in pulsar/auth/athenz.go [130:183]
func (p *athenzAuthProvider) Init() error {
if p.providerDomain == "" || p.privateKey == "" || p.ztsURL == "" {
return errors.New("missing required parameters")
}
var roleToken zts.RoleToken
opts := zts.RoleTokenOptions{
BaseZTSURL: p.ztsURL + "/zts/v1",
MinExpire: minExpire,
MaxExpire: maxExpire,
PrefetchInterval: prefetchInterval,
AuthHeader: p.principalHeader,
}
if p.x509CertChain != "" {
// use Copper Argos
certURISt := parseURI(p.x509CertChain)
keyURISt := parseURI(p.privateKey)
if certURISt.Scheme != "file" || keyURISt.Scheme != "file" {
return errors.New("x509CertChain and privateKey must be specified as file paths")
}
if p.caCert != "" {
caCertData, err := loadPEM(p.caCert)
if err != nil {
return err
}
opts.CACert = caCertData
}
roleToken = p.ztsNewRoleTokenFromCert(certURISt.Path, keyURISt.Path, p.providerDomain, opts)
} else {
if p.tenantDomain == "" || p.tenantService == "" {
return errors.New("missing required parameters")
}
keyData, err := loadPEM(p.privateKey)
if err != nil {
return err
}
tb, err := p.zmsNewTokenBuilder(p.tenantDomain, p.tenantService, keyData, p.keyID)
if err != nil {
return err
}
p.tokenBuilder = tb
roleToken = p.ztsNewRoleToken(p.tokenBuilder.Token(), p.providerDomain, opts)
}
p.roleToken = roleToken
return p.roleToken.StartPrefetcher()
}