the vault.
This will call vault's /sys/capabilities-self
endpoint with the
token provided and check the /sys
path.
Usage
vault_api_client$verify_token(token, quiet = TRUE)
Arguments
token
String, with the vault client token to test
quiet
Logical, if
TRUE
, then informational messages will be suppressed
Method server_version()
Retrieve the vault server version. This is by default cached within the client for a session. Will return an R numeric_version object.
Usage
vault_api_client$server_version(refresh = FALSE)
Arguments
refresh
Logical, indicating if the server version information should be refreshed even if known.
Method GET()
Send a GET
request to the vault server
Usage
vault_api_client$GET(path, ...)
Arguments
path
The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.
...
Additional
httr
-compatible options. These will be named parameters orhttr
"request" objects.
Method LIST()
Send a LIST
request to the vault server
Usage
vault_api_client$LIST(path, ...)
Arguments
path
The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.
...
Additional
httr
-compatible options. These will be named parameters orhttr
"request" objects.
Method POST()
Send a POST
request to the vault server
Usage
vault_api_client$POST(path, ...)
Arguments
path
The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.
...
Additional
httr
-compatible options. These will be named parameters orhttr
"request" objects.
Method PUT()
Send a PUT
request to the vault server
Usage
vault_api_client$PUT(path, ...)
Arguments
path
The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.
...
Additional
httr
-compatible options. These will be named parameters orhttr
"request" objects.
Method DELETE()
Send a DELETE
request to the vault server
Usage
vault_api_client$DELETE(path, ...)
Arguments
path
The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.
...
Additional
httr
-compatible options. These will be named parameters orhttr
"request" objects.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
# Ordinarily, we would use the "vault_client" object for
# high-level access to the vault server
client <- server$client()
client$status()
# The api() method returns the "api client" object:
api <- client$api()
api
# This allows running arbitrary HTTP requests against the server:
api$GET("/sys/seal-status")
# this is how vaultr is internally implemented so anything can
# be done here, for example following vault's API documentation
# https://www.vaultproject.io/api/secret/kv/kv-v1.html#sample-request-2
api$POST("/secret/mysecret", body = list(key = "value"))
api$GET("/secret/mysecret")
api$DELETE("/secret/mysecret")
# cleanup
server$kill()
}