Allow role change and redirect
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
IamTheFij 2022-09-07 10:57:58 -07:00
parent 90478831fb
commit be5c4de062
2 changed files with 10 additions and 7 deletions

View File

@ -4,4 +4,4 @@ Shim service allowing authenticating a Nomad session using Vault
The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use. The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use.
It is, as of now, completely untested and may not work at all. Right now it appears to be working, but isn't super pretty and I have no written instructions.

15
main.py
View File

@ -31,9 +31,10 @@ def login():
<html> <html>
<body> <body>
<form action="/login" method="POST"> <form action="/login" method="POST">
Username <input type="text" name="username"/> <p>Username <input type="text" name="username"/></p>
Password <input type="password" name="password"/> <p>Password <input type="password" name="password"/></p>
<input type="submit" value="Submit"/> <p>Role <input type="text" name="role" value="admin"/></p>
<p><input type="submit" value="Submit"/></p>
</form> </form>
</html> </html>
""" """
@ -42,13 +43,15 @@ Password <input type="password" name="password"/>
username, password = request.form["username"], request.form["password"] username, password = request.form["username"], request.form["password"]
client.auth_userpass(username, password) client.auth_userpass(username, password)
assert client.is_authenticated() assert client.is_authenticated()
nomad_creds = client.read(f"nomad/creds/{NOMAD_ROLE}")
role = request.form.get("role")
nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}")
nomad_token = nomad_creds["data"]["secret_id"] nomad_token = nomad_creds["data"]["secret_id"]
return f""" return f"""
<html><head> <html><head>
<script>localStorage.setItem("nomadTokenSecret", "{nomad_token}");</script> <script>localStorage.setItem("nomadTokenSecret", "{nomad_token}"); window.location.replace("/ui/settings/tokens");</script>
</head> </head>
<body>Logged in. Go back now.</body></html> <body>Logged in. Go <a href="/ui/settings/tokens">back to Nomad</a></body></html>
""" """