Class: Vault::Authenticate
Instance Attribute Summary
Attributes inherited from Request
Instance Method Summary collapse
-
#app_id(app_id, user_id, options = {}) ⇒ Secret
Authenticate via the “app-id” authentication method.
-
#approle(role_id, secret_id = nil) ⇒ Secret
Authenticate via the “approle” authentication method.
-
#aws_ec2(role, pkcs7, nonce) ⇒ Secret
Authenticate via the AWS EC2 authentication method.
-
#github(github_token) ⇒ Secret
Authenticate via the GitHub authentication method.
-
#ldap(username, password, options = {}) ⇒ Secret
Authenticate via the “ldap” authentication method.
-
#tls(pem = nil) ⇒ Secret
Authenticate via a TLS authentication method.
-
#token(new_token) ⇒ Secret
Authenticate via the “token” authentication method.
-
#userpass(username, password, options = {}) ⇒ Secret
Authenticate via the “userpass” authentication method.
Methods inherited from Request
Methods included from EncodePath
Constructor Details
This class inherits a constructor from Vault::Request
Instance Method Details
#app_id(app_id, user_id, options = {}) ⇒ Secret
Authenticate via the “app-id” authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
69 70 71 72 73 74 75 |
# File 'lib/vault/api/auth.rb', line 69 def app_id(app_id, user_id, = {}) payload = { app_id: app_id, user_id: user_id }.merge() json = client.post("/v1/auth/app-id/login", JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#approle(role_id, secret_id = nil) ⇒ Secret
Authenticate via the “approle” authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
92 93 94 95 96 97 98 99 |
# File 'lib/vault/api/auth.rb', line 92 def approle(role_id, secret_id=nil) payload = { role_id: role_id } payload[:secret_id] = secret_id if secret_id json = client.post("/v1/auth/approle/login", JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#aws_ec2(role, pkcs7, nonce) ⇒ Secret
Authenticate via the AWS EC2 authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
179 180 181 182 183 184 185 |
# File 'lib/vault/api/auth.rb', line 179 def aws_ec2(role, pkcs7, nonce) payload = { role: role, pkcs7: pkcs7, nonce: nonce } json = client.post('/v1/auth/aws-ec2/login', JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#github(github_token) ⇒ Secret
Authenticate via the GitHub authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
158 159 160 161 162 163 164 |
# File 'lib/vault/api/auth.rb', line 158 def github(github_token) payload = {token: github_token} json = client.post("/v1/auth/github/login", JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#ldap(username, password, options = {}) ⇒ Secret
Authenticate via the “ldap” authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
140 141 142 143 144 145 146 |
# File 'lib/vault/api/auth.rb', line 140 def ldap(username, password, = {}) payload = { password: password }.merge() json = client.post("/v1/auth/ldap/login/#{encode_path(username)}", JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#tls(pem = nil) ⇒ Secret
Authenticate via a TLS authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
201 202 203 204 205 206 207 208 209 |
# File 'lib/vault/api/auth.rb', line 201 def tls(pem = nil) new_client = client.dup new_client.ssl_pem_contents = pem if !pem.nil? json = new_client.post("/v1/auth/cert/login") secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |
#token(new_token) ⇒ Secret
Authenticate via the “token” authentication method. This authentication method is a bit bizarre because you already have a token, but hey, whatever floats your boat.
This method hits the ‘/v1/auth/token/lookup-self` endpoint after setting the Vault client’s token to the given token parameter. If the self lookup succeeds, the token is persisted onto the client for future requests. If the lookup fails, the old token (which could be unset) is restored on the client.
34 35 36 37 38 39 40 41 42 43 |
# File 'lib/vault/api/auth.rb', line 34 def token(new_token) old_token = client.token client.token = new_token json = client.get("/v1/auth/token/lookup-self") secret = Secret.decode(json) return secret rescue client.token = old_token raise end |
#userpass(username, password, options = {}) ⇒ Secret
Authenticate via the “userpass” authentication method. If authentication is successful, the resulting token will be stored on the client and used for future requests.
118 119 120 121 122 123 124 |
# File 'lib/vault/api/auth.rb', line 118 def userpass(username, password, = {}) payload = { password: password }.merge() json = client.post("/v1/auth/userpass/login/#{encode_path(username)}", JSON.fast_generate(payload)) secret = Secret.decode(json) client.token = secret.auth.client_token return secret end |