iamthefij/nomad-vault-login
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update instructions
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
IamTheFij 2022-09-11 21:22:37 -07:00
parent be5c4de062
commit fc2b205260
3 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -7,4 +7,9 @@ RUN pip install --no-cache-dir -r ./requirements.txt
COPY ./main.py /app/ COPY ./main.py /app/
ENV BIND_HOST=0.0.0.0
ENV BIND_PORT=500
EXPOSE 5000
CMD ["python", "main.py"] CMD ["python", "main.py"]

20
README.md
View File

@ -2,6 +2,22 @@
Shim service allowing authenticating a Nomad session using Vault Shim service allowing authenticating a Nomad session using Vault
The idea is that this service would be run along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It would then provide a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use. This service would runs along side Nomad and Vault and proxied on the same hostname so it can write to localstorage. It then provides a form to allow authentication with Vault and then will retrieve the token and store that in the browser for Nomad to use.
Right now it appears to be working, but isn't super pretty and I have no written instructions. ## Instructions
You can configure the service through environment variables.
* `BIND_HOST`: Host to bind the server on. Defaults to `0.0.0.0`.
* `BIND_PORT`: Port to bind the server on. Defaults to `5000`.
* `VAULT_ADDR`: Address where we can find Vault. Defaults to `http://127.0.0.1:8200`.
* `NOMAD_ROLE`: Default Nomad role to request from Vault. Defaults to `admin`.
Example Caddyfile
```caddyfile
nomad.example.com {
reverse_proxy /login localhost:5000
reverse_proxy localhost:4646
}
```

7
main.py
View File

@ -5,6 +5,9 @@ from flask import request
from hvac import Client from hvac import Client
BIND_HOST = os.getenv("BIND_HOST", "0.0.0.0")
BIND_PORT = int(os.getenv("BIND_PORT", "5000"))
VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200") VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200")
NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin") NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin")
@ -12,7 +15,7 @@ NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin")
app = Flask(__name__) app = Flask(__name__)
@app.route('/') @app.route("/")
def root(): def root():
# TODO: Render a basic page that checks for existance of token in local storage and displays form # TODO: Render a basic page that checks for existance of token in local storage and displays form
return f""" return f"""
@ -55,4 +58,4 @@ def login():
""" """
app.run(host="0.0.0.0", port=5000) app.run(host=BIND_HOST, port=BIND_PORT)