public async Task <LoginResult> LoginAsync(string url, ILogger log, CancellationToken cancellationToken = default) { var client = new VaultApi(url); client.Token = Token; var response = await client.ReadAsync <TokenLookupResponse>("auth/token/lookup-self", cancellationToken); if (response?.Data == null) { throw new Exception("Response or response.Data was null."); } var secretAuth = new SecretAuth { Accessor = response.Data.Accessor, ClientToken = response.Data.Id, LeaseDuration = response.Data.Ttl, Policies = response.Data.Policies, Metadata = response.Data.Metadata, }; return(new LoginResult { Client = client, SecretAuth = secretAuth }); }
public async Task <LoginResult> LoginAsync(string url, ILogger log, CancellationToken cancellationToken = default) { log = log ?? NullLogger.Instance; if (string.IsNullOrEmpty(Role)) { throw new InvalidOperationException("Kubernetes service token found, but settings.KubernetesRole was empty."); } if (!File.Exists(KubernetesTokenPath)) { throw new InvalidOperationException("no file at kubernetes token path"); } log.LogInformation("Found kubernetes service account token, will use it to authenticate to Vault."); var token = File.ReadAllText(KubernetesTokenPath); var kubeRequest = new Dictionary <string, string> { ["role"] = Role, ["jwt"] = token }; var loginPath = $"{Mount.TrimEnd('/')}/login"; try { var client = new VaultApi(url); var authResponse = await client.WriteAsync <Dictionary <string, object> >(loginPath, kubeRequest, cancellationToken); client.Token = authResponse.Auth.ClientToken; return(new LoginResult { SecretAuth = authResponse.Auth, Client = client }); } catch (Exception ex) { throw new Exception($"Error logging in using kubernetes mount '{Mount}' and role '{Role}'.", ex); } }