Is your feature request related to a problem? Please describe.
It would be very helpful to have a special validator host ID configured in Conjur security policy
that could be used to validate the Kubernetes authenticator configuration e.g. after preparing
the Kubernetes cluster with authenticator RBAC objects, or after preparing an application
Namespace with a Conjur connection ConfigMap.
The validator host ID could be for a low-privileged host, e.g. it would not require access to
application secrets in order to perform authentication validation.
The validator host would need to be configured with an Kubernetes identity annotation
for the Namespace that it resides in, since the authenticator will authenticate based on
at least the Namespace of a Pod doing an authentication request. For this, the security
policy should assume the Namespace to which Conjur is deployed.
Describe the solution you would like
A special validator host ID is added to the demo security policy to allow a validation Pod
to perform basic authentication with Conjur so that authn-k8s configuration can be validated.
Is your feature request related to a problem? Please describe.
It would be very helpful to have a special validator host ID configured in Conjur security policy that could be used to validate the Kubernetes authenticator configuration e.g. after preparing the Kubernetes cluster with authenticator RBAC objects, or after preparing an application Namespace with a Conjur connection ConfigMap.
The validator host ID could be for a low-privileged host, e.g. it would not require access to application secrets in order to perform authentication validation.
The validator host would need to be configured with an Kubernetes identity annotation for the Namespace that it resides in, since the authenticator will authenticate based on at least the Namespace of a Pod doing an authentication request. For this, the security policy should assume the Namespace to which Conjur is deployed.
Describe the solution you would like
A special validator host ID is added to the demo security policy to allow a validation Pod to perform basic authentication with Conjur so that authn-k8s configuration can be validated.
Describe alternatives you have considered
Additional context