not all options passed to createToken

chiefy / vaulted

nodejs based wrapper for HashiCorp's Vault HTTP API

https://chiefy.github.io/vaulted

MIT License

47 stars 6 forks source link

not all options passed to createToken #55

Closed jmls closed 8 years ago

jmls commented 8 years ago

I have this code

 vault.createToken({
            body: {
                id: "x__" + uuid.v4(),
                policies: ["xyz"],
                meta: { working: true},
                display_name: "foobar",
                num_uses: 42,
                no_default_profile: true
            }
        })
 .then(function(result) {
            debug("------->>",result)

that gives this result

------->> +6ms { lease_id: '',
  renewable: false,
  lease_duration: 0,
  data: null,
  warnings: [ 'policy "xyz" does not exist' ],
  auth: 
   { client_token: 'x__e1976131-814d-49f4-bbed-d7dffe7ff8d4',
     policies: [ 'xyz', 'default' ],
     metadata: { working: '1' },
     lease_duration: 2592000,
     renewable: true } }

as you can see, display_name and num_uses don't seem to be present in the returned token, and the no_default_profile flag is ignored. There is a common thread, in that all "ignored" options seem to have underscores in them ...

kenjones-cisco commented 8 years ago

Based on the Vault documentation, those values are not part of the result: https://vaultproject.io/docs/auth/token.html

To get those items you would have to do a lookup of the token after it is created.

jmls commented 8 years ago

oh. wow. I've been trying this like for an hour. I have been trying the lookup-self and did not see the data - I have no idea why I am seeing this now ...

http://myserver:8200/v1/auth/token/lookup-self -H "X-Vault-Token: x__e1976131-814d-49f4-bbed-d7dffe7ff8d4"                                                                                                                                                                
{"lease_id":"","renewable":false,"lease_duration":0,"data":{"creation_time":1451511181,"display_name":"token-foobar","id":"x__e1976131-814d-49f4-bbed-d7dffe7ff8d4","meta":{"working":"1"},"num_uses":42,"orphan":false,"path":"auth/token/create","policies":["xyz","default"],"ttl":2592000},"warnings":null,"auth":null}

the only thing I see "wrong" now is that the default policy has still been added

thanks, sorry for the waste of time on the other parts ..

kenjones-cisco commented 8 years ago

I wonder if that is because you are using the root token to create the token, as to why maybe it is forcing the default as part of the policies.

jmls commented 8 years ago

probably.