Oci auth method from golang code

eshneken · January 24, 2020, 12:25am

I am using the OCI auth method as described here and am looking for a programatic way (from golang code) to do the equivalent of vault login -method=oci auth_type=instance role=myrole.

My golang code looks something like this:
config := &api.Config{
Address: vaultAddr,
}
client, err := api.NewClient(config)
if err != nil {
fmt.Println(err)
return
}
client.SetToken(token)
c := client.Logical()
secret, err := c.Read(“secret/test”)

Suggestions for the best way to get the token using the OCI auth method?

briankassouf · January 24, 2020, 1:43am

Hi @eshneken,

It’s a large example, but this is the go code that actually powers the vault login -method=oci auth_type=instance role=myrole CLI command. You may be able to pull some useful snippets from it.

github.com

hashicorp/vault-plugin-auth-oci/blob/97c0c0187c5c7f8944a16efafaf1bce0610249c7/cli.go#L52-L73


func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, error) {
	role, ok := m["role"]
	if !ok {
		return nil, fmt.Errorf("Enter the role")
	}
	role = strings.ToLower(role)


	path := fmt.Sprintf(PathBaseFormat, role)
	signingPath := PathVersionBase + path


	loginData, err := CreateLoginData(c.Address(), m, signingPath)
	if err != nil {
		return nil, err
	}


	// Now try to login
	secret, err := c.Logical().Write(path, loginData)
	if err != nil {
		return nil, err
	}

This file has been truncated. show original

Hope this helps!

eshneken · January 24, 2020, 9:29pm

Thanks, that was definitely helpful. I poached some of the code from the cli.go and the oci_client.go to construct the request but the call to client.Logical().Write(…) returns a nil secret without any error. Any ideas on what could cause this or how to further debug?