From be5c4de0625d3f044cc96b6f9e6ddd76219f4fde Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Wed, 7 Sep 2022 10:57:58 -0700 Subject: [PATCH] Allow role change and redirect --- README.md | 2 +- main.py | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 73b287f..23b57d4 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,4 @@ Shim service allowing authenticating a Nomad session using Vault The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use. -It is, as of now, completely untested and may not work at all. +Right now it appears to be working, but isn't super pretty and I have no written instructions. diff --git a/main.py b/main.py index 657a392..63ad40e 100644 --- a/main.py +++ b/main.py @@ -31,9 +31,10 @@ def login():
-Username -Password - +

Username

+

Password

+

Role

+

""" @@ -42,13 +43,15 @@ Password username, password = request.form["username"], request.form["password"] client.auth_userpass(username, password) assert client.is_authenticated() - nomad_creds = client.read(f"nomad/creds/{NOMAD_ROLE}") + + role = request.form.get("role") + nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}") nomad_token = nomad_creds["data"]["secret_id"] return f""" - + -Logged in. Go back now. +Logged in. Go back to Nomad """