Changing the default path of auth login like kubernetes

[EZEDSEA]

I'm wondering if there's a way to change the default path of the kubernetes login.

In the documentation, the CLI allows you to do it: https://www.vaultproject.io/docs/auth/kubernetes.html

Say for example I wanted to goto: auth/kubernetes-rancher/login

But I noticed in the code for this library, it's based on "mount_point" of some sort. But it's not clear to me how to set this beforehand.

Is this feature missing or am I just not understanding it correctly?

[whatever555]

having a similar issue here @EZEDSEA. Did you ever find a solution?

[EZEDSEA]

The solution we used was basically not use this library for auth login. We made a rest call instead to the endpoint we wanted. And then used this lib after auth.

[MPV]

I might have run into this also, not sure yet (still troubleshooting).

The way I interpret the documentation, it seems to indicate that this should be supported though? https://github.com/kr1sp1n/node-vault/blob/master/features.md#vaultkuberneteslogin

Edit: Got it to work by using that feature.

[bchrobot]

@MPV could you share how you got it to work with a custom path?

We have not been able to get the custom path to work with the vault.kubernetesLogin() method and have been making our own request as @EZEDSEA has suggested.

[wsierakowski]

This can be controlled by the param mount_point as in the example here: https://github.com/kr1sp1n/node-vault/blob/70097269d35a58bb560b5290190093def96c87b1/example/auth_kubernetes.js#L17

The other issue I have is that I would like to add a namespace to the URL as well - like here: <vault_domain>/v1/<name_space>/auth/<mountpoint>/login.

[wsierakowski]

ok it looks like support for namespaces have been added already: https://github.com/kr1sp1n/node-vault/pull/137

[bchrobot]

This can be controlled by the param mount_point as in the example here:

https://github.com/kr1sp1n/node-vault/blob/70097269d35a58bb560b5290190093def96c87b1/example/auth_kubernetes.js#L17

enableAuth makes a POST request to /sys/auth/{{mount_point}} to create an auth method on the Vault server. This seems like it a) would require authenticating as a privileged user via a different auth method before enableAuth() could succeed, and b) does not address the more common use case of authenticating against an existing auth method with a non-standard mount point. But I could just be misunderstanding the example.

[aviadhahami]

Hey folks :) I'm trying to cleanup all the issues; Is this issue still a thing? is a feature/fix needed?

[erivandosena]

hi!

where I can apply the configuration so that my Vault agent authenticates in an API request, for example at: http://vault.vault.svc:8200/v1/auth/kubernetes/myk8s/login instead of: http:// vault.vault.svc:8200/v1/auth/kubernetes/login

[erivandosena]

Eu também posso ter encontrado isso, ainda não tenho certeza (ainda solucionando problemas).

A maneira como interpreto a documentação parece indicar que isso deve ser suportado? https://github.com/kr1sp1n/node-vault/blob/master/features.md#vaultkuberneteslogin

Editar: funcionou usando esse recurso.

As you did ?

vault.kubernetesLogin POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/login

[pankaj-jain11]

since its quite old cannot says you can use it now but to any one new you can use the fix i did. You can download the repo in your local and run npm pack

use the tarball created in your projects with entry in package.json using the tarball for node vault

"node-vault": "file:<generated-in-above.tgz>"

[aviadhahami]

@pankaj-jain11 heya! would you be able to PR this? I'll merge it asap

[pjlucy]

@aviadhahami https://github.com/nodevault/node-vault/pull/245

[aviadhahami]

@pjlucy merged this - thanks!

edit --> one of the CIs failed (the trufflehog🐖 ); please ignore it as I fixed it in https://github.com/nodevault/node-vault/commit/922f847cdf7e3b09317fc2029362bc37f7eb6d4a

[aviadhahami]

@pjlucy can I close this issue?

[pjlucy]

Thanks for the merge :)

[pjlucy]

This can be closed