forked from TrueCloudLab/certificates
44 lines
1.1 KiB
Go
44 lines
1.1 KiB
Go
|
package kubernetes
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
|
||
|
"github.com/hashicorp/vault/api/auth/kubernetes"
|
||
|
)
|
||
|
|
||
|
// AuthOptions defines the configuration options added using the
|
||
|
// VaultOptions.AuthOptions field when AuthType is kubernetes
|
||
|
type AuthOptions struct {
|
||
|
Role string `json:"role,omitempty"`
|
||
|
TokenPath string `json:"tokenPath,omitempty"`
|
||
|
}
|
||
|
|
||
|
func NewKubernetesAuthMethod(mountPath string, options json.RawMessage) (*kubernetes.KubernetesAuth, error) {
|
||
|
var opts *AuthOptions
|
||
|
|
||
|
err := json.Unmarshal(options, &opts)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("error decoding Kubernetes auth options: %w", err)
|
||
|
}
|
||
|
|
||
|
var kubernetesAuth *kubernetes.KubernetesAuth
|
||
|
|
||
|
var loginOptions []kubernetes.LoginOption
|
||
|
if mountPath != "" {
|
||
|
loginOptions = append(loginOptions, kubernetes.WithMountPath(mountPath))
|
||
|
}
|
||
|
if opts.TokenPath != "" {
|
||
|
loginOptions = append(loginOptions, kubernetes.WithServiceAccountTokenPath(opts.TokenPath))
|
||
|
}
|
||
|
kubernetesAuth, err = kubernetes.NewKubernetesAuth(
|
||
|
opts.Role,
|
||
|
loginOptions...,
|
||
|
)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("unable to initialize Kubernetes auth method: %w", err)
|
||
|
}
|
||
|
|
||
|
return kubernetesAuth, nil
|
||
|
}
|