View Source Vault.Auth.Generic (libvault v0.2.4)
A Generic Auth Adapter. An alternative to writing your own adapter.
Link to this section Summary
Functions
Authenticate with a custom auth method. Provide options for the request, and how to parse the response.
Link to this section Types
Link to this section Functions
@spec login(Vault.t(), params()) :: Vault.Auth.Adapter.response()
Authenticate with a custom auth method. Provide options for the request, and how to parse the response.
examples
Examples
request
defines parameters for the request to vault
path
- the path for authentication, after "auth" If you want to authenticate againsthttps://myvault.com/v1/auth/jwt/login
, then the path would bejwt/login
method
- one of:get
,:post
,:put
,:patch
,:delete
, defaults to:post
body
- any params needed to login. Defaults to%{}
response
defines parameters for parsing the response.
token_path
- a list of properties that describe the JSON path to a token. Defaults to["auth", "client_token"]
ttl_path
- a list of properties that describe the JSON path to the ttl, or lease duration. Defaults to ["auth", "lease_duration"]
The following would provide a minimal adapter for the JWT backend:
{:ok, token, ttl} = Vault.Auth.Generic.login(vault, %{
request: %{
path: "/jwt/login",
body: %{role: "my-role", jwt: "my-jwt" },
}
})
Here's the above example as part of the full Vault client flow. On success, it returns an authenticated vault client.
vault =
Vault.new([
auth: Vault.Auth.Generic,
http: Vault.HTTP.Tesla,
engine: Vault.KVV2
])
{:ok, vault} = Vault.auth(vault, %{
request: %{
path: "/jwt/login",
body: %{role: "my-role", jwt: "my-jwt" },
}
})
Here's a more explicit example, with every option configured.
vault =
Vault.new([
auth: Vault.Auth.Generic,
http: Vault.HTTP.Tesla,
engine: Vault.KVV2
])
{:ok, vault} = Vault.auth(vault, %{
request:
path: "/jwt/login",
method: :post,
body: %{role: "my-role", jwt: "my-jwt" },
response: %{
token: ["auth", "client_token"],
ttl: ["auth", "lease_duration"]
}
})