// authenticate with the remote client
func authenticate(c *vaultapi.Client, authType string, params map[string]string) (err error) {
var secret *vaultapi.Secret
// handle panics gracefully by creating an error
// this would happen when we get a parameter that is missing
defer panicToError(&err)
switch authType {
case "app-id":
secret, err = c.Logical().Write("/auth/app-id/login", map[string]interface{}{
"app_id": getParameter("app-id", params),
"user_id": getParameter("user-id", params),
})
case "github":
secret, err = c.Logical().Write("/auth/github/login", map[string]interface{}{
"token": getParameter("token", params),
})
case "token":
c.SetToken(getParameter("token", params))
secret, err = c.Logical().Read("/auth/token/lookup-self")
case "userpass":
username, password := getParameter("username", params), getParameter("password", params)
secret, err = c.Logical().Write(fmt.Sprintf("/auth/userpass/login/%s", username), map[string]interface{}{
"password": password,
})
}
if err != nil {
return err
}
// if the token has already been set
if c.Token() != "" {
return nil
}
log.Debug("client authenticated with auth backend: %s", authType)
// the default place for a token is in the auth section
// otherwise, the backend will set the token itself
c.SetToken(secret.Auth.ClientToken)
return nil
}