Giters

goto / guardian

Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.

Home Page:https://goto.github.io/guardian/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support OIDC authentication in iam http client

rahmatrhd opened this issue · comments

commented

Summary
Support OIDC authentication in policy iam's http client

Proposed solution
New fields for http client config:

type HTTPAuthConfig struct {
	Type string `mapstructure:"type" json:"type" yaml:"type" validate:"required,oneof=basic api_key bearer oidc"`

	...

+	// OIDC
+	Audience                        string `mapstructure:"audience,omitempty" json:"audience,omitempty" yaml:"audience,omitempty" validate:"required_if=Type oidc"`
+	GoogleServiceAccountCredentials string `mapstructure:"google_service_account_credentials,omitempty" json:"google_service_account_credentials,omitempty" yaml:"google_service_account_credentials,omitempty" validate:"required_if=Type oidc"`
}

we can utilize salt/oidc for the auth flow