Skip to content
This repository has been archived by the owner on Dec 5, 2018. It is now read-only.

Add write support and "userpass" authentication #2

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Add write support and "userpass" authentication #2

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3322470
Adding userpass login and ability to write secrets
hobbeswalsh Apr 9, 2016
ae7bd0c
Updating code and project.clj as per comments
hobbeswalsh Apr 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions src/vault/client.clj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,18 @@
credentials. Possible arguments:

- :token \"...\"
- :userpass {:username \"user\", :password \"hunter2\"}
- :app-id {:app \"lambda_ci\", :user \"...\"}")

(list-secrets
[client path]
"List the secrets located under a path.")

(write-secret!
[client path data]
"Writes secret(s) to a specific path. data should be a map.
Returns a boolean indicating whether the write was successful.")

(read-secret
[client path]
"Reads a secret from a specific path."))
Expand Down Expand Up @@ -72,6 +78,21 @@
app (str/join ", " (get-in response [:body :auth :policies])))
(reset! token-ref client-token))))

(defn- authenticate-userpass!
"Updates the token ref by making a request to authenticate with a username
and password."
[api-url token-ref credentials]
(let [{:keys [username password]} credentials
response (http/post (str api-url "/v1/auth/userpass/login/" username)
{:form-params {:password password}
:content-type :json
:accept :json
:as :json})]
(when-let [client-token (get-in response [:body :auth :client_token])]
(log/infof "Successfully authenticated to Vault as %s for policies: %s"
username (str/join ", " (get-in response [:body :auth :policies])))
(reset! token-ref client-token))))


(defrecord HTTPClient
[api-url token]
Expand All @@ -83,6 +104,7 @@
(case auth-type
:token (authenticate-token! token credentials)
:app-id (authenticate-app! api-url token credentials)
:userpass (authenticate-userpass! api-url token credentials)
; TODO: support LDAP auth

; Unknown type
Expand All @@ -104,6 +126,19 @@
(log/infof "List %s (%d results)" path (count data))
data))

(write-secret!
[this path data]
(check-path! path)
(check-auth! token)
(let [response (http/post (str api-url "/v1/" path)
{:headers {"X-Vault-Token" @token}
:form-params data
:content-type :json
:accept :json
:as :json})]
(log/infof "Wrote %s" path)
(= (:status response) 204)))


(read-secret
[this path]
Expand Down