Skip to content

Commit b2a72bf

Browse files
kgal-aklkgal-akl
committed
mv auth func up
Signed-off-by: Kobbi Gal <[email protected]>
1 parent 8a0522b commit b2a72bf

File tree

1 file changed

+60
-60
lines changed

1 file changed

+60
-60
lines changed

secretstores/akeyless/akeyless.go

Lines changed: 60 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,66 @@ func (a *akeylessSecretStore) Init(ctx context.Context, meta secretstores.Metada
6262
return nil
6363
}
6464

65+
// Authenticate authenticates with Akeyless using the provided metadata.
66+
// It returns an error if the authentication fails.
67+
func (a *akeylessSecretStore) Authenticate(ctx context.Context, metadata *akeylessMetadata) error {
68+
69+
a.logger.Debug("Creating authentication request to Akeyless...")
70+
authRequest := akeyless.NewAuth()
71+
authRequest.SetAccessId(metadata.AccessID)
72+
authRequest.SetAccessType(metadata.AccessType)
73+
74+
var accessType = metadata.AccessType
75+
76+
a.logger.Debugf("authenticating using access type: %s", accessType)
77+
78+
// Depending on the access type we set the appropriate authentication method
79+
switch accessType {
80+
// If access type is AWS IAM we use the cloud ID
81+
case AUTH_IAM:
82+
id, err := aws.GetCloudId()
83+
if err != nil {
84+
return errors.New("unable to get cloud ID")
85+
}
86+
authRequest.SetCloudId(id)
87+
case AUTH_JWT:
88+
authRequest.SetJwt(metadata.JWT)
89+
case DEFAULT_AUTH_TYPE:
90+
a.logger.Debug("authenticating using access key...")
91+
authRequest.SetAccessKey(metadata.AccessKey)
92+
case AUTH_K8S:
93+
a.logger.Debug("authenticating using k8s...")
94+
err := setK8SAuthConfiguration(*metadata, authRequest, a)
95+
if err != nil {
96+
return fmt.Errorf("failed to set k8s auth configuration: %w", err)
97+
}
98+
}
99+
100+
// Create Akeyless API client configuration
101+
a.logger.Debug("creating Akeyless API client configuration...")
102+
config := akeyless.NewConfiguration()
103+
config.Servers = []akeyless.ServerConfiguration{
104+
{
105+
URL: metadata.GatewayURL,
106+
},
107+
}
108+
config.UserAgent = USER_AGENT
109+
config.AddDefaultHeader("akeylessclienttype", USER_AGENT)
110+
111+
a.v2 = akeyless.NewAPIClient(config).V2Api
112+
113+
a.logger.Debug("authenticating with Akeyless...")
114+
out, httpResponse, err := a.v2.Auth(ctx).Body(*authRequest).Execute()
115+
if err != nil || httpResponse.StatusCode != 200 {
116+
return fmt.Errorf("failed to authenticate with Akeyless: %w", errors.New(httpResponse.Status))
117+
}
118+
119+
a.logger.Debugf("authentication successful - token expires at %s", out.GetExpiration())
120+
a.token = out.GetToken()
121+
122+
return nil
123+
}
124+
65125
// GetSecret retrieves a secret using a key and returns a map of decrypted string/string values.
66126
func (a *akeylessSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
67127
if a.v2 == nil {
@@ -446,66 +506,6 @@ func (a *akeylessSecretStore) listItemsRecursively(ctx context.Context, path str
446506
return allItems, nil
447507
}
448508

449-
// Authenticate authenticates with Akeyless using the provided metadata.
450-
// It returns an error if the authentication fails.
451-
func (a *akeylessSecretStore) Authenticate(ctx context.Context, metadata *akeylessMetadata) error {
452-
453-
a.logger.Debug("Creating authentication request to Akeyless...")
454-
authRequest := akeyless.NewAuth()
455-
authRequest.SetAccessId(metadata.AccessID)
456-
authRequest.SetAccessType(metadata.AccessType)
457-
458-
var accessType = metadata.AccessType
459-
460-
a.logger.Debugf("authenticating using access type: %s", accessType)
461-
462-
// Depending on the access type we set the appropriate authentication method
463-
switch accessType {
464-
// If access type is AWS IAM we use the cloud ID
465-
case AUTH_IAM:
466-
id, err := aws.GetCloudId()
467-
if err != nil {
468-
return errors.New("unable to get cloud ID")
469-
}
470-
authRequest.SetCloudId(id)
471-
case AUTH_JWT:
472-
authRequest.SetJwt(metadata.JWT)
473-
case DEFAULT_AUTH_TYPE:
474-
a.logger.Debug("authenticating using access key...")
475-
authRequest.SetAccessKey(metadata.AccessKey)
476-
case AUTH_K8S:
477-
a.logger.Debug("authenticating using k8s...")
478-
err := setK8SAuthConfiguration(*metadata, authRequest, a)
479-
if err != nil {
480-
return fmt.Errorf("failed to set k8s auth configuration: %w", err)
481-
}
482-
}
483-
484-
// Create Akeyless API client configuration
485-
a.logger.Debug("creating Akeyless API client configuration...")
486-
config := akeyless.NewConfiguration()
487-
config.Servers = []akeyless.ServerConfiguration{
488-
{
489-
URL: metadata.GatewayURL,
490-
},
491-
}
492-
config.UserAgent = USER_AGENT
493-
config.AddDefaultHeader("akeylessclienttype", USER_AGENT)
494-
495-
a.v2 = akeyless.NewAPIClient(config).V2Api
496-
497-
a.logger.Debug("authenticating with Akeyless...")
498-
out, httpResponse, err := a.v2.Auth(ctx).Body(*authRequest).Execute()
499-
if err != nil || httpResponse.StatusCode != 200 {
500-
return fmt.Errorf("failed to authenticate with Akeyless: %w", errors.New(httpResponse.Status))
501-
}
502-
503-
a.logger.Debugf("authentication successful - token expires at %s", out.GetExpiration())
504-
a.token = out.GetToken()
505-
506-
return nil
507-
}
508-
509509
func (a *akeylessSecretStore) separateItemsByType(items []akeyless.Item) ([]akeyless.Item, []akeyless.Item, []akeyless.Item) {
510510
staticItems := []akeyless.Item{}
511511
dynamicItems := []akeyless.Item{}

0 commit comments

Comments
 (0)