Add kubernetes auth method

hashicorp · Apr 27, 2018 · 7c65e0b · 7c65e0b
1 parent b1a79c4
commit 7c65e0b
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/lib/vault/api/auth.rb b/lib/vault/api/auth.rb
@@ -242,6 +242,41 @@ def aws_iam(role, credentials_provider, iam_auth_header_value = nil, sts_endpoin
       return secret
     end
 
+    # Authenticate via the kubernetes authentication method. If authentication is
+    # successful, the resulting token will be stored on the client and used
+    # for future requests.
+    #
+    # @example
+    #   Vault.auth.kubernetes("default", "/var/run/secrets/kubernetes.io/serviceaccount/token")
+    #   #=> #<Vault::Secret lease_id="">
+    #
+    # @param [String] role
+    # @param [String] service_account_path optional
+    #   Path on filesystem of service account token secret.
+    # @param [String] route optional
+    #
+    # @return [Secret]
+    def kubernetes(role, service_account_path = nil, route = nil)
+      route ||= '/v1/auth/kubernetes/login'
+      service_account_path ||=
+        '/var/run/secrets/kubernetes.io/serviceaccount/token'
+
+      payload = {
+        role: role,
+        jwt: File.read(service_account_path)
+      }
+
+      json = client.post(
+        route,
+        JSON.fast_generate(payload)
+      )
+
+      secret = Secret.decode(json)
+      client.token = secret.auth.client_token
+
+      return secret
+    end
+
     # Authenticate via a TLS authentication method. If authentication is
     # successful, the resulting token will be stored on the client and used
     # for future requests.