I want to list LDAP groups in Hashicorp vault, along with the policy which is attached with those LDAP groups in python code. I am able to list all the LDAP groups but not able to get the commands to list the policy along with it.
Asked
Active
Viewed 990 times
2 Answers
1
vault list auth/ldap/groups will list each of the LDAP group names. As mentioned in the previous answer though, the resulting list of groups would need to be iterated over, as the group list endpoint returns only group names, not policies with the group names. vault read auth/ldap/groups/group_name would return the attached policies along with other attributes.
List: https://www.vaultproject.io/api-docs/auth/ldap#list-ldap-groups
Read: https://www.vaultproject.io/api-docs/auth/ldap#read-ldap-group
paladin-devops
- 121
- 4
0
You need to iterate for all listed groups to get the policy information. Something like done in the following Bash script:
for g in $(curl --silent --header "X-Vault-Token: VAULT-TOKEN" --request LIST https://VAULT-SERVER/v1/identity/group/name | jq --raw-output .data.keys[])
do
echo -n "$g => "
curl --silent --header "X-Vault-Token: VAULT-TOKEN" --request GET https://VAULT-SERVER/v1/identity/group/name/$g | jq --raw-output .data.policies[]
done
Marcelo Ávila de Oliveira
- 19,950
- 3
- 39
- 50