vault_client_auth_github {vaultr}R Documentation

Vault GitHub Authentication Configuration

Description

Vault GitHub Authentication Configuration

Vault GitHub Authentication Configuration

Details

Interact with vault's GitHub authentication backend. For more details, please see the vault documentation at https://developer.hashicorp.com/vault/docs/auth/github

Super class

vaultr::vault_client_object -> vault_client_auth_github

Methods

Public methods

Inherited methods

Method new()

Create a vault_client_github object. Not typically called by users.

Usage
vault_client_auth_github$new(api_client, mount)
Arguments
api_client

A vault_api_client object

mount

Mount point for the backend

Method custom_mount()

Set up a vault_client_auth_github object at a custom mount. For example, suppose you mounted the github authentication backend at ⁠/github-myorg⁠ you might use gh <- vault$auth$github2$custom_mount("/github-myorg") - this pattern is repeated for other secret and authentication backends.

Usage
vault_client_auth_github$custom_mount(mount)
Arguments
mount

String, indicating the path that the engine is mounted at.

Method configure()

Configures the connection parameters for GitHub-based authentication.

Usage
vault_client_auth_github$configure(
  organization,
  base_url = NULL,
  ttl = NULL,
  max_ttl = NULL
)
Arguments
organization

The organization users must be part of (note American spelling).

base_url

The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.

ttl

Duration after which authentication will be expired

max_ttl

Maximum duration after which authentication will be expired

Method configuration()

Reads the connection parameters for GitHub-based authentication.

Usage
vault_client_auth_github$configuration()

Method write()

Write a mapping between a GitHub team or user and a set of vault policies.

Usage
vault_client_auth_github$write(team_name, policies, user = FALSE)
Arguments
team_name

String, with the GitHub team name

policies

A character vector of vault policies that this user or team will have for vault access if they match this team or user.

user

Scalar logical - if TRUE, then team_name is interpreted as a user instead.

Method read()

Write a mapping between a GitHub team or user and a set of vault policies.

Usage
vault_client_auth_github$read(team_name, user = FALSE)
Arguments
team_name

String, with the GitHub team name

user

Scalar logical - if TRUE, then team_name is interpreted as a user instead.

Method login()

Log into the vault using GitHub authentication. Normally you would not call this directly but instead use ⁠$login⁠ with method = "github" and proving the token argument. This function returns a vault token but does not set it as the client token.

Usage
vault_client_auth_github$login(token = NULL)
Arguments
token

A GitHub token to authenticate with.

Examples

server <- vaultr::vault_test_server(if_disabled = message)
token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
if (!is.null(server) && nzchar(token)) {
  client <- server$client()

  client$auth$enable("github")
  # To enable login for members of the organisation "example":
  client$auth$github$configure(organization = "example")
  # To map members of the "robots" team *within* that organisation
  # to the "defaut" policy:
  client$auth$github$write("development", "default")

  # Once configured like this, if we have a PAT for a member of
  # the "development" team saved as an environment variable
  # "VAULT_AUTH_GITHUB_TOKEN" then doing
  #
  #   vaultr::vault_client(addr = ..., login = "github")
  #
  # will contact GitHub to verify the user token and vault will
  # then issue a client token

  # cleanup
  server$kill()
}
[Package vaultr version 1.2.0 Index]