authenticator

Documentation

Index

• Variables
• func AuthenticateRequest(authnURL string, conjurVersion string, account string, username string) (*http.Request, error)
• func LoginRequest(authnURL string, conjurVersion string, csrBytes []byte, usernamePrefix string) (*http.Request, error)
• type Authenticator
  • func New(config authnConfig.Config) (*Authenticator, error)
  • func NewWithAccessToken(config authnConfig.Config, accessToken access_token.AccessToken) (*Authenticator, error)
  • func (auth *Authenticator) Authenticate() error
  • func (auth *Authenticator) GenerateCSR(commonName string) ([]byte, error)
  • func (auth *Authenticator) IsCertExpired() bool
  • func (auth *Authenticator) IsLoggedIn() bool
  • func (auth *Authenticator) Login() error

Variables

var FullVersionName = fmt.Sprintf("%s%s", Version, TagSuffix)

FullVersionName is the user-visible aggregation of version and tag of this codebase

var TagSuffix = "-dev"

TagSuffix field denotes the specific build type for the client. It may be replaced by compile-time variables if needed to provide the git commit information in the final binary. In fixed versions, we don't want the tag to be present

var Version = "0.21.1"

Version field is a SemVer that should indicate the baked-in version of the authn-k8s-client

Functions

func AuthenticateRequest

func AuthenticateRequest(authnURL string, conjurVersion string, account string, username string) (*http.Request, error)

AuthenticateRequest sends an authenticate request

func LoginRequest

func LoginRequest(authnURL string, conjurVersion string, csrBytes []byte, usernamePrefix string) (*http.Request, error)

LoginRequest sends a login request

Types

type Authenticator

type Authenticator struct {
	AccessToken access_token.AccessToken
	Config      authnConfig.Config
	PublicCert  *x509.Certificate
	// contains filtered or unexported fields
}

Authenticator contains the configuration and client for the authentication connection to Conjur

func New

func New(config authnConfig.Config) (*Authenticator, error)

New creates a new authenticator instance from a token file

func NewWithAccessToken

func NewWithAccessToken(config authnConfig.Config, accessToken access_token.AccessToken) (*Authenticator, error)

NewWithAccessToken creates a new authenticator instance from a given access token

func (*Authenticator) Authenticate

func (auth *Authenticator) Authenticate() error

Authenticate sends Conjur an authenticate request and writes the response to the token file (after decrypting it if needed). It also manages state of certificates.

func (*Authenticator) GenerateCSR

func (auth *Authenticator) GenerateCSR(commonName string) ([]byte, error)

GenerateCSR prepares the CSR

func (*Authenticator) IsCertExpired

func (auth *Authenticator) IsCertExpired() bool

IsCertExpired returns true if certificate is expired or close to expiring

func (*Authenticator) IsLoggedIn

func (auth *Authenticator) IsLoggedIn() bool

IsLoggedIn returns true if we are logged in (have a cert)

func (*Authenticator) Login

func (auth *Authenticator) Login() error

Login sends Conjur a CSR and verifies that the client cert is successfully retrieved