Skip to content

Commit

Permalink
Vault AppRole Auth
Browse files Browse the repository at this point in the history
Closes #6
  • Loading branch information
lucymhdavies committed Jun 13, 2021
1 parent cf3e3d7 commit 47d73a3
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 30 deletions.
22 changes: 0 additions & 22 deletions TODO.md

This file was deleted.

56 changes: 48 additions & 8 deletions client.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package federate

import (
"fmt"
"os"
"sync"

vaultAPI "github.com/hashicorp/vault/api"
Expand All @@ -10,33 +11,35 @@ import (

type Client struct {
Slack *Slack
//Vault *vaultAPI.Client
Vault *vaultAPI.Client

// TODO: Discord
// TODO: Other Things
}

func NewClient() (*Client, error) {
// TODO: Vault auth, e.g. AWS or AppRole

c := &Client{}

vaultClient, err := vaultAPI.NewClient(
vaultAPI.DefaultConfig(),
)
if err != nil {
return nil, fmt.Errorf("error creating Vault Client: %v", err)
}

// TODO: AppRole/AWS/Etc. Auth
c.Vault = vaultClient
err = c.VaultAuth()
if err != nil {
return nil, fmt.Errorf("error authenticating with Vault: %v", err)
}

// Update Slack(s)
slacks, err := NewSlack(vaultClient)
if err != nil {
return nil, fmt.Errorf("error creating Slack Clients: %v", err)
}
c.Slack = slacks

c := &Client{
Slack: slacks,
//Vault: vaultClient,
}
return c, nil
}

Expand Down Expand Up @@ -88,3 +91,40 @@ func (c Client) Update(name, avatar string) error {

return nil
}

func (c Client) VaultAuth() error {
if os.ExpandEnv("${VAULT_APPROLE_ROLE_ID}") != "" {

if os.ExpandEnv("${VAULT_APPROLE_SECRET_ID}") != "" {
log.Debugf("AppRole Auth with Secret ID")

token, err := c.Vault.Logical().Write("auth/approle/login", map[string]interface{}{
"role_id": os.ExpandEnv("${VAULT_APPROLE_ROLE_ID}"),
"secret_id": os.ExpandEnv("${VAULT_APPROLE_SECRET_ID}"),
})
if err != nil {
return fmt.Errorf("error authenticating with AppRole: %v", err)
}

c.Vault.SetToken(token.Auth.ClientToken)

return nil
}

log.Debugf("AppRole Auth without Secret ID")

token, err := c.Vault.Logical().Write("auth/approle/login", map[string]interface{}{
"role_id": os.ExpandEnv("${VAULT_APPROLE_ROLE_ID}"),
})
if err != nil {
return fmt.Errorf("error authenticating with AppRole: %v", err)
}

c.Vault.SetToken(token.Auth.ClientToken)

return nil
}

// TODO: Do we want to do an auth/token/lookup-self to check if we have a token already from env?
return nil
}

0 comments on commit 47d73a3

Please sign in to comment.