import os from flask import Flask from flask import Response from flask import request from hvac import Client from hvac.exceptions import InvalidRequest BIND_HOST = os.getenv("BIND_HOST", "0.0.0.0") BIND_PORT = int(os.getenv("BIND_PORT", "5000")) VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200") NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin") app = Flask(__name__) @app.route("/") def root(): # TODO: Render a basic page that checks for existance of token in local storage and displays form return f""" Login """ @app.route("/login", methods=["POST", "GET"]) def login(): if request.method == "GET": return f""" """ elif request.method == "POST": username, password = request.form["username"], request.form["password"] client = Client(VAULT_ADDR) try: client.auth.userpass.login(username, password) except InvalidRequest: return Response(response="Unauthorized", status=401) if not client.is_authenticated(): return Response(response="Unauthorized", status=401) role = request.form.get("role") nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}") nomad_token = nomad_creds["data"]["secret_id"] return f""" Logged in. Go back to Nomad """ app.run(host=BIND_HOST, port=BIND_PORT)