##########################################################################################################################
# AppRole Authentication Method for HashiCorp Vault
# Lecture 8
##########################################################################################################################

import sys
import requests, getpass

def getAWS_KEYS():
    try:
        #Make request to obtain a token for this execution
        headersLogin = {'Content-Type': 'application/json'}
        loginJson = {
            "secret_id": "",
            # Use the secret ID value generated from the Vault CLI or API 
	        "role_id": ""
            # Use the role ID generated from the Vault CLI or API 
        }
        r = requests.post("https://vault.example.com/v1/auth/approle/login", data={}, json=loginJson, headers=headersLogin)
        data = r.json()
        token = data['auth']["client_token"]

        headersKeys = {"X-Vault-Token": token}
        r = requests.get("https://vault.example.com/v1/aws/creds/approle-name", headers=headersKeys)
        data = r.json()

        return data["data"]["access_key"], data["data"]["secret_key"]
    except:
        return (str(sys.exc_info()))

if __name__ == "__main__":

    result = getAWS_KEYS()
    print(result)