Feature/add okta (#230)

* added support for Okta; changes are in conjunction with vaultkv

* Update main.go

* updated to use new vaultkv 0.5.0 tag

@thomasmitchell added tag 0.5.0 for `vaultkv` -- safe is now ready.

Co-authored-by: Stephanie Frantz <[email protected]>

Author: thehandsomezebra

README.md

@@ -70,11 +70,12 @@ To authenticate:
 safe auth [token]
 safe auth ldap
 safe auth github
+safe auth okta
 ```
 
 (Other authentication backends are not yet supported)
 
-For each type (token, ldap or github), you will be prompted for
+For each type (token, ldap, okta or github), you will be prompted for
 the necessary credentials to authenticated against the Vault.
 
 Usage

go.mod

@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
-	github.com/cloudfoundry-community/vaultkv v0.4.0
+	github.com/cloudfoundry-community/vaultkv v0.5.0
 	github.com/jhunt/go-ansi v0.0.0-20180630013815-403d5f0d9ccb
 	github.com/jhunt/go-cli v0.0.0-20170503201019-f04a1744b5e3
 	github.com/jhunt/go-envirotron v0.0.0-20171017043611-8bdb90f72b39

main.go

@@ -74,6 +74,7 @@ func connect(auth bool) *vault.Vault {
 		fmt.Fprintf(os.Stderr, "@R{You are not authenticated to a Vault.}\n")
 		fmt.Fprintf(os.Stderr, "Try @C{safe auth ldap}\n")
 		fmt.Fprintf(os.Stderr, " or @C{safe auth github}\n")
+		fmt.Fprintf(os.Stderr, " or @C{safe auth okta}\n")
 		fmt.Fprintf(os.Stderr, " or @C{safe auth token}\n")
 		fmt.Fprintf(os.Stderr, " or @C{safe auth userpass}\n")
 		fmt.Fprintf(os.Stderr, " or @C{safe auth approle}\n")
@@ -546,7 +547,7 @@ provided multiple times to provide multiple CA certificates.
 					fmt.Fprintf(os.Stderr, "You will need to target a Vault manually first.\n\n")
 					fmt.Fprintf(os.Stderr, "Try something like this:\n")
 					fmt.Fprintf(os.Stderr, "     @C{safe target ops https://address.of.your.vault}\n")
-					fmt.Fprintf(os.Stderr, "     @C{safe auth (github|token|ldap|userpass)}\n")
+					fmt.Fprintf(os.Stderr, "     @C{safe auth (github|token|ldap|okta|userpass)}\n")
 					fmt.Fprintf(os.Stderr, "\n")
 					os.Exit(1)
 				}
@@ -1427,7 +1428,7 @@ written to STDOUT instead of STDERR to make it easier to consume.
 
 	r.Dispatch("auth", &Help{
 		Summary: "Authenticate to the current target",
-		Usage:   "safe auth [--path <value>] (token|github|ldap|userpass|approle)",
+		Usage:   "safe auth [--path <value>] (token|github|ldap|okta|userpass|approle)",
 		Description: `
 Set the authentication token sent when talking to the Vault.
 
@@ -1436,6 +1437,7 @@ Supported auth backends are:
 token     Set the Vault authentication token directly.
 github    Provide a Github personal access (oauth) token.
 ldap      Provide LDAP user credentials.
+okta      Provide Okta user credentials.
 userpass  Provide a username and password registered with the UserPass backend.
 approle   Provide a client ID and client secret registered with the AppRole backend.
 status    Get information about current authentication status
@@ -1490,6 +1492,16 @@ Flags:
 			}
 			token = result.ClientToken
 
+		case "okta":
+			username := prompt.Normal("Okta username: ")
+			password := prompt.Secure("Password: ")
+
+			result, err := v.Client().Client.AuthOktaMount(authMount, username, password)
+			if err != nil {
+				return err
+			}
+			token = result.ClientToken
+
 		case "github":
 			accessToken := prompt.Secure("Github Personal Access Token: ")