Skip to content

Commit

Permalink
Add kubernetes auth method
Browse files Browse the repository at this point in the history
  • Loading branch information
ls-brentsmith committed Apr 27, 2018
1 parent b1a79c4 commit ee1ef2c
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions lib/vault/api/auth.rb
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,41 @@ def aws_iam(role, credentials_provider, iam_auth_header_value = nil, sts_endpoin
return secret
end

# Authenticate via the kubernetes authentication method. If authentication is
# successful, the resulting token will be stored on the client and used
# for future requests.
#
# @example
# Vault.auth.aws_ec2("default", "/var/run/secrets/kubernetes.io/serviceaccount/token")
# #=> #<Vault::Secret lease_id="">
#
# @param [String] role
# @param [String] service_account_path optional
# Path on filesystem of service account token secret.
# @param [String] route optional
#
# @return [Secret]
def kubernetes(role, service_account_path = nil, route = nil)
route ||= '/v1/auth/kubernetes/login'
service_account_path ||=
'/var/run/secrets/kubernetes.io/serviceaccount/token'

payload = {
role: role,
jwt: File.read(service_account_path)
}

json = client.post(
route,
JSON.fast_generate(payload)
)

secret = Secret.decode(json)
client.token = secret.auth.client_token

return secret
end

# Authenticate via a TLS authentication method. If authentication is
# successful, the resulting token will be stored on the client and used
# for future requests.
Expand Down

0 comments on commit ee1ef2c

Please sign in to comment.