forked from hashicorp/vault-plugin-auth-cf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
backend.go
49 lines (43 loc) · 1.22 KB
/
backend.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package cf
import (
"context"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
const (
// These env vars are used frequently to pull the client certificate and private key
// from CF containers; thus are placed here for ease of discovery and use from
// outside packages.
EnvVarInstanceCertificate = "CF_INSTANCE_CERT"
EnvVarInstanceKey = "CF_INSTANCE_KEY"
)
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
b := &backend{}
b.Backend = &framework.Backend{
AuthRenew: b.pathLoginRenew,
Help: backendHelp,
PathsSpecial: &logical.Paths{
SealWrapStorage: []string{"config"},
Unauthenticated: []string{"login"},
},
Paths: []*framework.Path{
b.pathConfig(),
b.pathListRoles(),
b.pathRoles(),
b.pathLogin(),
},
BackendType: logical.TypeCredential,
}
if err := b.Setup(ctx, conf); err != nil {
return nil, err
}
return b, nil
}
type backend struct {
*framework.Backend
}
const backendHelp = `
The CF auth backend supports logging in using CF's identity service.
Once a CA certificate is configured, and Vault is configured to consume
CF's API, CF's instance identity credentials can be used to authenticate.'
`