MTNPCGCG
commented
5 years ago As a consumer, this would be valuable. Currently this is a difference with the Ruby library that makes custom (and even providers like IAM) a bit impractical to use.
Open AndrewCopeland opened 5 years ago
MTNPCGCG
commented
5 years ago As a consumer, this would be valuable. Currently this is a difference with the Ruby library that makes custom (and even providers like IAM) a bit impractical to use.
sgnn7
commented
5 years ago @AndrewCopeland / @MTNPCGCG: I can prioritize this next time I'm working on this in the next week or two but it looks a bit of a beefy feature so I can't make any promises yet. Feel free to open a PR if you would like to contribute until then.
JfcAtCyberArk
commented
4 years ago Hi there, any new thougths on this issue? It would be great to be able to use this authn-iam using both conjur-api-python3 and https://github.com/davidmuller/aws-requests-auth#aws-api-gateway-example-with-iam-authentication-and-boto-automatic-credentials Thanks :)
sgnn7
commented
4 years ago Hey @JfcAtCyberArk, I haven't had much available time to work on this lately so apologies for that but I think we have a new repo with specialized code for this now here. I'm not quite sure about what/how the repo works but it seems like it would fit your use case until we get this functionality integrated into the repo directly.
PS: It would be great to hear feedback on it if you do try it out
JfcAtCyberArk
commented
4 years ago Hi @sgnn7, Thanks a lot for your advice, the specialized repo worked like a charm! I would encourage anyone trying to use auth-iam to use this repo as it automates many tasks while giving the ability to take a look at bits and bytes in the source code. Thanks again JFC
Add the ability to the cli and api client to support a flag such as:
Where the
--authnflag should support both iam and k8s and when this flag is provided a-pshould not be required. If the--authnis provided then the--authn-idwill also be required since this is used to authenticate correctly.The main difference between the authenticators is just the 'authenticate' endpoint being used, the rest of the cli/api client should remain unchanged.