authd

package module

v0.0.0-...-4892902 Latest Latest Go to latest Published: Dec 20, 2022 License: Apache-2.0 Imports: 13 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/flant/negentropy

Links

Open Source Insights

README ¶

authd

authd is a proxy to use the pool of Vault servers. It's main goal is to use JWT to open Vault sessions for other clients.

build

git clone git@github.com:flant/negentropy.git
cd negentropy/authd
GO111MODULE=on go build -o /opt/authd/bin/authd cmd/authd/main.go

deploy & config

binary should be delivered to every client PC & server
binary should be run as a service

example of authd.service:
-------------------------
[Unit]
Description=Daemon to authenticate in Negentropy
After=network.target

[Service]
PrivateTmp=true
Type=exec
PIDFile=/var/run/authd/%i.pid
ExecStart=/opt/authd/bin/authd

[Install]
WantedBy=multi-user.target

binary needs configs in /etc/flant/negentropy/authd-conf.d directory examples of yaml configs are in authd/dev/conf
main.yaml provide connection to vault
sock1.yaml etc - are configs for connections to authd
binary need valid jwt token at the path specified in main.yaml[jwtPath]
the way to get example of jwt is available through scripts in authd/dev
restart authd after change config or jwt

Development

for tests and debug run negentropy instance using ./start.sh, it refreshs authd/dev/secret/authd.jwt, used to run dev instanse of authd
dev directory contains a simple setup to test authd:

configuration with one socket

run cmd:

from authd folder:
    go run cmd/authd/main.go --conf-dir=dev/conf

TODO

OpenAPI validation for config. Validator is done, it needs to be added to authd daemon.
Session token refresher for client library.
~~URL and arguments in configuration for Vault requests (auth/myjwt/login is hardcoded).~~
~~Rename policy to role~~, do role checks in LoginHandler.
~~Use for tests configured and runned by start.sh negentropy instanse.~~
~~Redesign rotate multipass~~~
~~Apply socket file permissions.~~
Support for penging login.

Links

https://www.vaultproject.io/docs/secrets/identity

Documentation ¶

Index ¶

type Client
- func NewAuthdClient(socketPath string) *Client

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	SocketPath string
	// contains filtered or unexported fields
}

func NewAuthdClient ¶

func NewAuthdClient(socketPath string) *Client

func (*Client) NewVaultClient ¶

func (c *Client) NewVaultClient() (*api.Client, error)

func (*Client) OpenVaultSession ¶

func (c *Client) OpenVaultSession(loginRequest *v1.LoginRequest) error

OpenVaultSession asks authd to return new vault token and a specific vault server. TODO add context argument.

func (*Client) StartTokenRefresher ¶

func (c *Client) StartTokenRefresher(ctx context.Context)

func (*Client) StopTokenRefresher ¶

func (c *Client) StopTokenRefresher()

Source Files ¶

View all Source files

client.go

Directories ¶

Path	Synopsis
cmd
authd
pkg
api/v1
client_error
config
daemon
jwt
log
server
signal
util
util/exponential
vault

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL