From 4d487c5d0fe322f39a86316d7263d420cfa38e1b Mon Sep 17 00:00:00 2001 From: dttung2905 Date: Wed, 29 Mar 2023 23:26:02 +0800 Subject: [PATCH 1/2] Add custom Vault Authentication Path when using k8s login method Signed-off-by: dttung2905 --- .../io/github/jopenlibs/vault/api/Auth.java | 29 ++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/github/jopenlibs/vault/api/Auth.java b/src/main/java/io/github/jopenlibs/vault/api/Auth.java index d9800f38..316931eb 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/Auth.java +++ b/src/main/java/io/github/jopenlibs/vault/api/Auth.java @@ -987,12 +987,39 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA // TODO: Needs integration test coverage if possible public AuthResponse loginByJwt(final String provider, final String role, final String jwt) throws VaultException { + + return loginByJwt(provider, role, jwt, "auth/" + provider); + } + + /** + *

Basic login operation to authenticate to an JWT backend. Example usage:

+ * + *
+ * 
{@code
+     * final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
+     *
+     * final String token = response.getAuthClientToken();
+     * }
+ *
+ * + * @param provider Provider of JWT token. + * @param role The gcp role used for authentication + * @param jwt The JWT token for the role + * @param authPath The Authentication Path for Vault + * @return The auth token, with additional response metadata + * @throws VaultException If any error occurs, or unexpected response received from Vault + */ + // TODO: Needs integration test coverage if possible + public AuthResponse loginByJwt(final String provider, final String role, final String jwt, + String authPath) + throws VaultException { + return retry(attempt -> { // HTTP request to Vault final String requestJson = Json.object().add("role", role).add("jwt", jwt) .toString(); final RestResponse restResponse = new Rest() - .url(config.getAddress() + "/v1/auth/" + provider + "/login") + .url(config.getAddress() + "/v1/" + authPath + "/login") .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) From 86fd23c2714ef130019a926e7f66416c7f9cc904 Mon Sep 17 00:00:00 2001 From: dttung2905 Date: Wed, 29 Mar 2023 23:39:16 +0800 Subject: [PATCH 2/2] Minor fix on docstring section Signed-off-by: dttung2905 --- src/main/java/io/github/jopenlibs/vault/api/Auth.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/io/github/jopenlibs/vault/api/Auth.java b/src/main/java/io/github/jopenlibs/vault/api/Auth.java index 316931eb..5a8b91ae 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/Auth.java +++ b/src/main/java/io/github/jopenlibs/vault/api/Auth.java @@ -992,11 +992,11 @@ public AuthResponse loginByJwt(final String provider, final String role, final S } /** - *

Basic login operation to authenticate to an JWT backend. Example usage:

+ *

Basic login operation to authenticate to an JWT backend with custom authentication path. Example usage:

* *
* 
{@code
-     * final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
+     * final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "custom/path");
      *
      * final String token = response.getAuthClientToken();
      * }
@@ -1069,7 +1069,7 @@ public AuthResponse loginByGCP(final String role, final String jwt) throws Vault /** - * Basic login operation to authenticate to an kubernetes backend. Example usage: + * Basic login operation to authenticate to a kubernetes backend. Example usage: * *
*