open-vault/builtin/credential/userpass/cli.go

84 lines
2.0 KiB
Go
Raw Normal View History

package userpass
import (
"fmt"
2015-07-28 04:11:35 +00:00
"os"
"strings"
"github.com/hashicorp/vault/api"
2015-07-28 04:11:35 +00:00
pwd "github.com/hashicorp/vault/helper/password"
"github.com/mitchellh/mapstructure"
)
type CLIHandler struct{}
func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (string, error) {
var data struct {
Username string `mapstructure:"username"`
Password string `mapstructure:"password"`
Mount string `mapstructure:"mount"`
2015-07-28 04:11:35 +00:00
Method string `mapstructure:"method"`
Passcode string `mapstructure:"passcode"`
}
if err := mapstructure.WeakDecode(m, &data); err != nil {
return "", err
}
2015-07-28 04:11:35 +00:00
if data.Username == "" {
return "", fmt.Errorf("'username' must be specified")
}
if data.Password == "" {
fmt.Printf("Password (will be hidden): ")
2015-07-28 18:55:46 +00:00
password, err := pwd.Read(os.Stdin)
2015-07-28 04:11:35 +00:00
fmt.Println()
if err != nil {
return "", err
}
2015-07-28 18:55:46 +00:00
data.Password = password
}
if data.Mount == "" {
data.Mount = "userpass"
}
2015-07-28 04:11:35 +00:00
options := map[string]interface{}{
"password": data.Password,
2015-07-28 04:11:35 +00:00
}
if data.Method != "" {
options["method"] = data.Method
}
if data.Passcode != "" {
options["passcode"] = data.Passcode
}
path := fmt.Sprintf("auth/%s/login/%s", data.Mount, data.Username)
secret, err := c.Logical().Write(path, options)
if err != nil {
return "", err
}
if secret == nil {
return "", fmt.Errorf("empty response from credential provider")
}
return secret.Auth.ClientToken, nil
}
func (h *CLIHandler) Help() string {
help := `
The "userpass" credential provider allows you to authenticate with
a username and password. To use it, specify the "username" and "password"
2015-07-28 04:11:35 +00:00
parameters. If password is not provided on the command line, it will be
read from stdin.
If multi-factor authentication (MFA) is enabled, a "method" and/or "passcode"
may be provided depending on the MFA backend enabled. To check
which MFA backend is in use, read "auth/[mount]/mfa_config".
Example: vault auth -method=userpass \
2015-05-08 15:45:29 +00:00
username=<user> \
password=<password>
`
return strings.TrimSpace(help)
}