mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 19:47:02 +02:00
f250d779e0
* adding auto auth for cert auth methods * Adding Docs for Cert Auto-auth method * fixes errors in docs * wrong documentation title * repariting a few typos in the docs and being very clear about where the certificates should be configured * clarifying the name parameter documentation * Fixes gofmt issues in command/agent.go * Fix typo in docs * Add nil check to Config for cert auto-auth and add test with and without a specified name
66 lines
1.3 KiB
Go
66 lines
1.3 KiB
Go
package cert
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
hclog "github.com/hashicorp/go-hclog"
|
|
"github.com/hashicorp/vault/api"
|
|
"github.com/hashicorp/vault/command/agent/auth"
|
|
)
|
|
|
|
type certMethod struct {
|
|
logger hclog.Logger
|
|
mountPath string
|
|
name string
|
|
}
|
|
|
|
func NewCertAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
|
|
if conf == nil {
|
|
return nil, errors.New("empty config")
|
|
}
|
|
|
|
// Not concerned if the conf.Config is empty as the 'name'
|
|
// parameter is optional when using TLS Auth
|
|
|
|
c := &certMethod{
|
|
logger: conf.Logger,
|
|
mountPath: conf.MountPath,
|
|
name: "",
|
|
}
|
|
|
|
if conf.Config != nil {
|
|
nameRaw, ok := conf.Config["name"]
|
|
if !ok {
|
|
nameRaw = ""
|
|
}
|
|
c.name, ok = nameRaw.(string)
|
|
if !ok {
|
|
return nil, errors.New("could not convert 'name' config value to string")
|
|
}
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
func (c *certMethod) Authenticate(_ context.Context, client *api.Client) (string, map[string]interface{}, error) {
|
|
c.logger.Trace("beginning authentication")
|
|
|
|
authMap := map[string]interface{}{}
|
|
|
|
if c.name != "" {
|
|
authMap["name"] = c.name
|
|
}
|
|
|
|
return fmt.Sprintf("%s/login", c.mountPath), authMap, nil
|
|
}
|
|
|
|
func (c *certMethod) NewCreds() chan struct{} {
|
|
return nil
|
|
}
|
|
|
|
func (c *certMethod) CredSuccess() {}
|
|
|
|
func (c *certMethod) Shutdown() {}
|