Skip to content
/ conjur-authn-iam-go-client Public

A Golang package for generating a Conjur Client based via the authn-iam authenticator.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

strick-j/conjur-authn-iam-go-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
conjur_iam_client.go
conjur_iam_client.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

conjur-authn-iam-go-client

A Golang package for generating a Conjur Client based via the authn-iam authenticator.

Installation

go get -u github.com/strick-j/conjur-authn-iam-go-client

Usage

Example

For a full examples of usage, please see:

  1. EC2 IAM Role
  2. Assume Role
  3. Profile
  4. Static
import "github.com/strick-j/conjur-authn-iam-go-client"

func NewConjurIamClient

func (p ConjurIamParams) NewConjurIamClient() (*conjurapi.Client, error)

conjurIamClient.NewConjurIamClient takes takes a struct containing specific AWS IAM Parameters. Based on the IamAuthMethod and supporting parameters a Conjur Client is created.

type ConjurIamParams

type ConjurIamParams struct {
	IamAuthMethod   string // IAM IamAuthMethodod: "static", "iamrole", "assumerole", "profile"
	Profile         string // AWS Profile (e.g. Default)
	RoleArn         string // AWS Role ARN (required for assumeRole)
	AccessKey       string // AWS Access Key (Required for static)
	SecretKey       string // AWS Secret Key (Required for static)
	SessionToken    string // AWS Session Token (Optional for static)
}

conjurIamClient.ConjurIamParams must be provided when calling the NewConjurIamClient function. The parameters specify the method for AWS Role Assumption. Each AWS Role Assumption method has unique requirements.

Method Short Description Required ConjurIamParams
ec2role Uses the role assigned to the host IamAuthMethod
assumerole Attempts to use host defaults (e.g. Env, ~/.aws/credentials) IamAuthMethod, RoleArn
profile Uses credentials assigned to the profile to assume role IamAuthMethod, Profile, RoleArn
static Uses static credentials to assume role (testing only) IamAuthMethod, RoleArn, AccessKey, SecretKey

Additional Requirements

This package leverages two other primary packages aws-go-sdk-v2 and conjur-api-go.

Specifically, with the Conjur API the conjurapi.LoadConfig function is used to obtain required Conjur variables. These include required variables such as the Conjur Appliance URL and Conjur Account. If these are not set properly the Conjur Client will not be generated.

The following must be set in order for the package to run appropriately:

  1. CONJUR_AUTHN_IAM_SERVICE_ID - Environment Variable (e.g. prod)
  2. CONJUR_AUTHN_LOGIN - Enviornment Variable or Config File (.conjurrc/.netrc) (e.g. host/policy/prefix/id)
  3. CONJUR_ACCOUNT - Environment Variable or Config File (.conjurrc/.netrc) (e.g. default
  4. CONJUR_APPLIANCE_URL - Environment Variable or Config File (.conjurrc/.netrc) (e.g. https://yourconjurhost.yourdomain.com)

About

A Golang package for generating a Conjur Client based via the authn-iam authenticator.

Topics

go golang aws iam cyberark conjur

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages