import os from flask import Flask from flask import request from hvac import Client BIND_HOST = os.getenv("BIND_HOST", "0.0.0.0") BIND_PORT = int(os.getenv("BIND_PORT", "5000")) VAULT_ADDR = os.getenv("VAULT_ADDR", "http://127.0.0.1:8200") NOMAD_ROLE = os.getenv("NOMAD_ROLE", "admin") app = Flask(__name__) @app.route("/") def root(): # TODO: Render a basic page that checks for existance of token in local storage and displays form return f""" Login """ @app.route("/login", methods=["POST", "GET"]) def login(): if request.method == "GET": return f"""

Username

Password

Role

""" elif request.method == "POST": client = Client(VAULT_ADDR) username, password = request.form["username"], request.form["password"] client.auth_userpass(username, password) assert client.is_authenticated() role = request.form.get("role") nomad_creds = client.read(f"nomad/creds/{role or NOMAD_ROLE}") nomad_token = nomad_creds["data"]["secret_id"] return f""" Logged in. Go back to Nomad """ app.run(host=BIND_HOST, port=BIND_PORT)