This is a "translator" for the WirePact distributed authentication mesh system. It converts HTTP Basic Auth credentials (RFC7617) to the WirePact common language format (signed JWT) and back.
The list of valid users must be in a CSV file with (at least) three columns or in a Kubernetes secret.
The first column must contain the user id (field name id), the second the
username and the last column must contain the
password for the user. With this CSV "repository", the translator is able
to convert an outgoing communication (egress) to a signed JWT and the incoming communication
(ingress) back to username/password combination. To see a demo CSV file, see the
example in the hack directory.
Another valid repository is a Kubernetes secret. The data in the secret must be in the form of:
userid as key, and the encoded basic value (username:password) as value.
An example secret could look like:
apiVersion: v1
kind: Secret
metadata:
name: api-credentials
type: Opaque
data:
123456789: YWRtaW46c3VwZXJzZWNyZXQ=The configuration is done via environmental variables or command line arguments:
PKI_ADDRESS(-p --pki-address <PKI_ADDRESS>): The address of the available WirePact PKI.NAME(-n --name <EGRESS_PORT>): The common name for the translator that is used for certificates and signing JWT tokens (default:k8s basic auth translator).INGRESS_PORT(-i --ingress-port <INGRESS_PORT>): Ingress communication port (default: 50051).EGRESS_PORT(-e --egress-port <EGRESS_PORT>): Egress communication port (default: 50052).MODE(-m --mode <MODE>): The mode of the translator (possible values:csv,kubernetes; default:csv).CSV_PATH(-c --csv-path <CSV_PATH>): The path to the CSV file. Required ifMODEis set tocsv.K8S_SECRET_NAME(-k --k8s-secret-name <K8S_SECRET_NAME>): The name of the Kubernetes secret. Required ifMODEis set tokubernetes.DEBUG(-d --debug): Enable debug logging.