nomad-vault-login/main.py

import os

from flask import Flask
from flask import request
from hvac import Client


VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200")
NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin")


app = Flask(__name__)


@app.route('/')
def root():
    # TODO: Render a basic page that checks for existance of token in local storage and displays form
    return f"""
<html>
<body>
<a href="/login">Login</a>
</form>
</html>
"""


@app.route("/login", methods=["POST", "GET"])
def login():
    if request.method == "GET":
        return f"""
<html>
<body>
<form action="/login" method="POST">
<p>Username <input type="text" name="username"/></p>
<p>Password <input type="password" name="password"/></p>
<p>Role <input type="text" name="role" value="admin"/></p>
<p><input type="submit" value="Submit"/></p>
</form>
</html>
"""
    elif request.method == "POST":
        client = Client(VAULT_ADDR)
        username, password = request.form["username"], request.form["password"]
        client.auth_userpass(username, password)
        assert client.is_authenticated()

        role = request.form.get("role")
        nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}")
        nomad_token = nomad_creds["data"]["secret_id"]
        return f"""
<html><head>
<script>localStorage.setItem("nomadTokenSecret", "{nomad_token}"); window.location.replace("/ui/settings/tokens");</script>
</head>
<body>Logged in. Go <a href="/ui/settings/tokens">back to Nomad</a></body></html>
"""


app.run(host="0.0.0.0", port=5000)
WIP: Initial WIP 2022-09-06 20:13:26 +00:00			`import os`

			`from flask import Flask`
			`from flask import request`
			`from hvac import Client`


			`VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200")`
			`NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin")`


			`app = Flask(__name__)`


			`@app.route('/')`
			`def root():`
			`# TODO: Render a basic page that checks for existance of token in local storage and displays form`
			`return f"""`
			`<html>`
			`<body>`
			`<a href="/login">Login</a>`
			`</form>`
			`</html>`
			`"""`


			`@app.route("/login", methods=["POST", "GET"])`
			`def login():`
			`if request.method == "GET":`
			`return f"""`
			`<html>`
			`<body>`
			`<form action="/login" method="POST">`
Allow role change and redirect 2022-09-07 17:57:58 +00:00			`<p>Username <input type="text" name="username"/></p>`
			`<p>Password <input type="password" name="password"/></p>`
			`<p>Role <input type="text" name="role" value="admin"/></p>`
			`<p><input type="submit" value="Submit"/></p>`
WIP: Initial WIP 2022-09-06 20:13:26 +00:00			`</form>`
			`</html>`
			`"""`
			`elif request.method == "POST":`
			`client = Client(VAULT_ADDR)`
			`username, password = request.form["username"], request.form["password"]`
			`client.auth_userpass(username, password)`
			`assert client.is_authenticated()`
Allow role change and redirect 2022-09-07 17:57:58 +00:00
			`role = request.form.get("role")`
			`nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}")`
WIP: Initial WIP 2022-09-06 20:13:26 +00:00			`nomad_token = nomad_creds["data"]["secret_id"]`
			`return f"""`
			`<html><head>`
Allow role change and redirect 2022-09-07 17:57:58 +00:00			`<script>localStorage.setItem("nomadTokenSecret", "{nomad_token}"); window.location.replace("/ui/settings/tokens");</script>`
WIP: Initial WIP 2022-09-06 20:13:26 +00:00			`</head>`
Allow role change and redirect 2022-09-07 17:57:58 +00:00			`<body>Logged in. Go <a href="/ui/settings/tokens">back to Nomad</a></body></html>`
WIP: Initial WIP 2022-09-06 20:13:26 +00:00			`"""`


			`app.run(host="0.0.0.0", port=5000)`