certificates/cas/vaultcas/auth/kubernetes/kubernetes.go
2022-05-21 21:06:15 +02:00

49 lines
1.2 KiB
Go

package kubernetes
import (
"encoding/json"
"errors"
"fmt"
"github.com/hashicorp/vault/api/auth/kubernetes"
)
// AuthOptions defines the configuration options added using the
// VaultOptions.AuthOptions field when AuthType is kubernetes
type AuthOptions struct {
Role string `json:"role,omitempty"`
TokenPath string `json:"tokenPath,omitempty"`
}
func NewKubernetesAuthMethod(mountPath string, options json.RawMessage) (*kubernetes.KubernetesAuth, error) {
var opts *AuthOptions
err := json.Unmarshal(options, &opts)
if err != nil {
return nil, fmt.Errorf("error decoding Kubernetes auth options: %w", err)
}
var kubernetesAuth *kubernetes.KubernetesAuth
var loginOptions []kubernetes.LoginOption
if mountPath != "" {
loginOptions = append(loginOptions, kubernetes.WithMountPath(mountPath))
}
if opts.TokenPath != "" {
loginOptions = append(loginOptions, kubernetes.WithServiceAccountTokenPath(opts.TokenPath))
}
if opts.Role == "" {
return nil, errors.New("you must set role")
}
kubernetesAuth, err = kubernetes.NewKubernetesAuth(
opts.Role,
loginOptions...,
)
if err != nil {
return nil, fmt.Errorf("unable to initialize Kubernetes auth method: %w", err)
}
return kubernetesAuth, nil
}