feat: change certmanage to approles
- created approle 'certmanager' using 'certmanager' policy - update certmanager script to generate token based on roleid
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env <%= @venv_path %>/bin/python
|
||||
#!<%= @venv_path %>/bin/python
|
||||
|
||||
import argparse
|
||||
import requests
|
||||
@@ -15,9 +15,28 @@ def load_config(config_path):
|
||||
config = yaml.safe_load(file)
|
||||
return config['vault']
|
||||
|
||||
def authenticate_approle(vault_config):
|
||||
url = f"{vault_config['addr']}/v1/auth/{vault_config['approle_path']}/login"
|
||||
payload = {
|
||||
"role_id": vault_config['role_id'],
|
||||
}
|
||||
response = requests.post(url, json=payload, verify=False)
|
||||
if response.status_code == 200:
|
||||
auth_response = response.json()
|
||||
return auth_response['auth']['client_token']
|
||||
else:
|
||||
print(f"Error authenticating with AppRole: {response.text}")
|
||||
return None
|
||||
|
||||
def request_certificate(common_name, alt_names, ip_sans, expiry_days, vault_config):
|
||||
# Authenticate using AppRole and get a token
|
||||
client_token = authenticate_approle(vault_config)
|
||||
if not client_token:
|
||||
print("Failed to authenticate with Vault using AppRole.")
|
||||
return None
|
||||
|
||||
url = f"{vault_config['addr']}/v1/{vault_config['mount_point']}/issue/{vault_config['role_name']}"
|
||||
headers = {'X-Vault-Token': vault_config['token']}
|
||||
headers = {'X-Vault-Token': client_token}
|
||||
payload = {
|
||||
"common_name": common_name,
|
||||
"alt_names": ",".join(alt_names),
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
vault:
|
||||
addr: '<%= @vault_config['addr'] %>'
|
||||
token: '<%= @vault_config['token'] %>'
|
||||
role_id: '<%= @vault_config['role_id'] %>'
|
||||
approle_path: '<%= @vault_config['approle_path'] %>'
|
||||
mount_point: '<%= @vault_config['mount_point'] %>'
|
||||
role_name: '<%= @vault_config['role_name'] %>'
|
||||
output_path: '<%= @vault_config['output_path'] %>'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user