diff --git a/path_login.go b/path_login.go index 0deb98a..30c98a3 100644 --- a/path_login.go +++ b/path_login.go @@ -8,7 +8,6 @@ import ( "fmt" "net/http" "strings" - "time" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" @@ -104,9 +103,9 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew return logical.ErrorResponse("missing vmname"), nil } - role := d.Get("role").(string) + roleName := d.Get("role").(string) - if role == "" { + if roleName == "" { return logical.ErrorResponse("missing role"), nil } @@ -143,7 +142,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew return logical.ErrorResponse("Invalid VM name"), nil } - if role != vmoutput.Role { + if roleName != vmoutput.Role { return logical.ErrorResponse("Invalid role"), nil } @@ -155,30 +154,26 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew return logical.ErrorResponse("Invalid secret key"), nil } - vmdata, _ := b.role(ctx, req.Storage, role) + role, _ := b.role(ctx, req.Storage, roleName) - policies := vmdata.Policies + policies := role.TokenPolicies - resp := &logical.Response{ - Auth: &logical.Auth{ - Metadata: map[string]string{ - "vmname": vmname, - "policies": strings.Join(policies, ","), - }, - DisplayName: vmname, - LeaseOptions: logical.LeaseOptions{ - TTL: 30 * time.Minute, - MaxTTL: 60 * time.Minute, - Renewable: true, - }, - Alias: &logical.Alias{ - Name: vmname, - }, + auth := &logical.Auth{ + Metadata: map[string]string{ + "vmname": vmname, + "policies": strings.Join(policies, ","), + }, + DisplayName: vmname, + Alias: &logical.Alias{ + Name: vmname, }, } - resp.Auth.Policies = append(resp.Auth.Policies, policies...) - return resp, nil + role.PopulateTokenAuth(auth) + + return &logical.Response{ + Auth: auth, + }, nil } const pathLoginSyn = ` diff --git a/path_roles.go b/path_roles.go index 3d18d95..69534e9 100644 --- a/path_roles.go +++ b/path_roles.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/policyutil" + "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" ) @@ -24,17 +25,17 @@ func pathListRoles(b *backend) *framework.Path { } func pathRoles(b *backend) *framework.Path { - return &framework.Path{ + p := &framework.Path{ Pattern: "role/" + framework.GenericNameRegex("role"), Fields: map[string]*framework.FieldSchema{ "role": { Type: framework.TypeString, Description: "Role associated with the virtual machine.", }, - "policies": { Type: framework.TypeCommaStringSlice, - Description: "Comma-separated list of policies associated to the vm.", + Description: tokenutil.DeprecationText("token_policies"), + Deprecated: true, }, }, @@ -48,6 +49,9 @@ func pathRoles(b *backend) *framework.Path { HelpSynopsis: pathUserHelpSyn, HelpDescription: pathUserHelpDesc, } + + tokenutil.AddTokenFields(p.Fields) + return p } func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { @@ -131,8 +135,11 @@ func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *fra // RoleEntry stores all the options that are set on a VM type RoleEntry struct { - Role string - Policies []string + tokenutil.TokenParams + // Role is the role name + Role string + // Deprecated by TokenParams + Policies []string `json:"policies"` } const pathUserHelpSyn = `