sambott
commented
5 years ago Not sure if this working example helps with https://github.com/wintoncode/vault-plugin-auth-kerberos/issues/22 ?
Closed sambott closed 5 years ago
sambott
commented
5 years ago Not sure if this working example helps with https://github.com/wintoncode/vault-plugin-auth-kerberos/issues/22 ?
sambott
commented
5 years ago FYI - @roederja2 @malnick
sambott
commented
5 years ago Sample (successful) run output:
[root@ip-10-201-36-229 ~]# ./scripts/integration_env.sh
18993244e2706bfe29c5cf18985aff88309e0eaca78aef81552de8f47c3f6fc8
add user 'vault_svc'
User 'vault_svc' created successfully
ktutil: addent -password -p vault_svc@MATRIX.LAN -k 2 -e rc4-hmac
Password for vault_svc@MATRIX.LAN:
ktutil: write_kt vault_svc.keytab
ktutil: ktutil: read_kt vault_svc.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 vault_svc@MATRIX.LAN
ktutil: add user 'grace'
User 'grace' created successfully
ktutil: addent -password -p grace@MATRIX.LAN -k 2 -e rc4-hmac
Password for grace@MATRIX.LAN:
ktutil: write_kt grace.keytab
ktutil: ktutil: read_kt grace.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 grace@MATRIX.LAN
ktutil: Success! Data written to: sys/plugins/catalog/auth/kerberos
Success! Enabled kerberos auth method at: kerberos/
Success! Data written to: auth/kerberos/config
Success! Data written to: auth/kerberos/config/ldap
/tmp/vault_plugin_tests/integration ~
~
Collecting requests-kerberos
Downloading https://files.pythonhosted.org/packages/ee/a2/866f2b9a60f75055137b9ad127033e397963b2c4769d4b5fab1c3c7e8be3/requests_kerberos-0.12.0-py2.py3-none-any.whl
Collecting requests>=1.1.0 (from requests-kerberos)
Downloading https://files.pythonhosted.org/packages/51/bd/23c926cd341ea6b7dd0b2a00aba99ae0f828be89d72b2190f27c11d4b7fb/requests-2.22.0-py2.py3-none-any.whl (57kB)
Collecting pykerberos<2.0.0,>=1.1.8; sys_platform != "win32" (from requests-kerberos)
Downloading https://files.pythonhosted.org/packages/9a/b8/1ec56b6fa8a2e2a81420bd3d90e70b59fc83f6b857fb2c2c37accddc8be3/pykerberos-1.2.1.tar.gz
Collecting cryptography>=1.3; python_version != "3.3" (from requests-kerberos)
Downloading https://files.pythonhosted.org/packages/97/18/c6557f63a6abde34707196fb2cad1c6dc0dbff25a200d5044922496668a4/cryptography-2.7-cp34-abi3-manylinux1_x86_64.whl (2.3MB)
Collecting chardet<3.1.0,>=3.0.2 (from requests>=1.1.0->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
Collecting urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 (from requests>=1.1.0->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/e6/60/247f23a7121ae632d62811ba7f273d0e58972d75e58a94d329d51550a47d/urllib3-1.25.3-py2.py3-none-any.whl (150kB)
Collecting idna<2.9,>=2.5 (from requests>=1.1.0->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl (58kB)
Collecting certifi>=2017.4.17 (from requests>=1.1.0->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/69/1b/b853c7a9d4f6a6d00749e94eb6f3a041e342a885b87340b79c1ef73e3a78/certifi-2019.6.16-py2.py3-none-any.whl (157kB)
Collecting asn1crypto>=0.21.0 (from cryptography>=1.3; python_version != "3.3"->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
Collecting cffi!=1.11.3,>=1.8 (from cryptography>=1.3; python_version != "3.3"->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/a0/ea/37fe21475c884f88a2ae496cab10e8f84f0cc11137be860af9eb37a3edb9/cffi-1.12.3-cp37-cp37m-manylinux1_x86_64.whl (430kB)
Collecting six>=1.4.1 (from cryptography>=1.3; python_version != "3.3"->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl
Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography>=1.3; python_version != "3.3"->requests-kerberos)
Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)
Building wheels for collected packages: pykerberos, pycparser
Building wheel for pykerberos (setup.py): started
Building wheel for pykerberos (setup.py): finished with status 'done'
Created wheel for pykerberos: filename=pykerberos-1.2.1-cp37-cp37m-linux_x86_64.whl size=74534 sha256=d0a0c30244911a6a6b618e39fc155e82b16c6592ecab69643d04d4b3bb330681
Stored in directory: /root/.cache/pip/wheels/c7/a7/07/d414c22754acf5822ccce48b41822142974ec103057c8305e7
Building wheel for pycparser (setup.py): started
Building wheel for pycparser (setup.py): finished with status 'done'
Created wheel for pycparser: filename=pycparser-2.19-py2.py3-none-any.whl size=111029 sha256=e0c1fba90adf7ad953d86ec470094746cee5e224f7302e2bb592f6614f64e162
Stored in directory: /root/.cache/pip/wheels/f2/9a/90/de94f8556265ddc9d9c8b271b0f63e57b26fb1d67a45564511
Successfully built pykerberos pycparser
Installing collected packages: chardet, urllib3, idna, certifi, requests, pykerberos, asn1crypto, pycparser, cffi, six, cryptography, requests-kerberos
Successfully installed asn1crypto-0.24.0 certifi-2019.6.16 cffi-1.12.3 chardet-3.0.4 cryptography-2.7 idna-2.8 pycparser-2.19 pykerberos-1.2.1 requests-2.22.0 requests-kerberos-0.12.0 six-1.12.0 urllib3-1.25.3
Vault token: s.y8WdrnkunVktxE875icyUAPP
56f0d91877781c5529a9339b27f6d7586c74bade4136a557dd7e32a0b1803642
fedcdfb5b6e8f0234b64f2480914f662dfb3d470a8f16b225c08173d40bfe55a
6beca2f7f765bd26439846964a7638264352076c4f0d8b42457cc09139c81e2b
matrix.lan
[root@ip-10-201-36-229 ~]# echo $?
0Important are the Vault token: s.y8WdrnkunVktxE875icyUAPP a few lines from the bottom and the 0 return value.
This PR introduces a script that simulates a Kerberos domain in a docker network. It starts a domain controller, vault and a client that authenticates using Kerberos.
This could be used as a simple integration test on its own. Ideally it would form the basis of an environment spin-up for a whole integration test suite in future.