https://github.com/wirepact/k8s-basic-auth-translator

WirePact translator that handles HTTP Basic Auth (RFC7617) for the authentication mesh.
https://github.com/wirepact/k8s-basic-auth-translator

basic-authentication translator wirepact

Last synced: 5 months ago
JSON representation

WirePact translator that handles HTTP Basic Auth (RFC7617) for the authentication mesh.

• Host: GitHub
• URL: https://github.com/wirepact/k8s-basic-auth-translator
• Owner: WirePact
• License: apache-2.0
• Created: 2021-10-25T11:15:57.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2024-05-22T20:23:05.000Z (about 2 years ago)
• Last Synced: 2024-05-22T21:40:43.058Z (about 2 years ago)
• Topics: basic-authentication, translator, wirepact
• Language: Rust
• Size: 295 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# WirePact K8s Basic Auth Translator

This is a "translator" for the WirePact distributed authentication mesh system.

It converts HTTP Basic Auth credentials ([RFC7617](https://tools.ietf.org/html/rfc7617))

to the WirePact common language format (signed JWT) and back.

The list of valid users must be in a CSV file with (at least) three columns or in a Kubernetes secret.

The first column must contain the user id (field name `id`), the second the

username and the last column must contain the

password for the user. With this CSV "repository", the translator is able

to convert an outgoing communication (egress) to a signed JWT and the incoming communication

(ingress) back to username/password combination. To see a demo CSV file, see the

[example in the hack directory](./hack/test-repository.csv).

Another valid repository is a Kubernetes secret. The data in the secret must be in the form of:

`userid` as key, and the encoded basic value (`username:password`) as value.

An example secret could look like:

```yaml

apiVersion: v1

kind: Secret

metadata:

  name: api-credentials

type: Opaque

data:

  123456789: YWRtaW46c3VwZXJzZWNyZXQ=

```

The configuration is done via environmental variables or command line arguments:

- `PKI_ADDRESS` (`-p --pki-address `): The address of the available WirePact PKI.

- `NAME` (`-n --name `): The common name for the translator that is used for certificates and

  signing JWT tokens (default: `k8s basic auth translator`).

- `INGRESS_PORT` (`-i --ingress-port `): Ingress communication port (default: 50051).

- `EGRESS_PORT` (`-e --egress-port `): Egress communication port (default: 50052).

- `MODE` (`-m --mode `): The mode of the translator (possible values: `csv`, `kubernetes`; default: `csv`).

- `CSV_PATH` (`-c --csv-path `): The path to the CSV file. Required if `MODE` is set to `csv`.

- `K8S_SECRET_NAME` (`-k --k8s-secret-name `): The name of the Kubernetes secret. 

  Required if `MODE` is set to `kubernetes`.

- `DEBUG` (`-d --debug`): Enable debug logging.