diff --git a/cmd/otter-cage/main.go b/cmd/otter-cage/main.go index fce2c8f..e291355 100644 --- a/cmd/otter-cage/main.go +++ b/cmd/otter-cage/main.go @@ -62,7 +62,8 @@ func main() { ginRouter := setupRouter(ctx) - vault.WhatAmI() + token := vault.GetJWTToken("b7dc7146-88ce-47ba-98c1-ea8184a49be1", "Ni49FqnH_GIi0EIfneuIxDNKm", "https://laughing-banach-ptdsgdxqjf.projects.oryapis.com/oauth2/token") + vault.VaultWithJWT(ctx, "", token) server := &http.Server{ Addr: ":8080", diff --git a/go.mod b/go.mod index 481a3ca..896d699 100644 --- a/go.mod +++ b/go.mod @@ -58,6 +58,7 @@ require ( golang.org/x/arch v0.11.0 // indirect golang.org/x/crypto v0.28.0 // indirect golang.org/x/net v0.30.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.8.0 // indirect diff --git a/go.sum b/go.sum index ad34216..32ec364 100644 --- a/go.sum +++ b/go.sum @@ -157,6 +157,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 3286524..bba96eb 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -2,6 +2,8 @@ package vault import ( "context" + "fmt" + "golang.org/x/oauth2/clientcredentials" "time" "github.com/hashicorp/vault-client-go" @@ -9,7 +11,54 @@ import ( log "github.com/sirupsen/logrus" ) -func WhatAmI() { +// GetJWTToken fetches the raw token using client credentials and returns the access token as a string. +func GetJWTToken(clientID string, clientSecret string, tokenURL string) string { + ctx := context.Background() + + clientCredsConfig := clientcredentials.Config{ + ClientID: clientID, + ClientSecret: clientSecret, + TokenURL: tokenURL, + } + + // Fetch the token using the client credentials + token, err := clientCredsConfig.TokenSource(ctx).Token() + if err != nil { + fmt.Printf("Error getting token: %v\n", err) + return "" + } + // Return the raw access token + return token.AccessToken +} + +func VaultWithJWT(ctx context.Context, roles string, jwt string) { + + // prepare a client with the given base address + client, err := vault.New( + vault.WithAddress("http://localhost:8200"), + vault.WithRequestTimeout(30*time.Second), + ) + if err != nil { + log.Fatal(err) + } + + request := schema.JwtLoginRequest{ + Jwt: jwt, + Role: roles, + } + + resp, err := client.Auth.JwtLogin(ctx, request) + if err != nil { + log.Fatal(resp, err) + } + + err = client.SetToken(resp.Auth.ClientToken) + if err != nil { + log.Fatal(err) + } +} + +func VaultWithToken() { // prepare a client with the given base address client, err := vault.New(