Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Commit

Permalink
Due to hashicorp/vault#1401, create-orphan has some issues. Use /crea…
Browse files Browse the repository at this point in the history
…te with no_parent instead; because we should have a sudo'd token (to create tokens with any policy) it doesn't matter. In the future, operators may want to use create-token and instead of using a sudo'd token, providing gatekeeper with a token that has all the policies that it may want to hand out.
  • Loading branch information
nemosupremo committed May 12, 2016
1 parent 1c1a42f commit f5fade4
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ var usedTaskIds = NewTtlSet()

func createToken(token string, opts interface{}) (string, error) {
r, err := goreq.Request{
Uri: vaultPath("/v1/auth/token/create-orphan", ""),
Uri: vaultPath("/v1/auth/token/create", ""),
Method: "POST",
Body: opts,
}.WithHeader("X-Vault-Token", token).Do()
Expand Down Expand Up @@ -46,15 +46,22 @@ func createToken(token string, opts interface{}) (string, error) {

func createTokenPair(token string, p *policy) (string, error) {
tempTokenOpts := struct {
Ttl string `json:"ttl"`
NumUses int `json:"num_uses"`
}{"10m", 2}
Ttl string `json:"ttl"`
NumUses int `json:"num_uses"`
Policies []string `json:"policies"`
NoParent bool `json:"no_parent"`
}{"10m", 2, []string{"default"}, true}
pol := p.Policies
if len(pol) == 0 { // explicitly set the policy, else the token will inherit ours
pol = []string{"default"}
}
permTokenOpts := struct {
Ttl string `json:"ttl,omitempty"`
Policies []string `json:"policies"`
Meta map[string]string `json:"meta,omitempty"`
NumUses int `json:"num_uses"`
}{time.Duration(time.Duration(p.Ttl) * time.Second).String(), p.Policies, p.Meta, p.NumUses}
NoParent bool `json:"no_parent"`
}{time.Duration(time.Duration(p.Ttl) * time.Second).String(), pol, p.Meta, p.NumUses, true}

if tempToken, err := createToken(token, tempTokenOpts); err == nil {
if permToken, err := createToken(token, permTokenOpts); err == nil {
Expand Down

0 comments on commit f5fade4

Please sign in to comment.