Allow reading the auth token provided by Kubernetes/OpenShift sidecar
Opened this issue · 2 comments
dustinmm80 commented
AuthnK8sClient.java
package net.conjur.api.authn;
/*
* K8S Authn provider
*
* This should be used with the cyberark/conjur-kubernetes-authenticator sidecar or init container
* The auth token will be published by the sidecar allowing the container app to bypass the authentication step.
*
*/
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
public class AuthnK8sClient implements AuthnProvider {
private Token token;
public AuthnK8sClient(Token token) {
this.token = token;
}
public AuthnK8sClient(Path tokenFilePath) throws IOException {
this.token = getTokenFromFile(tokenFilePath);
}
public Token authenticate() {
return token;
}
public Token authenticate(boolean useCachedToken) {
return this.authenticate();
}
private Token getTokenFromFile(Path tokenFilePath) throws IOException {
String jsonToken = new String(Files.readAllBytes(tokenFilePath));
Token token = Token.fromJson(jsonToken);
return token;
}
}
Ryan Smith @ USAA wrote the attached to retrieve the access token in OpenShift using the Java API. He wanted to contribute this and see it added to the client library. Can that happen?
jodyhuntatx commented
Smith, Ryan Ryan.Smith2@usaa.com
Today, 9:19 AM
Please let me know when the Java API can be updated to support reading the access token directly. If not, we will need to create a custom overlay jar to add the needed support in our environment.
Thanks,
Ryan Smith
Ryan Smith | Software Development Lead | Information Security
Core Security Infrastructure, Enterprise Security Group, USAA
jodyhuntatx commented
BTW, Ryan needs this for Conjur v5. He has made the code changes and can share those with whomever is on this.