1package cert 2 3import ( 4 "context" 5 "errors" 6 "fmt" 7 "net/http" 8 9 "github.com/hashicorp/go-hclog" 10 "github.com/hashicorp/vault/api" 11 "github.com/hashicorp/vault/command/agent/auth" 12) 13 14type certMethod struct { 15 logger hclog.Logger 16 mountPath string 17 name string 18} 19 20func NewCertAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) { 21 if conf == nil { 22 return nil, errors.New("empty config") 23 } 24 25 // Not concerned if the conf.Config is empty as the 'name' 26 // parameter is optional when using TLS Auth 27 28 c := &certMethod{ 29 logger: conf.Logger, 30 mountPath: conf.MountPath, 31 name: "", 32 } 33 34 if conf.Config != nil { 35 nameRaw, ok := conf.Config["name"] 36 if !ok { 37 nameRaw = "" 38 } 39 c.name, ok = nameRaw.(string) 40 if !ok { 41 return nil, errors.New("could not convert 'name' config value to string") 42 } 43 } 44 45 return c, nil 46} 47 48func (c *certMethod) Authenticate(_ context.Context, client *api.Client) (string, http.Header, map[string]interface{}, error) { 49 c.logger.Trace("beginning authentication") 50 51 authMap := map[string]interface{}{} 52 53 if c.name != "" { 54 authMap["name"] = c.name 55 } 56 57 return fmt.Sprintf("%s/login", c.mountPath), nil, authMap, nil 58} 59 60func (c *certMethod) NewCreds() chan struct{} { 61 return nil 62} 63 64func (c *certMethod) CredSuccess() {} 65 66func (c *certMethod) Shutdown() {} 67