Closed whip113 closed 4 years ago
sgnn7
commented
4 years ago @whip113 Can you provide us with content of those two files (with sensitive data redacted)? I think that this may be a configuration issue. Can you also dump the output of echo $HOME?
whip113
commented
4 years ago The output of echo $HOME is /root. (I'm using summon and summon-conjur from within the CLI container)
The content of /etc/conjur.identity is the same as ~/.netrc. I simply do mv ~/.netrc /etc/conjur.identity when starting from an initialized CLI.
The content of /etc/conjur.conf is the same as ~/.conjurrc, I create it the same way I create the conjur.identity file. However, once I've done this, summon-conjur is unable to locate conjur.identity. You get an error "Failed creating a Conjur client: Environment variables and machine identity files satisfying at least one authentication strategy must be present!". Once the line netrc_path: "etc/conjur.identity" is added to the /etc/conjur.conf it then works.
Note: You can reproduce this same behavior with the CLI, except that with the CLI you get prompted to login.
sgnn7
commented
4 years ago This seems to be a duplicate of https://github.com/cyberark/conjur-api-go/issues/53
sgnn7
commented
4 years ago I've updated the issue info to reflect the actual problem
Summary
The README.md says you can provide the values from
~/.netrcas/etc/conjur.identity, however this does not work.Steps to Reproduce
Steps to reproduce the behavior:
summon my-appExpected Results
Summon should invoke my app with my secrets defined in secrets.yml
Actual Results (including error logs, if applicable)
Summon-conjur fails to authenticate
Reproducible
Version/Tag number
Latest version of summon-conjur
Environment setup
Included with the CLI container
Additional Information
To workaround the problem, add
netrc_path: "/etc/conjur.identity"to the conjur.conf file (where .netrc > conjur.identity)Duplicate of https://github.com/cyberark/conjur-api-go/issues/53