Refactor authn-k8s-client to be authentication flow generic

cyberark · Dec 15, 2021 · 8ad3b37 · 8ad3b37
1 parent b28a639
commit 8ad3b37
Show file tree

Hide file tree

Showing 19 changed files with 447 additions and 994 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -151,7 +151,7 @@ follow the instructions in this section.
 ### Update the version, changelog, and notices
 1. Create a new branch for the version bump.
 1. Based on the unreleased content, determine the new version number and update
-   the [version.go](pkg/authenticator/version.go) file.
+   the [version.go](pkg/authenticator/common/version.go) file.
 1. Determine the new version number and update the Helm `Chart.yaml` files in the `helm/conjur-*/` directories.
 1. Review the git log and ensure the [changelog](CHANGELOG.md) contains all
    relevant recent changes with references to GitHub issues or PRs, if possible.

diff --git a/bin/build_utils b/bin/build_utils
@@ -6,7 +6,7 @@ set -euo pipefail
 # Functions to generate version numbers for this project
 ####
 
-readonly VERSION_GO_FILE="pkg/authenticator/version.go"
+readonly VERSION_GO_FILE="pkg/authenticator/common/version.go"
 
 function short_version_tag() {
   grep -v '^//' "${VERSION_GO_FILE}" | grep 'var Version =' | awk -F'= ' '{print $2}' | tr -d '"'

diff --git a/cmd/authenticator/main.go b/cmd/authenticator/main.go
@@ -7,23 +7,23 @@ import (
 
 	"github.com/cenkalti/backoff"
 
-	"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator"
-	authnConfig "github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/config"
+	"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/common"
+	"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/creators"
 	"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
 )
 
 func main() {
-	log.Info(log.CAKC048, authenticator.FullVersionName)
+	log.Info(log.CAKC048, common.FullVersionName)
 
 	var err error
 
-	config, err := authnConfig.NewFromEnv()
+	config, err := creators.NewFromEnv()
 	if err != nil {
 		printErrorAndExit(log.CAKC018)
 	}
 
 	// Create new Authenticator
-	authn, err := authenticator.New(*config)
+	authn, err := creators.NewAuthenticator(config)
 	if err != nil {
 		printErrorAndExit(log.CAKC019)
 	}
@@ -43,14 +43,14 @@ func main() {
 				return log.RecordedError(log.CAKC016)
 			}
 
-			if authn.Config.ContainerMode == "init" {
+			if config.GetContainerMode() == "init" {
 				os.Exit(0)
 			}
 
-			log.Info(log.CAKC047, authn.Config.TokenRefreshTimeout)
+			log.Info(log.CAKC047, config.GetTokenTimeout())
 
 			fmt.Println()
-			time.Sleep(authn.Config.TokenRefreshTimeout)
+			time.Sleep(config.GetTokenTimeout())
 
 			// Reset exponential backoff
 			expBackoff.Reset()

diff --git a/pkg/authenticator/authenticator_test.go b/pkg/authenticator/authenticator_test.go
diff --git a/pkg/authenticator/client.go → pkg/authenticator/common/client.go b/pkg/authenticator/client.go → pkg/authenticator/common/client.go
@@ -1,4 +1,4 @@
-package authenticator
+package common
 
 import (
 	"crypto/tls"
@@ -9,7 +9,7 @@ import (
 	"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
 )
 
-func newHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Client, error) {
+func NewHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Client, error) {
 	caCertPool := x509.NewCertPool()
 	ok := caCertPool.AppendCertsFromPEM(CACert)
 	if !ok {

diff --git a/pkg/authenticator/common/interfaces.go b/pkg/authenticator/common/interfaces.go
@@ -0,0 +1,21 @@
+package common
+
+import (
+	"time"
+)
+
+type AuthnInterface interface {
+	Init(config *ConfInterface) (AuthnInterface, error)
+	Authenticate() error
+}
+
+type ConfInterface interface {
+	LoadConfig(settings map[string]string)
+	GetAuthenticationType() string
+	GetEnvVariables() []string
+	GetRequiredVariables() []string
+	GetDefaultValues() map[string]string
+	GetContainerMode() string
+	GetTokenFilePath() string
+	GetTokenTimeout() time.Duration
+}
diff --git a/pkg/authenticator/config/username.go → pkg/authenticator/common/username.go b/pkg/authenticator/config/username.go → pkg/authenticator/common/username.go
@@ -1,4 +1,4 @@
-package config
+package common
 
 import (
 	"strings"

diff --git a/pkg/authenticator/config/username_test.go → pkg/authenticator/common/username_test.go b/pkg/authenticator/config/username_test.go → pkg/authenticator/common/username_test.go
@@ -1,4 +1,4 @@
-package config
+package common
 
 import (
 	"fmt"
@@ -19,7 +19,7 @@ func TestNewUsername(t *testing.T) {
 
 		// ASSERT
 		assert.Equal(t, "host.path.to.policy", usernameStruct.Prefix)
-		assert.Equal(t,  "namespace.resource_type.resource_id", usernameStruct.Suffix)
+		assert.Equal(t, "namespace.resource_type.resource_id", usernameStruct.Suffix)
 	})
 
 	t.Run("shorter than 4 parts", func(t *testing.T) {
@@ -31,10 +31,9 @@ func TestNewUsername(t *testing.T) {
 
 		// ASSERT
 		assert.Equal(t, "host.policy", usernameStruct.Prefix)
-		assert.Equal(t,  "host_id", usernameStruct.Suffix)
+		assert.Equal(t, "host_id", usernameStruct.Suffix)
 	})
 
-
 	t.Run("missing host/ prefix", func(t *testing.T) {
 		// SETUP & EXERCISE
 		_, err := NewUsername("namespace/resource_type/resource_id")

diff --git a/pkg/authenticator/version.go → pkg/authenticator/common/version.go b/pkg/authenticator/version.go → pkg/authenticator/common/version.go
@@ -1,4 +1,4 @@
-package authenticator
+package common
 
 import "fmt"