mirror of
https://github.com/Luzifer/vault2env.git
synced 2024-12-20 20:21:20 +00:00
Breaking: Remove deprecated AppID authentication
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
fbb9c92319
commit
3d36311495
1 changed files with 1 additions and 17 deletions
18
main.go
18
main.go
|
@ -17,11 +17,7 @@ import (
|
||||||
var (
|
var (
|
||||||
cfg = struct {
|
cfg = struct {
|
||||||
VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
|
VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
|
||||||
AppIDAuth struct {
|
AppRoleAuth struct {
|
||||||
AppID string `flag:"vault-app-id" env:"VAULT_APP_ID" default:"" description:"[DEPRECATED] The app-id to use for authentication"`
|
|
||||||
UserID string `flag:"vault-user-id" env:"VAULT_USER_ID" default:"" description:"[DEPRECATED] The user-id to use for authentication"`
|
|
||||||
}
|
|
||||||
AppRoleAuth struct {
|
|
||||||
RoleID string `flag:"vault-role-id" env:"VAULT_ROLE_ID" default:"" description:"ID of the role to use"`
|
RoleID string `flag:"vault-role-id" env:"VAULT_ROLE_ID" default:"" description:"ID of the role to use"`
|
||||||
SecretID string `flag:"vault-secret-id" env:"VAULT_SECRET_ID" default:"" description:"Corresponding secret ID to the role"`
|
SecretID string `flag:"vault-secret-id" env:"VAULT_SECRET_ID" default:"" description:"Corresponding secret ID to the role"`
|
||||||
}
|
}
|
||||||
|
@ -98,23 +94,11 @@ func main() {
|
||||||
client.SetToken(loginSecret.Auth.ClientToken)
|
client.SetToken(loginSecret.Auth.ClientToken)
|
||||||
defer client.Auth().Token().RevokeSelf(client.Token())
|
defer client.Auth().Token().RevokeSelf(client.Token())
|
||||||
|
|
||||||
case cfg.AppIDAuth.AppID != "" && cfg.AppIDAuth.UserID != "":
|
|
||||||
loginSecret, lserr := client.Logical().Write("auth/app-id/login/"+cfg.AppIDAuth.AppID, map[string]interface{}{
|
|
||||||
"user_id": cfg.AppIDAuth.UserID,
|
|
||||||
})
|
|
||||||
if lserr != nil || loginSecret.Auth == nil {
|
|
||||||
log.Fatalf("Unable to fetch authentication token: %s", lserr)
|
|
||||||
}
|
|
||||||
|
|
||||||
client.SetToken(loginSecret.Auth.ClientToken)
|
|
||||||
defer client.Auth().Token().RevokeSelf(client.Token())
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
log.Fatalf(strings.Join([]string{
|
log.Fatalf(strings.Join([]string{
|
||||||
"[ERR] Did not find any authentication method. Try one of these:",
|
"[ERR] Did not find any authentication method. Try one of these:",
|
||||||
"- Specify `--vault-token` for token based authentication",
|
"- Specify `--vault-token` for token based authentication",
|
||||||
"- Specify `--vault-role-id` and optionally `--vault-secret-id` for AppRole authentication",
|
"- Specify `--vault-role-id` and optionally `--vault-secret-id` for AppRole authentication",
|
||||||
"- Specify `--vault-app-id` and `--vault-user-id` for deprecated AppID authentication",
|
|
||||||
}, "\n"))
|
}, "\n"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue