vault-sidekick/auth_userpass.go

/*
Copyright 2015 Home Office All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
	"fmt"
	"os"

	"github.com/hashicorp/vault/api"
)

// the userpass authentication plugin
type authUserPassPlugin struct {
	client *api.Client
}

type userPassLogin struct {
	// the password for the account
	Password string `json:"password,omitempty"`
}

// NewUserPassPlugin creates a new User Pass plugin
func NewUserPassPlugin(client *api.Client) AuthInterface {
	return &authUserPassPlugin{
		client: client,
	}
}

// Create a userpass plugin with the username and password provide in the file
func (r authUserPassPlugin) Create(cfg *vaultAuthOptions) (string, error) {
	// step: extract the options
	if cfg.Username == "" {
		cfg.Username = os.Getenv("VAULT_SIDEKICK_USERNAME")
	}
	if cfg.Password == "" {
		cfg.Password = os.Getenv("VAULT_SIDEKICK_PASSWORD")
	}

	// step: create the token request
	request := r.client.NewRequest("POST", fmt.Sprintf("/v1/auth/userpass/login/%s", cfg.Username))
	if err := request.SetJSONBody(userPassLogin{Password: cfg.Password}); err != nil {
		return "", err
	}
	// step: make the request
	resp, err := r.client.RawRequest(request)
	if err != nil {
		return "", err
	}
	defer resp.Body.Close()

	// step: parse and return auth
	secret, err := api.ParseSecret(resp.Body)
	if err != nil {
		return "", err
	}

	return secret.Auth.ClientToken, nil
}
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`/*`
			`Copyright 2015 Home Office All rights reserved.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package main`

			`import (`
			`"fmt"`
enable env vars for auth settings 2016-09-17 12:00:15 -04:00			`"os"`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00
			`"github.com/hashicorp/vault/api"`
			`)`

			`// the userpass authentication plugin`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`type authUserPassPlugin struct {`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`client *api.Client`
			`}`

- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`type userPassLogin struct {`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`// the password for the account`
			Password string `json:"password,omitempty"`
			`}`

- fixing up the docmentation and anything highlighted by the linter 2015-10-12 06:14:50 -04:00			`// NewUserPassPlugin creates a new User Pass plugin`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`func NewUserPassPlugin(client *api.Client) AuthInterface {`
			`return &authUserPassPlugin{`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`client: client,`
			`}`
			`}`

- fixing up the docmentation and anything highlighted by the linter 2015-10-12 06:14:50 -04:00			`// Create a userpass plugin with the username and password provide in the file`
Loading vault url from kubernetes vault auth file 2017-07-25 03:08:15 -04:00			`func (r authUserPassPlugin) Create(cfg *vaultAuthOptions) (string, error) {`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`// step: extract the options`
Loading vault url from kubernetes vault auth file 2017-07-25 03:08:15 -04:00			`if cfg.Username == "" {`
			`cfg.Username = os.Getenv("VAULT_SIDEKICK_USERNAME")`
enable env vars for auth settings 2016-09-17 12:00:15 -04:00			`}`
Loading vault url from kubernetes vault auth file 2017-07-25 03:08:15 -04:00			`if cfg.Password == "" {`
			`cfg.Password = os.Getenv("VAULT_SIDEKICK_PASSWORD")`
enable env vars for auth settings 2016-09-17 12:00:15 -04:00			`}`

- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`// step: create the token request`
Loading vault url from kubernetes vault auth file 2017-07-25 03:08:15 -04:00			`request := r.client.NewRequest("POST", fmt.Sprintf("/v1/auth/userpass/login/%s", cfg.Username))`
			`if err := request.SetJSONBody(userPassLogin{Password: cfg.Password}); err != nil {`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`return "", err`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`}`
			`// step: make the request`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`resp, err := r.client.RawRequest(request)`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`if err != nil {`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`return "", err`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`}`
			`defer resp.Body.Close()`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`// step: parse and return auth`
- updated the readme - standardize the authentication interface - required the unrequire - first draft cleanup and reduction of code 2015-09-23 17:39:50 -04:00			`secret, err := api.ParseSecret(resp.Body)`
			`if err != nil {`
			`return "", err`
			`}`

			`return secret.Auth.ClientToken, nil`
- added the csv output format - adding the auth backends - general cleanup of the code - fixed up the tests 2015-09-21 06:31:12 -04:00			`}`