feat(svc-account-auth): Renames attributes for service account auth

examples/svc-account/main.go

@@ -24,26 +24,26 @@ func main() {
 	// URL can be nil if using production TLSPC
 	url := os.Getenv(TlspcUrl)
 
-	zone, _ := os.LookupEnv(TlspcZone)
-	//if !found {
-	//	log.Fatalf(envVarNotSet, TlspcZone)
-	//}
-	tenantID, _ := os.LookupEnv(TlspcTenantId)
-	//if !found {
-	//	log.Fatalf(envVarNotSet, TlspcTenantId)
-	//}
-	jwt, _ := os.LookupEnv(TlspcJwt)
-	//if !found {
-	//	log.Fatalf(envVarNotSet, TlspcJwt)
-	//}
+	zone, found := os.LookupEnv(TlspcZone)
+	if !found {
+		log.Fatalf(envVarNotSet, TlspcZone)
+	}
+	tenantID, found := os.LookupEnv(TlspcTenantId)
+	if !found {
+		log.Fatalf(envVarNotSet, TlspcTenantId)
+	}
+	jwt, found := os.LookupEnv(TlspcJwt)
+	if !found {
+		log.Fatalf(envVarNotSet, TlspcJwt)
+	}
 
 	config := &vcert.Config{
 		ConnectorType: endpoint.ConnectorTypeCloud,
 		BaseUrl:       url,
 		Zone:          zone,
 		Credentials: &endpoint.Authentication{
-			TLSPCTenantID: tenantID,
-			TLSPCJWT:      jwt,
+			TenantID:       tenantID,
+			ExternalIdPJWT: jwt,
 		},
 	}
 	connector, err := vcert.NewClient(config)

pkg/endpoint/authentication.go

@@ -19,20 +19,29 @@ package endpoint
 // Authentication provides a struct for authentication data. Either specify User and Password for Trust Protection Platform
 // or Firefly or ClientId and ClientSecret for Firefly or specify an APIKey for TLS Protect Cloud.
 type Authentication struct {
-	User         string `yaml:"user,omitempty"`
-	Password     string `yaml:"password,omitempty"`
-	APIKey       string `yaml:"apiKey,omitempty"`
+	//TPP Auth methods
+	// User and password
+	User     string `yaml:"user,omitempty"`     //**DEPRECATED** Use access/refresh token or client certificate instead
+	Password string `yaml:"password,omitempty"` //**DEPRECATED** Use access/refresh token or client certificate instead
+	// Tokens
+	AccessToken  string `yaml:"accessToken,omitempty"`
 	RefreshToken string `yaml:"refreshToken,omitempty"`
-	Scope        string `yaml:"scope,omitempty"`
+	// Client certificate
+	ClientPKCS12 bool `yaml:"-"`
+
+	//TLSPC Auth methods
+	// API key
+	APIKey string `yaml:"apiKey,omitempty"`
+	// Service account
+	TenantID       string `yaml:"tlspcTenantId,omitempty"`
+	ExternalIdPJWT string `yaml:"tlspcJWT,omitempty"`
+
+	// IDP Auth method
 	ClientId     string `yaml:"clientId,omitempty"`
 	ClientSecret string `yaml:"clientSecret,omitempty"`
-	AccessToken  string `yaml:"accessToken,omitempty"`
-	ClientPKCS12 bool   `yaml:"-"`
+	Scope        string `yaml:"scope,omitempty"`
 	// IdentityProvider specify the OAuth 2.0 which VCert will be working for authorization purposes
 	IdentityProvider *OAuthProvider `yaml:"idP,omitempty"`
-	// Attributes to authenticate TLSPC by service account
-	TLSPCTenantID string `yaml:"tlspcTenantId,omitempty"`
-	TLSPCJWT      string `yaml:"tlspcJWT,omitempty"`
 }
 
 // OAuthProvider provides a struct for the OAuth 2.0 providers information

pkg/venafi/cloud/connector.go

@@ -698,8 +698,8 @@ func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error) {
 	}
 
 	c.accessToken = auth.AccessToken
-	c.tenantID = auth.TLSPCTenantID
-	c.jwt = auth.TLSPCJWT
+	c.tenantID = auth.TenantID
+	c.jwt = auth.ExternalIdPJWT
 	c.apiKey = auth.APIKey
 	// If no access token, request one
 	if c.accessToken == "" && c.tenantID != "" && c.jwt != "" {