Allow role change and redirect
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
90478831fb
commit
be5c4de062
@ -4,4 +4,4 @@ Shim service allowing authenticating a Nomad session using Vault
|
|||||||
|
|
||||||
The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use.
|
The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use.
|
||||||
|
|
||||||
It is, as of now, completely untested and may not work at all.
|
Right now it appears to be working, but isn't super pretty and I have no written instructions.
|
||||||
|
15
main.py
15
main.py
@ -31,9 +31,10 @@ def login():
|
|||||||
<html>
|
<html>
|
||||||
<body>
|
<body>
|
||||||
<form action="/login" method="POST">
|
<form action="/login" method="POST">
|
||||||
Username <input type="text" name="username"/>
|
<p>Username <input type="text" name="username"/></p>
|
||||||
Password <input type="password" name="password"/>
|
<p>Password <input type="password" name="password"/></p>
|
||||||
<input type="submit" value="Submit"/>
|
<p>Role <input type="text" name="role" value="admin"/></p>
|
||||||
|
<p><input type="submit" value="Submit"/></p>
|
||||||
</form>
|
</form>
|
||||||
</html>
|
</html>
|
||||||
"""
|
"""
|
||||||
@ -42,13 +43,15 @@ Password <input type="password" name="password"/>
|
|||||||
username, password = request.form["username"], request.form["password"]
|
username, password = request.form["username"], request.form["password"]
|
||||||
client.auth_userpass(username, password)
|
client.auth_userpass(username, password)
|
||||||
assert client.is_authenticated()
|
assert client.is_authenticated()
|
||||||
nomad_creds = client.read(f"nomad/creds/{NOMAD_ROLE}")
|
|
||||||
|
role = request.form.get("role")
|
||||||
|
nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}")
|
||||||
nomad_token = nomad_creds["data"]["secret_id"]
|
nomad_token = nomad_creds["data"]["secret_id"]
|
||||||
return f"""
|
return f"""
|
||||||
<html><head>
|
<html><head>
|
||||||
<script>localStorage.setItem("nomadTokenSecret", "{nomad_token}");</script>
|
<script>localStorage.setItem("nomadTokenSecret", "{nomad_token}"); window.location.replace("/ui/settings/tokens");</script>
|
||||||
</head>
|
</head>
|
||||||
<body>Logged in. Go back now.</body></html>
|
<body>Logged in. Go <a href="/ui/settings/tokens">back to Nomad</a></body></html>
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user