Skip to content
This repository has been archived by the owner on Sep 9, 2024. It is now read-only.

Add ability to authenticate to conjur via different authenticators #13

Open
AndrewCopeland opened this issue May 30, 2019 · 5 comments
Open

Add ability to authenticate to conjur via different authenticators #13

AndrewCopeland opened this issue May 30, 2019 · 5 comments
Assignees
@sgnn7
Labels
defined kind/developer-experience kind/enhancement

Comments

@AndrewCopeland
Copy link
Contributor

Add the ability to the cli and api client to support a flag such as:

conjur-cli --insecure -l https://myserver -a orgname -u "host/aws/<aws-account-id>/<iam-role-name>" --authn iam --authn-id authServiceId \
  variable get foo/bar

Where the --authn flag should support both iam and k8s and when this flag is provided a -p should not be required.
If the --authn is provided then the --authn-id will also be required since this is used to authenticate correctly.

The main difference between the authenticators is just the 'authenticate' endpoint being used, the rest of the cli/api client should remain unchanged.
@MTNPCGCG
Copy link

MTNPCGCG commented Oct 9, 2019

As a consumer, this would be valuable. Currently this is a difference with the Ruby library that makes custom (and even providers like IAM) a bit impractical to use.

@sgnn7
Copy link
Contributor

sgnn7 commented Oct 9, 2019

@AndrewCopeland / @MTNPCGCG: I can prioritize this next time I'm working on this in the next week or two but it looks a bit of a beefy feature so I can't make any promises yet. Feel free to open a PR if you would like to contribute until then.

@sgnn7 sgnn7 self-assigned this Oct 9, 2019
@sgnn7 sgnn7 pinned this issue Oct 9, 2019
@JfcAtCyberArk
Copy link

Hi there, any new thougths on this issue?
It would be great to be able to use this authn-iam using both conjur-api-python3 and https://github.com/davidmuller/aws-requests-auth#aws-api-gateway-example-with-iam-authentication-and-boto-automatic-credentials
Thanks :)

@sgnn7
Copy link
Contributor

sgnn7 commented May 29, 2020

Hey @JfcAtCyberArk,
I haven't had much available time to work on this lately so apologies for that but I think we have a new repo with specialized code for this now here. I'm not quite sure about what/how the repo works but it seems like it would fit your use case until we get this functionality integrated into the repo directly.

PS: It would be great to hear feedback on it if you do try it out

@JfcAtCyberArk
Copy link

Hi @sgnn7,
Thanks a lot for your advice, the specialized repo worked like a charm!
I would encourage anyone trying to use auth-iam to use this repo as it automates many tasks while giving the ability to take a look at bits and bytes in the source code.
Thanks again
JFC

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sgnn7 sgnn7

Labels
defined kind/developer-experience kind/enhancement
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sgnn7 @JfcAtCyberArk @AndrewCopeland @MTNPCGCG