support for vault approle authentication #74
Conversation
Signed-off-by: alexshe <alexshe@wix.com>
AlexShemeshWix
force-pushed
the
master
branch
from
667204f
to
dba08e8
Compare
Codecov Report
@@ Coverage Diff @@
## master #74 +/- ##
=========================================
+ Coverage 82.86% 82.97% +0.1%
=========================================
Files 23 23
Lines 1418 1427 +9
=========================================
+ Hits 1175 1184 +9
Misses 243 243
Continue to review full report at Codecov.
|
|
Thanks @AlexShemeshWix It looks generally good but I'll have to try it to fully apprehend how it works. Also, It'll have to be part of an RC2 of the chaostoolkit-lib I believe. Be patient as this might take a few days since it's holiday season here. Thanks. |
|
Yes. Take your time. Ive implemented the dirty hack of actually retriving token and injecting it to env var before i run chaos test. So its no hurry. |
|
I see. I will try but you may be right, it may not work really well and needs fixing! |
|
I'm finally going to have some time soon to look at it! Thanks for your patience @AlexShemeshWix |
| url = configuration.get("vault_addr") | ||
| client = hvac.Client(url=url) | ||
|
|
||
| if "vault_token" in configuration.keys(): |
There was a problem hiding this comment.
This should be written
if "vault_token" in configuration:|
|
||
| if "vault_token" in configuration.keys(): | ||
| client.token = configuration.get("vault_token") | ||
| elif "vault_role_id" in configuration.keys() and \ |
There was a problem hiding this comment.
This should be written
if "vault_role_id" in configuration and "vault_role_secret" in configuration:
Its in the best practices of Hashicorp Vault to authenticate with time limited tokens received from approle auth endpoint.