fix(pam): Allow client PAM using JSON payload.

Keyfactor · Jan 31, 2024 · 1265da8 · 1265da8
1 parent ed0d7db
commit 1265da8
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/kubernetes-orchestrator-extension/Jobs/JobBase.cs b/kubernetes-orchestrator-extension/Jobs/JobBase.cs
@@ -603,6 +603,19 @@ private void InitializeProperties(dynamic storeProperties)
             }
             Logger.LogTrace("ServerUsername: " + ServerUsername);
         }
+        else
+        {
+            // check is username is json string and attempt to pam resolve
+            if (ServerUsername.StartsWith('{') && ServerUsername.EndsWith('}'))
+            {
+                Logger.LogDebug("ServerUsername is a JSON string. Attempting to resolve ServerUsername from store properties or PAM provider.");
+                var pamServerUsername = (string)ResolvePamField("ServerUsername", ServerUsername);
+                if (!string.IsNullOrEmpty(pamServerUsername))
+                {
+                    ServerUsername = pamServerUsername;
+                }
+            }
+        }
         if (string.IsNullOrEmpty(ServerPassword))
         {
             Logger.LogDebug("ServerPassword is empty.");
@@ -627,6 +640,20 @@ private void InitializeProperties(dynamic storeProperties)
             }
 
         }
+        else
+        {
+            // check that password is json and is not a kubeconfig
+            if (ServerPassword.StartsWith('{') && ServerPassword.EndsWith('}') && !ServerPassword.Contains("apiVersion"))
+            {
+                Logger.LogDebug("ServerPassword is a JSON string. Attempting to resolve ServerPassword from store properties or PAM provider.");
+                var pamServerPassword = (string)ResolvePamField("ServerPassword", ServerPassword);
+                if (!string.IsNullOrEmpty(pamServerPassword))
+                {
+                    ServerPassword = pamServerPassword;
+                }
+                // Logger.LogTrace("ServerPassword: " + ServerPassword);
+            }
+        }
         if (string.IsNullOrEmpty(StorePassword))
         {
             Logger.LogDebug("StorePassword is empty.");
@@ -651,6 +678,20 @@ private void InitializeProperties(dynamic storeProperties)
             }
 
         }
+        else
+        {
+            // check that password is json and is not a kubeconfig
+            if (StorePassword.StartsWith('{') && StorePassword.EndsWith('}') && !StorePassword.Contains("apiVersion"))
+            {
+                Logger.LogDebug("StorePassword is a JSON string. Attempting to resolve StorePassword from store properties or PAM provider.");
+                var pamStorePassword = (string)ResolvePamField("StorePassword", StorePassword);
+                if (!string.IsNullOrEmpty(pamStorePassword))
+                {
+                    StorePassword = pamStorePassword;
+                }
+                // Logger.LogTrace("StorePassword: " + StorePassword);
+            }
+        }
         // var storePassword = ResolvePamField("Store Password", storeProperties.CertificateStoreDetails.StorePassword);
         //
         // if (storePassword != null)