/
cert.go
66 lines (51 loc) · 1.28 KB
/
cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package cert
import (
"context"
"errors"
"fmt"
"net/http"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/auth"
)
type certMethod struct {
logger hclog.Logger
mountPath string
name string
}
func NewCertAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
if conf == nil {
return nil, errors.New("empty config")
}
// Not concerned if the conf.Config is empty as the 'name'
// parameter is optional when using TLS Auth
c := &certMethod{
logger: conf.Logger,
mountPath: conf.MountPath,
name: "",
}
if conf.Config != nil {
nameRaw, ok := conf.Config["name"]
if !ok {
nameRaw = ""
}
c.name, ok = nameRaw.(string)
if !ok {
return nil, errors.New("could not convert 'name' config value to string")
}
}
return c, nil
}
func (c *certMethod) Authenticate(_ context.Context, client *api.Client) (string, http.Header, map[string]interface{}, error) {
c.logger.Trace("beginning authentication")
authMap := map[string]interface{}{}
if c.name != "" {
authMap["name"] = c.name
}
return fmt.Sprintf("%s/login", c.mountPath), nil, authMap, nil
}
func (c *certMethod) NewCreds() chan struct{} {
return nil
}
func (c *certMethod) CredSuccess() {}
func (c *certMethod) Shutdown() {}