-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
1,454 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
name: Go Releaser | ||
|
||
on: | ||
push: | ||
tags: | ||
- v* | ||
|
||
jobs: | ||
goreleaser: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: Run GoReleaser | ||
uses: goreleaser/goreleaser-action@v4 | ||
with: | ||
version: latest | ||
args: release --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
name: Release Please | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
release-please: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
steps: | ||
- id: token | ||
uses: tibdex/github-app-token@v1 | ||
with: | ||
app_id: ${{ secrets.STATNETT_BOT_APP_ID }} | ||
private_key: ${{ secrets.STATNETT_BOT_PRIVATE_KEY }} | ||
|
||
- uses: google-github-actions/release-please-action@v3 | ||
with: | ||
bump-minor-pre-major: true | ||
release-type: go | ||
token: ${{ steps.token.outputs.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
--- | ||
name: Build Snapshot | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
jobs: | ||
snapshot: | ||
name: Build Snapshot | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: Run GoReleaser | ||
uses: goreleaser/goreleaser-action@v4 | ||
with: | ||
version: latest | ||
args: release --snapshot | ||
|
||
- name: Publish Snapshots | ||
uses: actions/upload-artifact@v3 | ||
if: ${{ github.event.inputs.publish == 'true' }} | ||
with: | ||
name: snapshots-${{ github.sha }} | ||
path: | | ||
dist/*checksums.txt | ||
dist/*.tar.gz | ||
retention-days: 7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
name: Test | ||
|
||
on: | ||
push: | ||
paths-ignore: | ||
- README.md | ||
|
||
jobs: | ||
test: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: Test | ||
run: make test | ||
|
||
snapshot: | ||
name: Test Snapshot Build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: GoReleaser Build Snapshot | ||
uses: goreleaser/goreleaser-action@v4 | ||
with: | ||
version: latest | ||
args: build --snapshot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
bin/ | ||
build/ | ||
dist/ | ||
config.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
builds: | ||
- main: ./cmd/vault-plugin-auth-jwt-auto-roles/ | ||
env: | ||
- CGO_ENABLED=0 | ||
mod_timestamp: '{{ .CommitTimestamp }}' | ||
flags: | ||
- -trimpath | ||
ldflags: | ||
- '-s -w -X {{ .ModulePath }}/pkg/version.Version=v{{ .Version }}' | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
binary: '{{ .ProjectName }}_v{{ .Version }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2023 Statnett | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
all: start | ||
|
||
GOFUMPT_VERSION ?= v0.5.0 | ||
GORELEASER_VERSION ?= 1.20.0 | ||
|
||
.PHONY: fmt | ||
fmt: | ||
go fmt $$(go list ./...) | ||
go run mvdan.cc/gofumpt@$(GOFUMPT_VERSION) -l -w . | ||
|
||
.PHONY: test | ||
test: | ||
go test -v ./... | ||
|
||
.PHONY: build | ||
build: | ||
mkdir -p build/plugins | ||
go run github.com/goreleaser/goreleaser@v$(GORELEASER_VERSION) \ | ||
build --clean --snapshot --single-target \ | ||
--output build/plugins/vault-plugin-auth-jwt-auto-roles | ||
|
||
.PHONY: start | ||
start: build | ||
vault server -dev -dev-root-token-id=root -dev-plugin-dir=./build/plugins | ||
|
||
.PHONY: enable | ||
enable: | ||
vault auth enable -path=multirole-jwt vault-plugin-auth-jwt-auto-roles | ||
|
||
.PHONY: disable | ||
disable: | ||
vault auth disable multirole-jwt | ||
vault plugin deregister auth vault-plugin-auth-jwt-auto-roles | ||
|
||
auth=jwt | ||
config: | ||
for role in $(shell vault list -format=json auth/$(auth)/role | jq -r .[]); \ | ||
do vault read -format json "auth/$(auth)/role/$${role}" | jq "{\"$${role}\":.data.bound_claims}"; done \ | ||
| jq -s add \ | ||
| jq '{jwt_auth_host:"${VAULT_ADDR}",jwt_auth_path:"$(auth)",roles:.}' \ | ||
> config.json | ||
|
||
.PHONY: configure | ||
configure: | ||
