HVAC URL Escape Demo

quote_demo.py

import hvac
import pprint
import six.moves.urllib.parse as urllib

client = hvac.Client("http://localhost:8200")


def quote_path(path):
    """Returns a string that's safe to use as a path."""
    # Yes, safe = "/" is the default, but I pass it here just to make it obvious.
    return urllib.quote(path, safe = "/")


def quote_value(value):
    """Returns a string that's safe to use as a single value."""
    # Similar to `quote_path` but also escapes "/".
    # NOTE: we can't use `quote_plus` because it changes spaces to "+"
    #   which Vault treats as a literal plus.
    return urllib.quote(value, safe = "")


# Absolute worst-case example of an annoying value
problem_value = "escape value/url?test%1"
print("Problem Name:    {}".format( problem_value ))
print("Path-Safe Name:  {}".format( quote_path(problem_value) ))
print("Value-Safe Name: {}".format( quote_value(problem_value) ))
print("")


# Create the user with some troublesome characters in their name
resp = client.secrets.identity.create_or_update_entity(
    name = problem_value,
    policies = ["demo"],
    metadata = {
        "problem": "true"
    }
)
print("Newly created Entity:")
pprint.pprint(resp["data"])
print("")


# Attempting to read back the Entity by name results in a `hvac.exceptions.InvalidPath`.
try:
    resp = client.secrets.identity.read_entity_by_name(
        name = problem_value
    )
    print("Unquoted Entity name:")
    pprint.pprint(resp["data"])
    print("")

except Exception as ex:
    print("Got {} exception reading Entity: {!r}".format(ex.__class__, ex))
    print("")


# Attempting to read back the Entity works after manually URL quoting
resp = client.secrets.identity.read_entity_by_name(
    name = quote_value(problem_value)
)
print("Quoted Entity name:")
pprint.pprint(resp["data"])
print("")


# Removing the demo Entity
client.secrets.identity.delete_entity_by_name(
    name = quote_value(problem_value)
)