public async Task <LoginResult> LoginAsync(string url, ILogger log, CancellationToken cancellationToken = default)
{
var client = new VaultApi(url);
client.Token = Token;
var response = await client.ReadAsync <TokenLookupResponse>("auth/token/lookup-self", cancellationToken);
if (response?.Data == null)
{
throw new Exception("Response or response.Data was null.");
}
var secretAuth = new SecretAuth
{
Accessor = response.Data.Accessor,
ClientToken = response.Data.Id,
LeaseDuration = response.Data.Ttl,
Policies = response.Data.Policies,
Metadata = response.Data.Metadata,
};
return(new LoginResult
{
Client = client,
SecretAuth = secretAuth
});
}
public async Task <LoginResult> LoginAsync(string url, ILogger log, CancellationToken cancellationToken = default)
{
log = log ?? NullLogger.Instance;
if (string.IsNullOrEmpty(Role))
{
throw new InvalidOperationException("Kubernetes service token found, but settings.KubernetesRole was empty.");
}
if (!File.Exists(KubernetesTokenPath))
{
throw new InvalidOperationException("no file at kubernetes token path");
}
log.LogInformation("Found kubernetes service account token, will use it to authenticate to Vault.");
var token = File.ReadAllText(KubernetesTokenPath);
var kubeRequest = new Dictionary <string, string>
{
["role"] = Role,
["jwt"] = token
};
var loginPath = $"{Mount.TrimEnd('/')}/login";
try
{
var client = new VaultApi(url);
var authResponse = await client.WriteAsync <Dictionary <string, object> >(loginPath, kubeRequest, cancellationToken);
client.Token = authResponse.Auth.ClientToken;
return(new LoginResult
{
SecretAuth = authResponse.Auth,
Client = client
});
}
catch (Exception ex)
{
throw new Exception($"Error logging in using kubernetes mount '{Mount}' and role '{Role}'.", ex);
}
}
