View Source Vault.Auth.Generic (libvault v0.2.4)

A Generic Auth Adapter. An alternative to writing your own adapter.

Link to this section Summary

Functions

Authenticate with a custom auth method. Provide options for the request, and how to parse the response.

Link to this section Types

@type params() :: %{request: request(), response: response()}
@type request() :: %{path: String.t(), method: :post, body: map()}
@type response() :: %{token: [String.t()], ttl: [String.t()]}

Link to this section Functions

@spec login(Vault.t(), params()) :: Vault.Auth.Adapter.response()

Authenticate with a custom auth method. Provide options for the request, and how to parse the response.

examples

Examples

request defines parameters for the request to vault

  • path- the path for authentication, after "auth" If you want to authenticate against https://myvault.com/v1/auth/jwt/login, then the path would be jwt/login
  • method- one of :get, :post, :put, :patch, :delete, defaults to :post
  • body- any params needed to login. Defaults to %{}

response defines parameters for parsing the response.

  • token_path - a list of properties that describe the JSON path to a token. Defaults to ["auth", "client_token"]
  • ttl_path - a list of properties that describe the JSON path to the ttl, or lease duration. Defaults to ["auth", "lease_duration"]

The following would provide a minimal adapter for the JWT backend:

{:ok, token, ttl} = Vault.Auth.Generic.login(vault, %{
  request: %{
    path: "/jwt/login",
    body: %{role: "my-role", jwt: "my-jwt" },
  }
})

Here's the above example as part of the full Vault client flow. On success, it returns an authenticated vault client.

vault =
  Vault.new([
    auth: Vault.Auth.Generic,
    http: Vault.HTTP.Tesla,
    engine: Vault.KVV2
  ])

{:ok, vault} = Vault.auth(vault, %{
  request: %{
    path: "/jwt/login",
    body: %{role: "my-role", jwt: "my-jwt" },
  }
})

Here's a more explicit example, with every option configured.


vault =
  Vault.new([
    auth: Vault.Auth.Generic,
    http: Vault.HTTP.Tesla,
    engine: Vault.KVV2
  ])

{:ok, vault} = Vault.auth(vault, %{
  request:
    path: "/jwt/login",
    method: :post,
    body: %{role: "my-role", jwt: "my-jwt" },
  response: %{
    token: ["auth", "client_token"],
    ttl: ["auth", "lease_duration"]
  }
})