vault write auth/multirole-jwt/config @config.json | ||
|
||
.PHONY: clean | ||
clean: | ||
rm -rf ./bin ./build ./dist config.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package main | ||
|
||
import ( | ||
"log" | ||
"os" | ||
|
||
"github.com/hashicorp/vault/api" | ||
"github.com/hashicorp/vault/sdk/plugin" | ||
|
||
"github.com/statnett/vault-plugin-auth-jwt-auto-roles/internal/jwtauth" | ||
) | ||
|
||
func main() { | ||
apiClientMeta := &api.PluginAPIClientMeta{} | ||
flags := apiClientMeta.FlagSet() | ||
|
||
if err := flags.Parse(os.Args[1:]); err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
tlsConfig := apiClientMeta.GetTLSConfig() | ||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig) | ||
|
||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{ | ||
BackendFactoryFunc: jwtauth.Factory, | ||
TLSProviderFunc: tlsProviderFunc, | ||
}); err != nil { | ||
log.Fatal(err) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
module github.com/statnett/vault-plugin-auth-jwt-auto-roles | ||
|
||
go 1.21 | ||
|
||
require ( | ||
github.com/go-test/deep v1.1.0 | ||
github.com/hashicorp/vault-client-go v0.3.3 | ||
github.com/hashicorp/vault/sdk v0.9.2 | ||
) | ||
|
||
require ( | ||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.0 // indirect | ||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect | ||
github.com/hashicorp/go-rootcerts v1.0.2 // indirect | ||
github.com/hashicorp/go-version v1.6.0 // indirect | ||
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect | ||
github.com/mitchellh/go-homedir v1.1.0 // indirect | ||
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect | ||
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect | ||
) | ||
|
||
require ( | ||
github.com/armon/go-metrics v0.4.1 // indirect | ||
github.com/armon/go-radix v1.0.0 // indirect | ||
github.com/evanphx/json-patch/v5 v5.6.0 // indirect | ||
github.com/fatih/color v1.15.0 // indirect | ||
github.com/golang-jwt/jwt/v5 v5.0.0 | ||
github.com/golang/protobuf v1.5.3 // indirect | ||
github.com/golang/snappy v0.0.4 // indirect | ||
github.com/google/go-cmp v0.5.9 | ||
github.com/hashicorp/errwrap v1.1.0 // indirect | ||
github.com/hashicorp/go-hclog v1.5.0 | ||
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect | ||
github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect | ||
github.com/hashicorp/go-kms-wrapping/v2 v2.0.12 // indirect | ||
github.com/hashicorp/go-multierror v1.1.1 // indirect | ||
github.com/hashicorp/go-plugin v1.5.0 // indirect | ||
github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect | ||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect | ||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect | ||
github.com/hashicorp/go-sockaddr v1.0.4 // indirect | ||
github.com/hashicorp/go-uuid v1.0.3 // indirect | ||
github.com/hashicorp/golang-lru v1.0.2 // indirect | ||
github.com/hashicorp/vault/api v1.9.2 | ||
github.com/hashicorp/yamux v0.1.1 // indirect | ||
github.com/mattn/go-colorable v0.1.13 // indirect | ||
github.com/mattn/go-isatty v0.0.19 // indirect | ||
github.com/mitchellh/copystructure v1.2.0 // indirect | ||
github.com/mitchellh/go-testing-interface v1.14.1 // indirect | ||
github.com/mitchellh/mapstructure v1.5.0 // indirect | ||
github.com/mitchellh/reflectwalk v1.0.2 // indirect | ||
github.com/oklog/run v1.1.0 // indirect | ||
github.com/pierrec/lz4 v2.6.1+incompatible // indirect | ||
github.com/pkg/errors v0.9.1 | ||
github.com/ryanuber/go-glob v1.0.0 // indirect | ||
go.uber.org/atomic v1.11.0 // indirect | ||
golang.org/x/crypto v0.12.0 // indirect | ||
golang.org/x/net v0.14.0 // indirect | ||
golang.org/x/sys v0.12.0 // indirect | ||
golang.org/x/text v0.13.0 // indirect | ||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect | ||
google.golang.org/grpc v1.57.0 // indirect | ||
google.golang.org/protobuf v1.31.0 // indirect | ||
) |
Oops, something went wrong.