node-vault Authenticating with K8s auth

Authenticating with K8s auth

Open wsierakowski opened this issue 3 years ago • 2 comments

I would like to authenticate with kubernetesLogin method in the way that I could specify:

endpoint (https://myendpoint)
namespace (mynamespace)
mountpoint (mymountpoint)
role (myrole)
jwt token (mytoken)

So that the request would be sent to the following URL:

<endpoint>/v1/<namespace>/auth/<mountpoint>/login for example: https://myendpoint/v1/mynamespace/auth/mymountpoint/login and send the token and role in the json body of the request.

Based on the example here: https://github.com/kr1sp1n/node-vault/blob/master/example/auth_kubernetes.js I tried to authenticate in the following way:

import Vault from 'node-vault';
const token = fs.readFileSync('/var/run/secrets/kubernetes.io/serviceaccount/token', 'utf8');

var options = {
  apiVersion: 'v1',
  endpoint: 'https://myendpoint',
  namespace: 'mynamespace',
  token
};

const vault = Vault(options);

var option2 = {
  mount_point: 'mymountpoint',
  type: 'kubernetes',
  description: 'Kubernetes auth',
};

vault.enableAuth(option2).then(() => vault.kubernetesLogin({ role: "myrole", jwt: token })).then(console.log).catch((err) => console.error(err.message));

This authentication is unsuccessful, when I debug the URL that is generated by the library, I see that it passes the following request object:

headers: {X-Vault-Token: "mytoken", X-Vault-Namespace: "mynamespace"}
json: {mount_point: "mymountpoint", type: "kubernetes", description: "Kubernetes auth"}
method: "POST"
path: "/sys/auth/mymountpoint"
uri: "https://myendpoint/v1/sys/auth/mymountpoint"

Again, I was expecting the uri in this format: https://myendpoint/v1/mynamespace/auth/mymountpoint/login.

Could someone provide an example of how to correctly authenticate to k8s?