drv54591
drv54591
2017-02-28 18:08

使用Vault API软件包的身份验证方法

已采纳

I am trying to use the Vault Golang Package to authenticate using the API.

I created a new client, and then can set my token:

client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})

 if err != nil {
   return nil, errors.Wrap(err, "could not create vault client")
 }

client.SetToken(token)

That's great and all, but I want to auth against the API using one of the other auth methods, (LDAP, Userpass etc)

Is this even possible? How can I retrieve a token using the API?

I guess I could just use net/http to retrieve the token using an API call, but is there any method to actually auth in another way?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dsdsm2016 dsdsm2016 4年前

    I managed to figure this out, eventually. It's not totally obvious, but makes sense.

    Vault has a generic write method it uses to write data. You can utilise this to perform a login with the API by simply building the URL and sending a PUT request to that endpoint

    It looks a bit like this:

    // create a vault client
    client, err := api.NewClient(&api.Config{Address: url, HttpClient: httpClient})
    if err != nil {
        panic(err)
    }
    
    // to pass the password
    options := map[string]interface{}{
       "password": password,        
    }
    
    // the login path
    // this is configurable, change userpass to ldap etc
    path := fmt.Sprintf("auth/userpass/login/%s", username)
    
    // PUT call to get a token
    secret, err := client.Logical().Write(path, options)
    
    点赞 评论 复制链接分享