open-vault/builtin/credential/cert/cli.go

62 lines
1.3 KiB
Go
Raw Normal View History

2015-06-30 03:29:41 +00:00
package cert
import (
"fmt"
"strings"
"github.com/hashicorp/vault/api"
"github.com/mitchellh/mapstructure"
)
type CLIHandler struct{}
func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, error) {
2015-06-30 03:29:41 +00:00
var data struct {
Mount string `mapstructure:"mount"`
Name string `mapstructure:"name"`
2015-06-30 03:29:41 +00:00
}
if err := mapstructure.WeakDecode(m, &data); err != nil {
return nil, err
2015-06-30 03:29:41 +00:00
}
if data.Mount == "" {
data.Mount = "cert"
}
options := map[string]interface{}{
"name": data.Name,
}
2015-06-30 03:29:41 +00:00
path := fmt.Sprintf("auth/%s/login", data.Mount)
secret, err := c.Logical().Write(path, options)
2015-06-30 03:29:41 +00:00
if err != nil {
return nil, err
2015-06-30 03:29:41 +00:00
}
if secret == nil {
return nil, fmt.Errorf("empty response from credential provider")
2015-06-30 03:29:41 +00:00
}
return secret, nil
2015-06-30 03:29:41 +00:00
}
func (h *CLIHandler) Help() string {
help := `
Usage: vault login -method=cert [CONFIG K=V...]
2015-06-30 03:29:41 +00:00
2018-03-20 18:54:10 +00:00
The certificate auth method allows users to authenticate with a
2017-09-02 22:49:55 +00:00
client certificate passed with the request. The -client-cert and -client-key
flags are included with the "vault login" command, NOT as configuration to the
auth method.
2015-06-30 03:29:41 +00:00
2017-09-02 22:49:55 +00:00
Authenticate using a local client certificate:
$ vault login -method=cert -client-cert=cert.pem -client-key=key.pem
2017-09-02 22:49:55 +00:00
Configuration:
name=<string>
Certificate role to authenticate against.
`
2015-06-30 03:29:41 +00:00
return strings.TrimSpace(help)
}