Allow reading the auth token provided by Kubernetes/OpenShift sidecar

Question

Allow reading the auth token provided by Kubernetes/OpenShift sidecar

Opened this issue 6 years ago · 2 comments

AuthnK8sClient.java

package net.conjur.api.authn;
/*
 * K8S Authn provider 
 * 
 *  This should be used with the cyberark/conjur-kubernetes-authenticator sidecar or init container
 *  The auth token will be published by the sidecar allowing the container app to bypass the authentication step.
 *   
 */
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;

public class AuthnK8sClient implements AuthnProvider {

	private Token token;
	
	public AuthnK8sClient(Token token) {
		this.token = token;
	}

	public AuthnK8sClient(Path tokenFilePath) throws IOException {
		this.token = getTokenFromFile(tokenFilePath);
	}
	
	public Token authenticate() {
		return token;
	}

	public Token authenticate(boolean useCachedToken) {
		return this.authenticate();
	}
	
	private Token getTokenFromFile(Path tokenFilePath) throws IOException {
		
		String jsonToken = new String(Files.readAllBytes(tokenFilePath));
		Token token = Token.fromJson(jsonToken);

		return token;
		
	}
}

Ryan Smith @ USAA wrote the attached to retrieve the access token in OpenShift using the Java API. He wanted to contribute this and see it added to the client library. Can that happen?

Answer 1 · 2018-08-24T14:51:12.000Z

Smith, Ryan Ryan.Smith2@usaa.com
Today, 9:19 AM

Please let me know when the Java API can be updated to support reading the access token directly. If not, we will need to create a custom overlay jar to add the needed support in our environment.

Thanks,

Ryan Smith

Ryan Smith | Software Development Lead | Information Security
Core Security Infrastructure, Enterprise Security Group, USAA

Answer 2 · 2018-08-24T14:54:52.000Z

BTW, Ryan needs this for Conjur v5. He has made the code changes and can share those with whomever is on this.