Module: Legion::Crypt::LdapAuth

Includes:
Logging::Helper
Included in:
Legion::Crypt
Defined in:
lib/legion/crypt/ldap_auth.rb

Constant Summary

Constants included from Logging::Helper

Logging::Helper::CompatLogger

Instance Method Summary collapse

Methods included from Logging::Helper

#handle_exception, #log

Instance Method Details

#ldap_login(cluster_name:, username:, password:) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/legion/crypt/ldap_auth.rb', line 10

def (cluster_name:, username:, password:)
  cluster_name = cluster_name.to_sym
  log.info "LDAP login requested user=#{username} cluster=#{cluster_name}"
  client = vault_client(cluster_name)
  secret = client.logical.write("auth/ldap/login/#{username}", password: password)
  auth = secret.auth
  token = auth.client_token

  clusters[cluster_name][:token] = token
  clusters[cluster_name][:connected] = true
  client.token = token if client.respond_to?(:token=)

  log.info "LDAP login success: user=#{username}, cluster=#{cluster_name}"
  { token: token, lease_duration: auth.lease_duration,
    renewable: auth.renewable?, policies: auth.policies }
rescue StandardError => e
  handle_exception(e, level: :error, operation: 'crypt.ldap_auth.ldap_login', cluster_name: cluster_name, username: username)
  log.error "LDAP login failed: user=#{username}, cluster=#{cluster_name}: #{e.message}"
  raise
end

#ldap_login_all(username:, password:) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/legion/crypt/ldap_auth.rb', line 31

def (username:, password:)
  results = {}
  clusters.each do |name, config|
    next unless config[:auth_method] == 'ldap'

    results[name] = (cluster_name: name, username: username, password: password)
  rescue StandardError => e
    handle_exception(e, level: :warn, operation: 'crypt.ldap_auth.ldap_login_all', cluster_name: name, username: username)
    log.warn("Legion::Crypt::LdapAuth#ldap_login_all cluster=#{name} failed: #{e.message}")
    results[name] = { error: e.message }
  end
  log.info "LDAP login_all complete successes=#{results.count { |_, result| result.is_a?(Hash) && !result.key?(:error) }} attempted=#{results.size}"
  results
end