The current token reading that edgexproxy performs assumes the basic structure of a token as returned from vault when creating a token and isn't compatible with specifying a root token format. I.e. on my machine this is what the resp-init.json (root token) looks like:
{
"keys": [
"abcdef",
"abcdef",
"abcdef",
"abcdef",
"abcdef"
],
"keys_base64": [
"abcdef",
"abcdef",
"abcdef",
"abcdef",
"abcdef"
],
"root_token": "s.abcdef"
}
while the kong-token.json (kong specific token) looks like this:
{
"request_id": "uuid",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": {
"client_token": "s.abcdef",
"accessor": "abcdef",
"policies": [
"default",
"kong"
],
"token_policies": [
"default",
"kong"
],
"metadata": null,
"lease_duration": 604800,
"renewable": true,
"entity_id": "",
"token_type": "service"
}
}
and the code for importing the token specified in the configuration.toml file (under the toml key secretservice.tokenpath) only looks for the .auth and then the client_token keys in the json file, hence assumes a specific token format and is unable to use the root-token format from resp-init.json.
If we want to be able to use the root token with edgexproxy we either would need to reorganize the token format of resp-init.json to be in line with the current token format, or we would need to write go code which would be able to read both the root token format and this other token format.
The current token reading that edgexproxy performs assumes the basic structure of a token as returned from vault when creating a token and isn't compatible with specifying a root token format. I.e. on my machine this is what the resp-init.json (root token) looks like:
{ "keys": [ "abcdef", "abcdef", "abcdef", "abcdef", "abcdef" ], "keys_base64": [ "abcdef", "abcdef", "abcdef", "abcdef", "abcdef" ], "root_token": "s.abcdef" }while the kong-token.json (kong specific token) looks like this:
{ "request_id": "uuid", "lease_id": "", "renewable": false, "lease_duration": 0, "data": null, "wrap_info": null, "warnings": null, "auth": { "client_token": "s.abcdef", "accessor": "abcdef", "policies": [ "default", "kong" ], "token_policies": [ "default", "kong" ], "metadata": null, "lease_duration": 604800, "renewable": true, "entity_id": "", "token_type": "service" } }and the code for importing the token specified in the configuration.toml file (under the toml key
secretservice.tokenpath) only looks for the.authand then theclient_tokenkeys in the json file, hence assumes a specific token format and is unable to use the root-token format from resp-init.json.If we want to be able to use the root token with edgexproxy we either would need to reorganize the token format of resp-init.json to be in line with the current token format, or we would need to write go code which would be able to read both the root token format and this other token format.