Skip to content
This repository has been archived by the owner on Sep 9, 2024. It is now read-only.

Add ability to authenticate to conjur via different authenticators #13

Open
AndrewCopeland opened this issue May 30, 2019 · 5 comments
Open

Comments

@AndrewCopeland
Copy link
Contributor

Add the ability to the cli and api client to support a flag such as:

conjur-cli --insecure -l https://myserver -a orgname -u "host/aws/<aws-account-id>/<iam-role-name>" --authn iam --authn-id authServiceId \
  variable get foo/bar

Where the --authn flag should support both iam and k8s and when this flag is provided a -p should not be required.
If the --authn is provided then the --authn-id will also be required since this is used to authenticate correctly.

The main difference between the authenticators is just the 'authenticate' endpoint being used, the rest of the cli/api client should remain unchanged.

@MTNPCGCG
Copy link

MTNPCGCG commented Oct 9, 2019

As a consumer, this would be valuable. Currently this is a difference with the Ruby library that makes custom (and even providers like IAM) a bit impractical to use.

@sgnn7
Copy link
Contributor

sgnn7 commented Oct 9, 2019

@AndrewCopeland / @MTNPCGCG: I can prioritize this next time I'm working on this in the next week or two but it looks a bit of a beefy feature so I can't make any promises yet. Feel free to open a PR if you would like to contribute until then.

@JfcAtCyberArk
Copy link

Hi there, any new thougths on this issue?
It would be great to be able to use this authn-iam using both conjur-api-python3 and https://github.com/davidmuller/aws-requests-auth#aws-api-gateway-example-with-iam-authentication-and-boto-automatic-credentials
Thanks :)

@sgnn7
Copy link
Contributor

sgnn7 commented May 29, 2020

Hey @JfcAtCyberArk,
I haven't had much available time to work on this lately so apologies for that but I think we have a new repo with specialized code for this now here. I'm not quite sure about what/how the repo works but it seems like it would fit your use case until we get this functionality integrated into the repo directly.

PS: It would be great to hear feedback on it if you do try it out

@JfcAtCyberArk
Copy link

Hi @sgnn7,
Thanks a lot for your advice, the specialized repo worked like a charm!
I would encourage anyone trying to use auth-iam to use this repo as it automates many tasks while giving the ability to take a look at bits and bytes in the source code.
Thanks again
JFC

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

No branches or pull requests

4 participants