Skip to content

Commit

Permalink
Merge pull request #164 from mrunesson/feat-jwt-and-kubernetes
Browse files Browse the repository at this point in the history
Support for auth within Kubernetes and generic JWT
  • Loading branch information
steve-perkins authored Jun 3, 2019
2 parents 34c1d44 + 3ee0ce5 commit 73c46a7
Showing 1 changed file with 49 additions and 4 deletions.
53 changes: 49 additions & 4 deletions src/main/java/com/bettercloud/vault/api/Auth.java
Original file line number Diff line number Diff line change
Expand Up @@ -879,31 +879,32 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
}

/**
* <p>Basic login operation to authenticate to an GCP backend. Example usage:</p>
* <p>Basic login operation to authenticate to an JWT backend. Example usage:</p>
*
* <blockquote>
* <pre>{@code
* final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
* final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param provider Provider of JWT token.
* @param role The gcp role used for authentication
* @param jwt The JWT token for the role
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
// TODO: Needs integration test coverage if possible
public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException {
public AuthResponse loginByJwt(final String provider, final String role, final String jwt) throws VaultException {
int retryCount = 0;

while (true) {
try {
// HTTP request to Vault
final String requestJson = Json.object().add("role", role).add("jwt", jwt).toString();
final RestResponse restResponse = new Rest()
.url(config.getAddress() + "/v1/auth/gcp/login")
.url(config.getAddress() + "/v1/auth/" + provider + "/login")
.optionalHeader("X-Vault-Namespace", this.nameSpace)
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -941,6 +942,50 @@ public AuthResponse loginByGCP(final String role, final String jwt) throws Vault
}
}


/**
* <p>Basic login operation to authenticate to an GCP backend. Example usage:</p>
*
* <blockquote>
* <pre>{@code
* final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param role The gcp role used for authentication
* @param jwt The JWT token for the role
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException {
return loginByJwt("gcp", role, jwt);
}


/**
* Basic login operation to authenticate to an kubernetes backend. Example usage:
*
* <blockquote>
*
* <pre>{@code
* final AuthResponse response =
* vault.auth().loginByKubernetes("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
*
* final String token = response.getAuthClientToken();
* }</pre>
* </blockquote>
*
* @param role The kubernetes role used for authentication
* @param jwt The JWT token for the role, typically read from /var/run/secrets/kubernetes.io/serviceaccount/token
* @return The auth token, with additional response metadata
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse loginByKubernetes(final String role, final String jwt) throws VaultException {
return loginByJwt("kubernetes", role, jwt);
}

/**
* <p>Basic login operation to authenticate using Vault's TLS Certificate auth backend. Example usage:</p>
*
Expand Down

0 comments on commit 73c46a7

Please sign in to comment.