Skip to content

Commit

Permalink
Merge pull request #157 from scalecube/add-vault-jwt-provider-env-var…
Browse files Browse the repository at this point in the history
…iable

Added new VAULT_JWT_PROVIDER env
  • Loading branch information
artem-v authored Apr 14, 2020
2 parents bdf714e + 864ee2a commit c367a99
Showing 1 changed file with 7 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,14 @@
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;

public class KubernetesVaultTokenSupplier implements VaultTokenSupplier {

private static final String VAULT_ROLE = "VAULT_ROLE";
private static final String VAULT_JWT_PROVIDER = "VAULT_JWT_PROVIDER";
private static final String DEFAULT_JWT_PROVIDER = "kubernetes";
private static final String SERVICE_ACCOUNT_TOKEN_PATH =
"/var/run/secrets/kubernetes.io/serviceaccount/token";

Expand All @@ -20,8 +23,11 @@ public String getToken(EnvironmentLoader environmentLoader, VaultConfig config)
String role = Objects.requireNonNull(environmentLoader.loadVariable(VAULT_ROLE), "vault role");
try {
String jwt = Files.lines(Paths.get(SERVICE_ACCOUNT_TOKEN_PATH)).collect(Collectors.joining());
String provider =
Optional.ofNullable(environmentLoader.loadVariable(VAULT_JWT_PROVIDER))
.orElse(DEFAULT_JWT_PROVIDER);
return Objects.requireNonNull(
new Vault(config).auth().loginByKubernetes(role, jwt).getAuthClientToken(),
new Vault(config).auth().loginByJwt(provider, role, jwt).getAuthClientToken(),
"vault token");
} catch (Exception e) {
throw ThrowableUtil.propagate(e);
Expand Down

0 comments on commit c367a99

Please sign in to comment.