Class: Vault::Authenticate

Inherits:
Request
  • Object
show all
Defined in:
lib/settings_reader/vault_resolver/patches/authenticate.rb

Overview

Monkey patch to support k8s authenticaiton. Taken from github.com/hashicorp/vault-ruby/pull/202

Instance Method Summary collapse

Instance Method Details

#kubernetes(role, route: nil, service_token_path: nil) ⇒ Object 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
# File 'lib/settings_reader/vault_resolver/patches/authenticate.rb', line 4

def kubernetes(role, route: nil, service_token_path: nil)
  route ||= "/v1/auth/#{SettingsReader::VaultResolver::Engines::Auth::AUTH_BACKEND}/login"
  service_token_path ||= '/var/run/secrets/tokens/dynamic-sa-token'

  payload = {
    role: role,
    jwt: File.read(service_token_path)
  }

  json = client.post(route, JSON.fast_generate(payload))

  secret = Secret.decode(json)
  client.token = secret.auth.client_token

  secret
end