Support arbitrary mount point for JWT auth strategy

abedra · Oct 7, 2023 · 8fe252a · 8fe252a
1 parent 327219b
commit 8fe252a
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 12 deletions.
diff --git a/docker/create_tables.sql b/docker/create_tables.sql
@@ -1,5 +1,3 @@
-create database vault;
-
 create table things(
     id serial primary key,
     name text unique not null,

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -22,7 +22,7 @@ services:
     networks:
         - integration
   vault:
-    image: vault:latest
+    image: hashicorp/vault:latest
     ports:
       - "8200:8200"
     environment:

diff --git a/include/VaultClient.h b/include/VaultClient.h
@@ -479,17 +479,26 @@ class TlsStrategy : public AuthenticationStrategy {
 
 class JwtStrategy : public AuthenticationStrategy {
 public:
-  explicit JwtStrategy(RoleId role, Jwt jwt)
-      : role_(std::move(role)), jwt_(std::move(jwt)) {}
+  JwtStrategy(RoleId role, Jwt jwt)
+    : role_(std::move(role))
+    , jwt_(std::move(jwt))
+    , mount_(Path{"jwt"})
+  {}
 
-  std::optional<AuthenticationResponse>
-  authenticate(const Client &client) override;
+  JwtStrategy(RoleId role, Jwt jwt, Path mount)
+    : role_(std::move(role))
+    , jwt_(std::move(jwt))
+    , mount_(std::move(mount))
+  {}
+
+  std::optional<AuthenticationResponse> authenticate(const Client &client) override;
 
 private:
-  static Url getUrl(const Client &client);
+  Url getUrl(const Client &client, const Path &path);
 
   Vault::RoleId role_;
   Vault::Jwt jwt_;
+  Vault::Path mount_;
 };
 
 class Ldap {

diff --git a/src/auth/strategies/AppRoleStrategy.cpp b/src/auth/strategies/AppRoleStrategy.cpp
@@ -1,6 +1,5 @@
 #include "VaultClient.h"
 #include "json.hpp"
-#include <utility>
 
 std::optional<Vault::AuthenticationResponse>
 Vault::AppRoleStrategy::authenticate(const Vault::Client &client) {

diff --git a/src/auth/strategies/JwtStrategy.cpp b/src/auth/strategies/JwtStrategy.cpp
@@ -3,7 +3,7 @@
 
 std::optional<Vault::AuthenticationResponse>
 Vault::JwtStrategy::authenticate(const Vault::Client &client) {
-  return HttpConsumer::authenticate(client, getUrl(client), [this]() {
+  return HttpConsumer::authenticate(client, getUrl(client, Vault::Path{"/login"}), [this]() {
     nlohmann::json j;
     j = nlohmann::json::object();
     j["role"] = role_.value();
@@ -12,6 +12,7 @@ Vault::JwtStrategy::authenticate(const Vault::Client &client) {
   });
 }
 
-Vault::Url Vault::JwtStrategy::getUrl(const Vault::Client &client) {
-  return client.getUrl("/v1/auth/jwt/login", Path{});
+Vault::Url Vault::JwtStrategy::getUrl(const Vault::Client &client,
+                                      const Vault::Path &path) {
+  return client.getUrl("/v1/auth/" + mount_, path);
 }