2018-04-24 23:48:50 +02:00
|
|
|
package vault
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"github.com/drone/drone/plugins/internal"
|
|
|
|
"io/ioutil"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
/*
|
|
|
|
Vault JSON Response
|
|
|
|
{
|
|
|
|
"auth": {
|
|
|
|
"client_token" = "token",
|
2018-05-03 01:54:34 +02:00
|
|
|
"lease_duration" = 1234
|
2018-04-24 23:48:50 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
2018-04-27 23:22:20 +02:00
|
|
|
type vaultAuth struct {
|
2018-04-24 23:48:50 +02:00
|
|
|
Token string `json:"client_token"`
|
2018-05-03 01:54:34 +02:00
|
|
|
Lease int `json:"lease_duration"`
|
2018-04-24 23:48:50 +02:00
|
|
|
}
|
2018-04-27 23:22:20 +02:00
|
|
|
type vaultResp struct {
|
|
|
|
Auth vaultAuth
|
2018-04-24 23:48:50 +02:00
|
|
|
}
|
|
|
|
|
2018-04-27 23:22:20 +02:00
|
|
|
func getKubernetesToken(addr, role, mount, tokenFile string) (string, time.Duration, error) {
|
2018-04-24 23:48:50 +02:00
|
|
|
b, err := ioutil.ReadFile(tokenFile)
|
|
|
|
if err != nil {
|
|
|
|
return "", 0, err
|
|
|
|
}
|
|
|
|
|
2018-04-27 23:22:20 +02:00
|
|
|
var resp vaultResp
|
|
|
|
path := fmt.Sprintf("%s/v1/auth/%s/login", addr, mount)
|
2018-04-24 23:48:50 +02:00
|
|
|
data := map[string]string{
|
|
|
|
"jwt": string(b),
|
|
|
|
"role": role,
|
|
|
|
}
|
|
|
|
|
|
|
|
err = internal.Send("POST", path, data, &resp)
|
|
|
|
if err != nil {
|
|
|
|
return "", 0, err
|
|
|
|
}
|
|
|
|
|
2018-05-03 01:54:34 +02:00
|
|
|
ttl := time.Duration(resp.Auth.Lease) * time.Second
|
2018-04-25 00:26:12 +02:00
|
|
|
|
2018-04-24 23:48:50 +02:00
|
|
|
return resp.Auth.Token, ttl, nil
|
|
|
|
}
|