mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-15 02:57:04 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
98 lines
2.4 KiB
Go
98 lines
2.4 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package github
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/go-secure-stdlib/password"
|
|
"github.com/hashicorp/vault/api"
|
|
)
|
|
|
|
type CLIHandler struct {
|
|
// for tests
|
|
testStdout io.Writer
|
|
}
|
|
|
|
func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, error) {
|
|
mount, ok := m["mount"]
|
|
if !ok {
|
|
mount = "github"
|
|
}
|
|
|
|
// Extract or prompt for token
|
|
token := m["token"]
|
|
if token == "" {
|
|
token = os.Getenv("VAULT_AUTH_GITHUB_TOKEN")
|
|
}
|
|
if token == "" {
|
|
// Override the output
|
|
stdout := h.testStdout
|
|
if stdout == nil {
|
|
stdout = os.Stderr
|
|
}
|
|
|
|
var err error
|
|
fmt.Fprintf(stdout, "GitHub Personal Access Token (will be hidden): ")
|
|
token, err = password.Read(os.Stdin)
|
|
fmt.Fprintf(stdout, "\n")
|
|
if err != nil {
|
|
if err == password.ErrInterrupted {
|
|
return nil, fmt.Errorf("user interrupted")
|
|
}
|
|
|
|
return nil, fmt.Errorf("An error occurred attempting to "+
|
|
"ask for a token. The raw error message is shown below, but usually "+
|
|
"this is because you attempted to pipe a value into the command or "+
|
|
"you are executing outside of a terminal (tty). If you want to pipe "+
|
|
"the value, pass \"-\" as the argument to read from stdin. The raw "+
|
|
"error was: %w", err)
|
|
}
|
|
}
|
|
|
|
path := fmt.Sprintf("auth/%s/login", mount)
|
|
secret, err := c.Logical().Write(path, map[string]interface{}{
|
|
"token": strings.TrimSpace(token),
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if secret == nil {
|
|
return nil, fmt.Errorf("empty response from credential provider")
|
|
}
|
|
|
|
return secret, nil
|
|
}
|
|
|
|
func (h *CLIHandler) Help() string {
|
|
help := `
|
|
Usage: vault login -method=github [CONFIG K=V...]
|
|
|
|
The GitHub auth method allows users to authenticate using a GitHub
|
|
personal access token. Users can generate a personal access token from the
|
|
settings page on their GitHub account.
|
|
|
|
Authenticate using a GitHub token:
|
|
|
|
$ vault login -method=github token=abcd1234
|
|
|
|
Configuration:
|
|
|
|
mount=<string>
|
|
Path where the GitHub credential method is mounted. This is usually
|
|
provided via the -path flag in the "vault login" command, but it can be
|
|
specified here as well. If specified here, it takes precedence over the
|
|
value for -path. The default value is "github".
|
|
|
|
token=<string>
|
|
GitHub personal access token to use for authentication. If not provided,
|
|
Vault will prompt for the value.
|
|
`
|
|
|
|
return strings.TrimSpace(help)
|
|
}
|