External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 11:11:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

Use proper headers to auth with Vault

Browse Source 
Reading examples at
https://learn.hashicorp.com/vault/getting-started/apis show needing to
use `X-Vault-Token` header, instead of `Authorization`. Without this
header, the vault server would return a 400 status with an error message
of "missing client token". With this change AWX is now able to interface
with the Hashicorp backend.
This commit is contained in:
Jesse Keating
2019-09-18 12:26:47 -07:00
parent 686d4fe26f
commit b3c264bf21
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/credential_plugins/hashivault.py
View File

@@ -102,7 +102,7 @@ def kv_backend(**kwargs):
request_kwargs['verify'] = create_temporary_fifo(cacert.encode())
sess = requests.Session()
sess.headers['Authorization'] = 'Bearer {}'.format(token)
sess.headers['X-Vault-Token'] = token
if api_version == 'v2':
if kwargs.get('secret_version'):
@@ -157,7 +157,7 @@ def ssh_backend(**kwargs):
request_kwargs['json']['valid_principals'] = kwargs['valid_principals']
sess = requests.Session()
sess.headers['Authorization'] = 'Bearer {}'.format(token)
sess.headers['X-Vault-Token'] = token
# https://www.vaultproject.io/api/secret/ssh/index.html#sign-ssh-key
request_url = '/'.join([url, secret_path, 'sign', role]).rstrip('/')
resp = sess.post(request_url, **request_kwargs)