Reorganise Secrets Provider Configuration M1

[doodlesbykumbi]

Reorganise the internal representation

secrets-provider-for-k8s/pkg/secrets/config/config.go

Lines 23 to 29 in 53271bd

	type Config struct {
	PodNamespace string
	RequiredK8sSecrets []string
	RetryCountLimit int
	RetryIntervalSec int
	StoreType string
	}

of the Secrets Provider configuration. The configuration can be logically broken down into container configuration + store type configuration.

Container config:

PodName - MY_POD_NAME
PodNamespace - MY_POD_NAMESPACE
RetryCountLimit - RETRY_COUNT_LIMIT
RetryIntervalSec - RETRY_INTERVAL_SEC
StoreType – SECRETS_DESTINATION

Store type config:

RequiredK8sSecrets – K8S_SECRETS

The goal for this issue to prepare for implementing the file store type.

[diverdane]

Tasks:

SP Config (in secrets-provider-for-k8s repository): Split into:

• Container Config
• K8s Secrets config

Authn Client Config (in conjur-authn-k8s-client repository): split into:

• Conjur connect config
• app identity config

=====================================

SP Configuration:

CONTAINER_MODE         (pkg/authenticator) config.Config.ContainerMode
SECRETS_DESTINATION    (pkg/secrets)       config.Config.StoreType
K8S_SECRETS            (pkg/secrets)       config.Config.RequiredK8sSecrets
RETRY_COUNT_LIMIT      (pkg/secrets)       config.Config.RetryCountLimit
RETRY_INTERVAL_SEC     (pkg/secrets)       config.Config.RetryIntervalSec
DEBUG

CONJUR_APPLIANCE_URL.  (pkg/conjur-api-go) conjurapi.Config.ApplianceUrl
CONJUR_AUTHN_URL       (pkg/authenticator) config.Config.URL
CONJUR_ACCOUNT         (pkg/authenticator) config.Config.Account
CONJUR_AUTHN_LOGIN     (pkg/authenticator) config.Config.Username
CONJUR_SSL_CERTIFICATE (pkg/authenticator) config.Config.SSLCertificate

=====================================

Authn-K8s configuration:

DEBUG
CONJUR_AUTHN_URL         (pkg/authenticator) config.Config.URL
CONJUR_AUTHN_LOGIN       (pkg/authenticator) config.Config.Username
CONJUR_SSL_CERTIFICATE   (pkg/authenticator) config.Config.SSLCertificate
CONJUR_TOKEN_TIMEOUT     (pkg/authenticator) config.Config.TokenRefreshTimeout
MY_POD_NAME              (pkg/authenticator) config.Config.PodName
MY_POD_NAMESPACE         (pkg/secrets)       config.Config.PodNamespace
                         (pkg/authenticator) config.Config.PodNamespace
MY_POD_IP
CONTAINER_MODE.          (pkg/authenticator) config.Config.ContainerMode

FILE: secrets-provider-for-k8s/pkg/secrets/config
STRUCT:

// Config defines the configuration parameters
// for the authentication requests
type Config struct {
        // Used for Kubernetes Secrets store type
	PodNamespace       string
	RequiredK8sSecrets []string
	
	// Container/Conjur config
	RetryCountLimit    int
	RetryIntervalSec   int

        // General config
	StoreType          string
}

This is initialized in cmd/secrets-provider/main.go:

import (
    * * *
	secretsConfigProvider "github.com/cyberark/secrets-provider-for-k8s/pkg/secrets/config"

   * * *

    secretsConfig, err := secretsConfigProvider.NewFromEnv()
    if err != nil {
    printErrorAndExit(messages.CSPFK015E)
    }

==============================================
Conjur Authn-k8s client config is read in here in cmd/secrets-provider/main.go:

Import (
 * * *
	authnConfigProvider "github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/config"
 * * *

	// Initialize configurations
	authnConfig, err := authnConfigProvider.NewFromEnv()
	if err != nil {
		printErrorAndExit(messages.CSPFK008E)
	}

FILE: conjur-authn-k8s-client/pkg/authenticator/config
STRUCT:

// Config defines the configuration parameters
// for the authentication requests
type Config struct {
	Account                   string
	ClientCertPath            string
	ClientCertRetryCountLimit int
	ContainerMode             string
	ConjurVersion             string
	InjectCertLogPath         string
	PodName                   string
	PodNamespace              string
	SSLCertificate            []byte
	TokenFilePath             string
	TokenRefreshTimeout       time.Duration
	URL                       string
	Username                  *Username
}

HOW TO SPLIT UP INTO CONJUR CONNECT, CONTAINER CONFIG, AND APP IDENTITY CONFIG?

// Config defines the configuration parameters
// for the authentication requests
type Config struct {


	// Conjur Connect Config
	Account                   string
	ClientCertPath            string
	ClientCertRetryCountLimit int
	ConjurVersion             string
	InjectCertLogPath         string
	PodName                   string
	PodNamespace              string
	SSLCertificate            []byte
	TokenFilePath             string
	TokenRefreshTimeout       time.Duration


	// Container config
	ContainerMode             string
	

        // App identity configuration
	URL                       string
	Username                  *Username
}

==============================================

FILE: conjur-api-go/conjurapi/config.go
STRUCT:

type Config struct {
	Account      string `yaml:"account,omitempty"`
	ApplianceURL string `yaml:"appliance_url,omitempty"`
	NetRCPath    string `yaml:"netrc_path,omitempty"`
	SSLCert      string `yaml:"-"`
	SSLCertPath  string `yaml:"cert_file,omitempty"`
	V4           bool   `yaml:"v4"`
}