Open doodlesbykumbi opened 3 years ago
Tasks:
SP Config (in secrets-provider-for-k8s
repository): Split into:
• Container Config
• K8s Secrets config
Authn Client Config (in conjur-authn-k8s-client
repository): split into:
• Conjur connect config
• app identity config
=====================================
SP Configuration:
CONTAINER_MODE (pkg/authenticator) config.Config.ContainerMode
SECRETS_DESTINATION (pkg/secrets) config.Config.StoreType
K8S_SECRETS (pkg/secrets) config.Config.RequiredK8sSecrets
RETRY_COUNT_LIMIT (pkg/secrets) config.Config.RetryCountLimit
RETRY_INTERVAL_SEC (pkg/secrets) config.Config.RetryIntervalSec
DEBUG
CONJUR_APPLIANCE_URL. (pkg/conjur-api-go) conjurapi.Config.ApplianceUrl
CONJUR_AUTHN_URL (pkg/authenticator) config.Config.URL
CONJUR_ACCOUNT (pkg/authenticator) config.Config.Account
CONJUR_AUTHN_LOGIN (pkg/authenticator) config.Config.Username
CONJUR_SSL_CERTIFICATE (pkg/authenticator) config.Config.SSLCertificate
=====================================
Authn-K8s configuration:
DEBUG
CONJUR_AUTHN_URL (pkg/authenticator) config.Config.URL
CONJUR_AUTHN_LOGIN (pkg/authenticator) config.Config.Username
CONJUR_SSL_CERTIFICATE (pkg/authenticator) config.Config.SSLCertificate
CONJUR_TOKEN_TIMEOUT (pkg/authenticator) config.Config.TokenRefreshTimeout
MY_POD_NAME (pkg/authenticator) config.Config.PodName
MY_POD_NAMESPACE (pkg/secrets) config.Config.PodNamespace
(pkg/authenticator) config.Config.PodNamespace
MY_POD_IP
CONTAINER_MODE. (pkg/authenticator) config.Config.ContainerMode
FILE: secrets-provider-for-k8s/pkg/secrets/config STRUCT:
// Config defines the configuration parameters
// for the authentication requests
type Config struct {
// Used for Kubernetes Secrets store type
PodNamespace string
RequiredK8sSecrets []string
// Container/Conjur config
RetryCountLimit int
RetryIntervalSec int
// General config
StoreType string
}
This is initialized in cmd/secrets-provider/main.go:
import (
* * *
secretsConfigProvider "github.com/cyberark/secrets-provider-for-k8s/pkg/secrets/config"
* * *
secretsConfig, err := secretsConfigProvider.NewFromEnv()
if err != nil {
printErrorAndExit(messages.CSPFK015E)
}
============================================== Conjur Authn-k8s client config is read in here in cmd/secrets-provider/main.go:
Import (
* * *
authnConfigProvider "github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/config"
* * *
// Initialize configurations
authnConfig, err := authnConfigProvider.NewFromEnv()
if err != nil {
printErrorAndExit(messages.CSPFK008E)
}
FILE: conjur-authn-k8s-client/pkg/authenticator/config STRUCT:
// Config defines the configuration parameters
// for the authentication requests
type Config struct {
Account string
ClientCertPath string
ClientCertRetryCountLimit int
ContainerMode string
ConjurVersion string
InjectCertLogPath string
PodName string
PodNamespace string
SSLCertificate []byte
TokenFilePath string
TokenRefreshTimeout time.Duration
URL string
Username *Username
}
HOW TO SPLIT UP INTO CONJUR CONNECT, CONTAINER CONFIG, AND APP IDENTITY CONFIG?
// Config defines the configuration parameters
// for the authentication requests
type Config struct {
// Conjur Connect Config
Account string
ClientCertPath string
ClientCertRetryCountLimit int
ConjurVersion string
InjectCertLogPath string
PodName string
PodNamespace string
SSLCertificate []byte
TokenFilePath string
TokenRefreshTimeout time.Duration
// Container config
ContainerMode string
// App identity configuration
URL string
Username *Username
}
==============================================
FILE: conjur-api-go/conjurapi/config.go STRUCT:
type Config struct {
Account string `yaml:"account,omitempty"`
ApplianceURL string `yaml:"appliance_url,omitempty"`
NetRCPath string `yaml:"netrc_path,omitempty"`
SSLCert string `yaml:"-"`
SSLCertPath string `yaml:"cert_file,omitempty"`
V4 bool `yaml:"v4"`
}
Reorganise the internal representation
https://github.com/cyberark/secrets-provider-for-k8s/blob/53271bd8d884f7782df0c07e6619ec22568ecf50/pkg/secrets/config/config.go#L23-L29
of the Secrets Provider configuration. The configuration can be logically broken down into container configuration + store type configuration.
Container config:
Store type config:
The goal for this issue to prepare for implementing the
file
store type.