From 0b7e7190b523c36ee28051461af976f9568ccec5 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Sun, 19 Apr 2015 15:17:24 -0700
Subject: [PATCH] credentials/userpass: integrate into auth cli

---
 builtin/credential/userpass/cli.go | 57 ++++++++++++++++++++++++++++++
 cli/commands.go                    |  9 +++--
 2 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 builtin/credential/userpass/cli.go

diff --git a/builtin/credential/userpass/cli.go b/builtin/credential/userpass/cli.go
new file mode 100644
index 000000000..740bfb387
--- /dev/null
+++ b/builtin/credential/userpass/cli.go
@@ -0,0 +1,57 @@
+package userpass
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/vault/api"
+	"github.com/mitchellh/mapstructure"
+)
+
+type CLIHandler struct{}
+
+func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (string, error) {
+	var data struct {
+		Username string `mapstructure:"username"`
+		Password string `mapstructure:"password"`
+		Mount    string `mapstructure:"mount"`
+	}
+	if err := mapstructure.WeakDecode(m, &data); err != nil {
+		return "", err
+	}
+
+	if data.Username == "" || data.Password == "" {
+		return "", fmt.Errorf("Both 'username' and 'password' must be specified")
+	}
+	if data.Mount == "" {
+		data.Mount = "userpass"
+	}
+
+	path := fmt.Sprintf("auth/%s/login/%s", data.Mount, data.Username)
+	secret, err := c.Logical().Write(path, map[string]interface{}{
+		"password": data.Password,
+	})
+	if err != nil {
+		return "", err
+	}
+	if secret == nil {
+		return "", fmt.Errorf("empty response from credential provider")
+	}
+
+	return secret.Auth.ClientToken, nil
+}
+
+func (h *CLIHandler) Help() string {
+	help := `
+The "userpass" credential provider allows you to authenticate with
+a username and password. To use it, specify the "username" and "password"
+vars with the "-var" flag.
+
+    Example: vault auth -method=userpass \
+      -var="username=<user>"
+      -var="password=<password>"
+
+	`
+
+	return strings.TrimSpace(help)
+}
diff --git a/cli/commands.go b/cli/commands.go
index 783dde870..303a69b5d 100644
--- a/cli/commands.go
+++ b/cli/commands.go
@@ -7,6 +7,7 @@ import (
 
 	credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
+	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 
 	"github.com/hashicorp/vault/builtin/logical/aws"
 	"github.com/hashicorp/vault/builtin/logical/consul"
@@ -49,8 +50,9 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
 					"file": auditFile.Factory,
 				},
 				CredentialBackends: map[string]logical.Factory{
-					"app-id": credAppId.Factory,
-					"github": credGitHub.Factory,
+					"app-id":   credAppId.Factory,
+					"github":   credGitHub.Factory,
+					"userpass": credUserpass.Factory,
 				},
 				LogicalBackends: map[string]logical.Factory{
 					"aws":        aws.Factory,
@@ -71,7 +73,8 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
 			return &command.AuthCommand{
 				Meta: meta,
 				Handlers: map[string]command.AuthHandler{
-					"github": &credGitHub.CLIHandler{},
+					"github":   &credGitHub.CLIHandler{},
+					"userpass": &credUserpass.CLIHandler{},
 				},
 			}, nil
 		},