From 8fe252af13d3f4f9fddc90af4d43eb88464d7d30 Mon Sep 17 00:00:00 2001
From: Aaron Bedra <aaron@aaronbedra.com>
Date: Sat, 7 Oct 2023 08:45:27 -0500
Subject: [PATCH] Support arbitrary mount point for JWT auth strategy

---
 docker/create_tables.sql                |  2 --
 docker/docker-compose.yml               |  2 +-
 include/VaultClient.h                   | 19 ++++++++++++++-----
 src/auth/strategies/AppRoleStrategy.cpp |  1 -
 src/auth/strategies/JwtStrategy.cpp     |  7 ++++---
 5 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/docker/create_tables.sql b/docker/create_tables.sql
index e7f8bd7..389caf5 100644
--- a/docker/create_tables.sql
+++ b/docker/create_tables.sql
@@ -1,5 +1,3 @@
-create database vault;
-
 create table things(
     id serial primary key,
     name text unique not null,
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 06cd4c7..9b4ab3c 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -22,7 +22,7 @@ services:
     networks:
         - integration
   vault:
-    image: vault:latest
+    image: hashicorp/vault:latest
     ports:
       - "8200:8200"
     environment:
diff --git a/include/VaultClient.h b/include/VaultClient.h
index 30c652c..c71da68 100644
--- a/include/VaultClient.h
+++ b/include/VaultClient.h
@@ -479,17 +479,26 @@ class TlsStrategy : public AuthenticationStrategy {
 
 class JwtStrategy : public AuthenticationStrategy {
 public:
-  explicit JwtStrategy(RoleId role, Jwt jwt)
-      : role_(std::move(role)), jwt_(std::move(jwt)) {}
+  JwtStrategy(RoleId role, Jwt jwt)
+    : role_(std::move(role))
+    , jwt_(std::move(jwt))
+    , mount_(Path{"jwt"})
+  {}
 
-  std::optional<AuthenticationResponse>
-  authenticate(const Client &client) override;
+  JwtStrategy(RoleId role, Jwt jwt, Path mount)
+    : role_(std::move(role))
+    , jwt_(std::move(jwt))
+    , mount_(std::move(mount))
+  {}
+
+  std::optional<AuthenticationResponse> authenticate(const Client &client) override;
 
 private:
-  static Url getUrl(const Client &client);
+  Url getUrl(const Client &client, const Path &path);
 
   Vault::RoleId role_;
   Vault::Jwt jwt_;
+  Vault::Path mount_;
 };
 
 class Ldap {
diff --git a/src/auth/strategies/AppRoleStrategy.cpp b/src/auth/strategies/AppRoleStrategy.cpp
index 520588e..3c8bbc2 100644
--- a/src/auth/strategies/AppRoleStrategy.cpp
+++ b/src/auth/strategies/AppRoleStrategy.cpp
@@ -1,6 +1,5 @@
 #include "VaultClient.h"
 #include "json.hpp"
-#include <utility>
 
 std::optional<Vault::AuthenticationResponse>
 Vault::AppRoleStrategy::authenticate(const Vault::Client &client) {
diff --git a/src/auth/strategies/JwtStrategy.cpp b/src/auth/strategies/JwtStrategy.cpp
index 0158a47..855198c 100644
--- a/src/auth/strategies/JwtStrategy.cpp
+++ b/src/auth/strategies/JwtStrategy.cpp
@@ -3,7 +3,7 @@
 
 std::optional<Vault::AuthenticationResponse>
 Vault::JwtStrategy::authenticate(const Vault::Client &client) {
-  return HttpConsumer::authenticate(client, getUrl(client), [this]() {
+  return HttpConsumer::authenticate(client, getUrl(client, Vault::Path{"/login"}), [this]() {
     nlohmann::json j;
     j = nlohmann::json::object();
     j["role"] = role_.value();
@@ -12,6 +12,7 @@ Vault::JwtStrategy::authenticate(const Vault::Client &client) {
   });
 }
 
-Vault::Url Vault::JwtStrategy::getUrl(const Vault::Client &client) {
-  return client.getUrl("/v1/auth/jwt/login", Path{});
+Vault::Url Vault::JwtStrategy::getUrl(const Vault::Client &client,
+                                      const Vault::Path &path) {
+  return client.getUrl("/v1/auth/" + mount_, path);
 }