libvault v0.2.0 Vault.Auth.Adapter behaviour

Adapter interface for authenticating with vault.

Writing your own adapter

Auth adapters are pretty simple. You build a url, map the parameters, and grab the response. Feel free to use the provided Vault.HTTP module to make http requests against your vault instance.

In most cases, you’ll end up sending a POST to auth/SOME_BACKEND/login, and pass the parameters along as a body. Below, you’ll find a starting template for your own adapter. If you’re writing an official implementation, check the Docs link below for the spec.

Vault Auth Method Docs

defmodule Vault.Auth.MyAuth do

  @behaviour Vault.Auth.Adapter
  @impl true

  def login(%Vault{} = vault, %{username: _, password: _} = params) do

    headers = [
      {"Content-Type", "application/json"},
      {"Accept", "application/json"}
    ]

    url = "auth/MY_NEW_AUTH/login"

    request_options =  [body: %{ password: password }, headers: headers]
    with {:ok, response} <- Vault.HTTP.post(vault, url, request_options) do
      case response do
        %{"errors" => messages} ->
          {:error, messages}

        %{"auth" => %{"client_token" => token, "lease_duration" => ttl}} ->
          {:ok, token, ttl}

        otherwise ->
          {:error, ["Unexpected response from vault.", inspect(otherwise)]}
      end
    else
      {:error, response} ->
        {:error, ["Http adapter error", inspect(response)]}
    end
  end

  def login(%Vault{http: http, host: host}, _params), 
    do: {:error, ["Missing params! Username and password are required."]}
end

Link to this section Summary

Link to this section Types

Link to this type errors()
errors() :: [term()]
Link to this type params()
params() :: map()
Link to this type response()
response() :: {:ok, token(), ttl()} | {:error, errors()}
Link to this type token()
token() :: String.t()
Link to this type ttl()
ttl() :: integer()
Link to this type vault()
vault() :: Vault.t()

Link to this section Callbacks

Link to this callback login(vault, params)
login(vault(), params()) :: response()