forked from TrueCloudLab/certificates
49 lines
1.2 KiB
Go
49 lines
1.2 KiB
Go
package kubernetes
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/vault/api/auth/kubernetes"
|
|
)
|
|
|
|
// AuthOptions defines the configuration options added using the
|
|
// VaultOptions.AuthOptions field when AuthType is kubernetes
|
|
type AuthOptions struct {
|
|
Role string `json:"role,omitempty"`
|
|
TokenPath string `json:"tokenPath,omitempty"`
|
|
}
|
|
|
|
func NewKubernetesAuthMethod(mountPath string, options json.RawMessage) (*kubernetes.KubernetesAuth, error) {
|
|
var opts *AuthOptions
|
|
|
|
err := json.Unmarshal(options, &opts)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error decoding Kubernetes auth options: %w", err)
|
|
}
|
|
|
|
var kubernetesAuth *kubernetes.KubernetesAuth
|
|
|
|
var loginOptions []kubernetes.LoginOption
|
|
if mountPath != "" {
|
|
loginOptions = append(loginOptions, kubernetes.WithMountPath(mountPath))
|
|
}
|
|
if opts.TokenPath != "" {
|
|
loginOptions = append(loginOptions, kubernetes.WithServiceAccountTokenPath(opts.TokenPath))
|
|
}
|
|
|
|
if opts.Role == "" {
|
|
return nil, errors.New("you must set role")
|
|
}
|
|
|
|
kubernetesAuth, err = kubernetes.NewKubernetesAuth(
|
|
opts.Role,
|
|
loginOptions...,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to initialize Kubernetes auth method: %w", err)
|
|
}
|
|
|
|
return kubernetesAuth, nil
|
|
}
|