common

package

v0.0.1-14 Latest Latest Go to latest Published: Feb 23, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cyberark/conjur-authn-k8s-client

Documentation ¶

Index ¶

func NewHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Client, error)
func ReadSSLCert(settings map[string]string, readFile ReadFileFunc) ([]byte, error)
func ValidateSetting(key string, value string) error
type Config
- func (config *Config) LoadConfig(settings map[string]string)
type ReadFileFunc
type TestAuthServer
- func NewTestAuthServer(clientCertPath, certLogPath, expectedTokenValue string, ...) *TestAuthServer
type Username
- func NewUsername(username string) (*Username, error)
- func (username Username) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewHTTPSClient ¶

func NewHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Client, error)

NewHTTPSClient Returns https client to communicate with Conjur

func ReadSSLCert ¶

func ReadSSLCert(settings map[string]string, readFile ReadFileFunc) ([]byte, error)

func ValidateSetting ¶

func ValidateSetting(key string, value string) error

Types ¶

type Config ¶

type Config struct {
	Account                   string
	ClientCertPath            string
	ClientCertRetryCountLimit int
	ContainerMode             string
	SSLCertificate            []byte
	TokenFilePath             string
	TokenRefreshTimeout       time.Duration
	URL                       string
	Username                  *Username
}

Config defines the configuration parameters common for both authentications

func (*Config) LoadConfig ¶

func (config *Config) LoadConfig(settings map[string]string)

LoadConfig is a constructor for common Config object

type ReadFileFunc ¶

type ReadFileFunc func(filename string) ([]byte, error)

ReadFileFunc defines the interface for reading an SSL Certificate from the env

type TestAuthServer ¶

type TestAuthServer struct {
	Server             *httptest.Server
	ClientCertPath     string
	CertLogPath        string
	ExpectedTokenValue string
	SkipWritingCSRFile bool
	HandleLogin        func(
		loginCsr *x509.CertificateRequest,
		loginCsrErr error,
	)
}

func NewTestAuthServer ¶

func NewTestAuthServer(clientCertPath, certLogPath, expectedTokenValue string, skipWritingCSRfile bool) *TestAuthServer

testServer creates, for testing purposes, an http server on a random port that mocks conjur's login and authenticate endpoints.

type Username ¶

type Username struct {
	FullUsername string
	Prefix       string
	Suffix       string
}

Represents the username of the host that is authenticating with Conjur. We separate the username into 2 parts:

Suffix: includes the host id
Prefix: includes the policy id (and the "host/" prefix)

The separation above comes to support backwards compatibility of the username that is sent to the server. Previously, only hosts under the `conjur/authn-k8s/<service-id>/apps` policy branch were able to authenticate with Conjur, and for that to work only the suffix was sent in the CSR request. To let hosts from all around the policy tree to authenticate we need to send the full username, but we can't change the way the suffix was sent without breaking backwards compatibility. This is why we separate the username into prefix and suffix and send them separately in the CSR request.

func NewUsername ¶

func NewUsername(username string) (*Username, error)

func (Username) String ¶

func (username Username) String() string

String is used to format the username to only the needed user-visible information rather than all the fields

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL