feat: upgrade go-translator package and change to env vars

WirePact · Dec 26, 2021 · 129d9f1 · 129d9f1
1 parent ff4fe42
commit 129d9f1
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 45 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -42,11 +42,7 @@ LABEL org.opencontainers.image.source="https://github.com/WirePact/k8s-basic-aut
 
 WORKDIR /app
 
-ENV BUILD_VERSION=${BUILD_VERSION} \
-    INGRESS_PORT=50051 \
-    EGRESS_PORT=50052 \
-    PKI_ADDRESS="" \
-    CSV_REPOSITORY=""
+ENV BUILD_VERSION=${BUILD_VERSION}
 
 COPY --from=build /etc/passwd /etc/group /etc/
 COPY --from=build /go/bin/app /app/app

diff --git a/README.md b/README.md
@@ -1,3 +1,19 @@
 # WirePact K8s Basic Auth Translator
 
-TODO.
+This is a "translator" for the WirePact distributed authentication mesh system.
+It converts HTTP Basic Auth credentials ([RFC7617](https://tools.ietf.org/html/rfc7617))
+to the WirePact common language format (signed JWT) and back.
+
+The list of valid users must be in a CSV file with three columns. The first column
+must contain the user id, the second the username and the last column must contain the
+password for the user. With this CSV "repository", the translator is able
+to convert an outgoing communication (egress) to a signed JWT and the incoming communication
+(ingress) back to username/password combination.
+
+The configuration is done via environmental variables:
+
+- `CSV_PATH`: The path to the csv file
+- `PKI_ADDRESS`: The address of the available WirePact PKI
+- `COMMON_NAME`: The common name for the translator in the signed JWT and certificates
+- `INGRESS_PORT`: Ingress communication port (default: 50051)
+- `EGRESS_PORT`: Egress communication port (default: 50052)
diff --git a/go.mod b/go.mod
@@ -3,11 +3,15 @@ module wirepact.ch/k8s-basic-auth-translator
 go 1.16
 
 require (
-	github.com/WirePact/go-translator v0.0.0-20211129153053-2a11a6076a45
+	github.com/WirePact/go-translator v1.0.0
+	github.com/cncf/xds/go v0.0.0-20211216145620-d92e9ce0af51 // indirect
 	github.com/envoyproxy/go-control-plane v0.10.1
 	github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
 	github.com/sirupsen/logrus v1.8.1
-	golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 // indirect
-	golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 // indirect
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 // indirect
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb // indirect
+	google.golang.org/grpc v1.43.0 // indirect
 	k8s.io/client-go v0.22.2
 )
diff --git a/go.sum b/go.sum
@@ -36,6 +36,8 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/WirePact/go-translator v0.0.0-20211129153053-2a11a6076a45 h1:3lNoVRmBmDKRM96UDKSjr7FNuUlDfKO2gi7OMm9H7nc=
 github.com/WirePact/go-translator v0.0.0-20211129153053-2a11a6076a45/go.mod h1:39V6Z7n5G7o1XbDnPnEI31xyX99x2GGgQIoaU2dgjEY=
+github.com/WirePact/go-translator v1.0.0 h1:g3o6JbykDgutLjUCWBKG/tOIVRGogjrRnO37Ec480BU=
+github.com/WirePact/go-translator v1.0.0/go.mod h1:39V6Z7n5G7o1XbDnPnEI31xyX99x2GGgQIoaU2dgjEY=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -54,6 +56,8 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 h1:zH8ljVhhq7yC0MIeUL/IviMtY8hx2mK8cN9wEYb8ggw=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211216145620-d92e9ce0af51 h1:F6fR7MjvOIk+FLQOeBCAbbKItVgbdj0l9VWPiHeBEiY=
+github.com/cncf/xds/go v0.0.0-20211216145620-d92e9ce0af51/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -234,6 +238,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -296,6 +302,8 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 h1:0qxwC5n+ttVOINCBeRHO0nq9X7uy8SDsPoi5OaCdIEI=
 golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -346,6 +354,8 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 h1:TyHqChC80pFkXWraUUf6RuB5IqFdQieMLwwCJokV2pc=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
@@ -441,6 +451,8 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1 h1:b9mVrqYfq3P4bCdaLg1qtBnPzUYgglsIdjZkL/fQVOE=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb h1:ZrsicilzPCS/Xr8qtBZZLpy4P9TYXAfl49ctG1/5tgw=
+google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -454,6 +466,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0 h1:XT2/MFpuPFsEX2fWh3YQtHkZ+WYZFQRfaUgLZYj/p6A=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
+google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

diff --git a/main.go b/main.go
@@ -2,11 +2,10 @@ package main
 
 import (
 	"encoding/base64"
-	"flag"
+	"os"
 	"strings"
 
 	"github.com/WirePact/go-translator"
-	"github.com/WirePact/go-translator/pki"
 	"github.com/WirePact/go-translator/translator"
 	"github.com/WirePact/go-translator/wirepact"
 	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@@ -15,44 +14,19 @@ import (
 	"wirepact.ch/k8s-basic-auth-translator/user_repository"
 )
 
-// TODO support different repositories
-// 1: CSV
-// 2: Kubernetes Secret
-// 3: HTTP(s) url
-
-var (
-	ingressPort   = flag.Int("ingressPort", 50051, "The ingressPort that the server starts listening")
-	egressPort    = flag.Int("egressPort", 50052, "The egressPort that the server starts listening")
-	pkiAddress    = flag.String("pkiAddress", "", "The address to where the PKI endpoint is available. If omitted, the PKI is searched via Kubernetes Service.")
-	caPath        = flag.String("pkiCA", "/ca", "The path of the ca endpoint.")
-	csrPath       = flag.String("pkiCSR", "/csr", "The path of the csr endpoint.")
-	csvRepository = flag.String("csvRepository", "", "The path to a CSV user repository (with columns 'username', 'password' and 'userId').")
-)
-
 func main() {
-	flag.Parse()
-
 	logrus.SetLevel(logrus.InfoLevel)
 
-	if *csvRepository != "" {
-		user_repository.ConfigureCSVRepository(*csvRepository)
-	}
+	user_repository.ConfigureCSVRepository(os.Getenv("CSV_PATH"))
 
-	server, _ := go_translator.NewTranslator(&go_translator.TranslatorConfig{
-		IngressPort:       *ingressPort,
-		IngressTranslator: ingress,
-		EgressPort:        *egressPort,
-		EgressTranslator:  egress,
-		Config: pki.Config{
-			BaseAddress:           *pkiAddress,
-			CAPath:                *caPath,
-			CSRPath:               *csrPath,
-			CertificateCommonName: "k8s-basic-auth-translator",
-		},
-		JWTConfig: wirepact.JWTConfig{
-			Issuer: "k8s-basic-auth-translator",
-		},
-	})
+	config, err := go_translator.NewConfigFromEnvironmentVariables(ingress, egress)
+	if err != nil {
+		logrus.WithError(err).Fatalln("Could not initialize translator config.")
+	}
+	server, err := go_translator.NewTranslator(&config)
+	if err != nil {
+		logrus.WithError(err).Fatalln("Could not create translator.")
+	}
 
 	server.Start()
 }