Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IAM authenticator #178

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add IAM authenticator #178

wants to merge 1 commit into from

Conversation

gl-johnson
Copy link
Contributor

@gl-johnson gl-johnson commented Jul 28, 2023
edited
Loading

Rough POC for adding IAM authentication to the Go SDK.

NOTE: This depends on the AWS config existing on the system, which should be the case for any user of the AWS CLI or when running on ec2 or lambda.

Usage example:

	config := conjurapi.Config{
		ApplianceURL: "http://localhost:3000",
		Account:      "cucumber",
		AuthnType:    "iam",
		ServiceID:    "aws",
		HostID:       "conjur/authn-iam/aws/production/578847545830/glen",
	}

	client, err := conjurapi.NewClientFromEnvironment(config)
	if err != nil {
		fmt.Println("Error creating Conjur client:", err)
		return
	}

	resp, err := client.WhoAmI()

	fmt.Println(string(resp))

Improvements:

  • Add tests
  • If configured host ID doesn't match the AWS config, we could attempt to assume the AWS role and fetch temporary credentials like so:
	svc := sts.NewFromConfig(cfg)
	credsProvider := stscreds.NewAssumeRoleProvider(svc, "arn:aws:iam::578847545830:role/MyAppRole")
	credentials, err := credsProvider.Retrieve(ctx)
	if err != nil {
		fmt.Println("Error retrieving credentials:", err)
		return nil
	}

	return &credentials

codeclimate[bot]
codeclimate bot reviewed Jul 28, 2023
View reviewed changes
conjurapi/authn.go
return resp, err
}

func (c *Client) IAMAuthenticateHeaders() ([]byte, error) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Method Client.IAMAuthenticateHeaders has 6 return statements (exceeds 4 allowed).

@gl-johnson gl-johnson force-pushed the add-iam-authentication branch from 7feb055 to f1d5260 Compare July 28, 2023 20:26
@gl-johnson gl-johnson force-pushed the add-iam-authentication branch from f1d5260 to 74d41ee Compare July 28, 2023 20:31
@codeclimate
Copy link

codeclimate bot commented Jul 28, 2023

Code Climate has analyzed commit 74d41ee and detected 2 issues on this pull request.

Here's the issue category breakdown:

Category Count
Complexity 2

The test coverage on the diff in this pull request is 4.5% (50% is the threshold).

This pull request will bring the total coverage in the repository to 81.4% (-5.0% change).

View more on Code Climate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeclimate codeclimate[bot] codeclimate[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gl-johnson