Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- fix login flow (use Kube auth and path)
- Loading branch information
1 parent
3c8649f
commit 15a732e
Showing
5 changed files
with
94 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package main | ||
|
||
import ( | ||
"path" | ||
|
||
"github.com/golang/glog" | ||
"github.com/hashicorp/vault/api" | ||
) | ||
|
||
func kubeLogin() (*api.Client, error) { | ||
glog.Infof("Connecting to Vault at %s", *url) | ||
config := &api.Config{ | ||
Address: *url, | ||
} | ||
|
||
tls := &api.TLSConfig{Insecure: true} | ||
config.ConfigureTLS(tls) | ||
|
||
client, err := api.NewClient(config) | ||
if err != nil { | ||
glog.Errorf("ERROR: failed to connect to Vault at %s: %v", *url, err) | ||
return nil, err | ||
} | ||
|
||
body := map[string]interface{}{ | ||
"role": *role, | ||
"jwt": *jwt, | ||
} | ||
|
||
loginPath := "/v1/auth/" + *kubeAuthPath + "/login" | ||
loginPath = path.Clean(loginPath) | ||
glog.Infof("Vault login using path %s role %s jwt [%d bytes]", loginPath, *role, len(*jwt)) | ||
|
||
req := client.NewRequest("POST", loginPath) | ||
req.SetJSONBody(body) | ||
|
||
resp, err := client.RawRequest(req) | ||
if err != nil { | ||
glog.Errorf("ERROR: failed to login with Vault: %v", err) | ||
return nil, err | ||
} | ||
|
||
if respErr := resp.Error(); respErr != nil { | ||
glog.Errorf("ERROR: api error: %v", respErr) | ||
return nil, err | ||
} | ||
|
||
var result api.Secret | ||
if err := resp.DecodeJSON(&result); err != nil { | ||
glog.Errorf("ERROR: failed to decode JSON response: %v", err) | ||
return nil, err | ||
} | ||
|
||
glog.Infof("Login results %+v", result) | ||
|
||
auth := result.Auth | ||
glog.Infof("Got auth %+v", auth) | ||
|
||
client.SetToken(auth.ClientToken) | ||
return client, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,6 @@ func lookupJwt() { | |
return | ||
} | ||
|
||
*token = s | ||
*jwt = s | ||
return | ||
} |