common

type Config ¶

type Config struct {
	Account                   string
	ClientCertPath            string
	ClientCertRetryCountLimit int
	ContainerMode             string
	SSLCertificate            []byte
	TokenFilePath             string
	TokenRefreshTimeout       time.Duration
	URL                       string
	Username                  *Username
}

Config defines the configuration parameters common for both authentications

func (config *Config) LoadConfig(settings map[string]string)

type ReadFileFunc ¶

type ReadFileFunc func(filename string) ([]byte, error)

ReadFileFunc defines the interface for reading an SSL Certificate from the env

type TestAuthServer ¶

type TestAuthServer struct {
	Server             *httptest.Server
	ClientCertPath     string
	CertLogPath        string
	ExpectedTokenValue string
	SkipWritingCSRFile bool
	HandleLogin        func(
		loginCsr *x509.CertificateRequest,
		loginCsrErr error,
	)
}

func NewTestAuthServer(clientCertPath, certLogPath, expectedTokenValue string, skipWritingCSRfile bool) *TestAuthServer

type Username ¶

type Username struct {
	FullUsername string
	Prefix       string
	Suffix       string
}

Represents the username of the host that is authenticating with Conjur. We separate the username into 2 parts:

• Suffix: includes the host id
• Prefix: includes the policy id (and the "host/" prefix)

The separation above comes to support backwards compatibility of the username that is sent to the server. Previously, only hosts under the `conjur/authn-k8s/<service-id>/apps` policy branch were able to authenticate with Conjur, and for that to work only the suffix was sent in the CSR request. To let hosts from all around the policy tree to authenticate we need to send the full username, but we can't change the way the suffix was sent without breaking backwards compatibility. This is why we separate the username into prefix and suffix and send them separately in the CSR request.

func NewUsername(username string) (*Username, error)

func (username Username) String() string