Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for auth within Kubernetes and generic JWT #164

Merged
merged 2 commits into from
Jun 3, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 49 additions & 4 deletions src/main/java/com/bettercloud/vault/api/Auth.java
Original file line number Diff line number Diff line change
Expand Up @@ -879,31 +879,32 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
}

/**
* <p>Basic login operation to authenticate to an GCP backend. Example usage:</p>
* <p>Basic login operation to authenticate to an JWT backend. Example usage:</p>
*
* <blockquote>
* <pre>{@code
* final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
* final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param provider Provider of JWT token.
* @param role The gcp role used for authentication
* @param jwt The JWT token for the role
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
// TODO: Needs integration test coverage if possible
public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException {
public AuthResponse loginByJwt(final String provider, final String role, final String jwt) throws VaultException {
int retryCount = 0;

while (true) {
try {
// HTTP request to Vault
final String requestJson = Json.object().add("role", role).add("jwt", jwt).toString();
final RestResponse restResponse = new Rest()
.url(config.getAddress() + "/v1/auth/gcp/login")
.url(config.getAddress() + "/v1/auth/" + provider + "/login")
.optionalHeader("X-Vault-Namespace", this.nameSpace)
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -941,6 +942,50 @@ public AuthResponse loginByGCP(final String role, final String jwt) throws Vault
}
}


/**
* <p>Basic login operation to authenticate to an GCP backend. Example usage:</p>
*
* <blockquote>
* <pre>{@code
* final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param role The gcp role used for authentication
* @param jwt The JWT token for the role
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException {
return loginByJwt("gcp", role, jwt);
}


/**
* Basic login operation to authenticate to an kubernetes backend. Example usage:
*
* <blockquote>
*
* <pre>{@code
* final AuthResponse response =
* vault.auth().loginByKubernetes("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param role The kubernetes role used for authentication
* @param jwt The JWT token for the role, typically read from /var/run/secrets/kubernetes.io/serviceaccount/token
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse loginByKubernetes(final String role, final String jwt) throws VaultException {
return loginByJwt("kubernetes", role, jwt);
}

/**
* <p>Basic login operation to authenticate using Vault's TLS Certificate auth backend. Example usage:</p>
*
Expand Down