node-vault
node-vault copied to clipboard
Changing the default path of auth login like kubernetes
I'm wondering if there's a way to change the default path of the kubernetes login.
In the documentation, the CLI allows you to do it: https://www.vaultproject.io/docs/auth/kubernetes.html
Say for example I wanted to goto: auth/kubernetes-rancher/login
But I noticed in the code for this library, it's based on "mount_point" of some sort. But it's not clear to me how to set this beforehand.
Is this feature missing or am I just not understanding it correctly?
having a similar issue here @EZEDSEA. Did you ever find a solution?
The solution we used was basically not use this library for auth login. We made a rest call instead to the endpoint we wanted. And then used this lib after auth.
I might have run into this also, not sure yet (still troubleshooting).
The way I interpret the documentation, it seems to indicate that this should be supported though? https://github.com/kr1sp1n/node-vault/blob/master/features.md#vaultkuberneteslogin
Edit: Got it to work by using that feature.
@MPV could you share how you got it to work with a custom path?
We have not been able to get the custom path to work with the vault.kubernetesLogin()
method and have been making our own request as @EZEDSEA has suggested.
This can be controlled by the param mount_point as in the example here: https://github.com/kr1sp1n/node-vault/blob/70097269d35a58bb560b5290190093def96c87b1/example/auth_kubernetes.js#L17
The other issue I have is that I would like to add a namespace to the URL as well - like here: <vault_domain>/v1/<name_space>/auth/<mountpoint>/login
.
ok it looks like support for namespaces have been added already: https://github.com/kr1sp1n/node-vault/pull/137
This can be controlled by the param mount_point as in the example here:
https://github.com/kr1sp1n/node-vault/blob/70097269d35a58bb560b5290190093def96c87b1/example/auth_kubernetes.js#L17
enableAuth
makes a POST request to /sys/auth/{{mount_point}}
to create an auth method on the Vault server. This seems like it a) would require authenticating as a privileged user via a different auth method before enableAuth()
could succeed, and b) does not address the more common use case of authenticating against an existing auth method with a non-standard mount point. But I could just be misunderstanding the example.
Hey folks :) I'm trying to cleanup all the issues; Is this issue still a thing? is a feature/fix needed?
hi!
where I can apply the configuration so that my Vault agent authenticates in an API request, for example at: http://vault.vault.svc:8200/v1/auth/kubernetes/myk8s/login instead of: http:// vault.vault.svc:8200/v1/auth/kubernetes/login
Eu também posso ter encontrado isso, ainda não tenho certeza (ainda solucionando problemas).
A maneira como interpreto a documentação parece indicar que isso deve ser suportado? https://github.com/kr1sp1n/node-vault/blob/master/features.md#vaultkuberneteslogin
Editar: funcionou usando esse recurso.
As you did ?
vault.kubernetesLogin POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/login
since its quite old cannot says you can use it now but to any one new you can use the fix i did. You can download the repo in your local and run npm pack
use the tarball created in your projects with entry in package.json using the tarball for node vault
"node-vault": "file:<generated-in-above.tgz>"
@pankaj-jain11 heya! would you be able to PR this? I'll merge it asap
@aviadhahami https://github.com/nodevault/node-vault/pull/245
@pjlucy merged this - thanks!
edit --> one of the CIs failed (the trufflehog🐖 ); please ignore it as I fixed it in https://github.com/nodevault/node-vault/commit/922f847cdf7e3b09317fc2029362bc37f7eb6d4a
@pjlucy can I close this issue?
Thanks for the merge :)
This can be closed