support service account #160

wasaga · 2022-11-09T20:33:26Z

Is your feature request related to a problem? Please describe.

I'd like to run pomerium-cli as a sidecar in a container, enabling access to services running in another cluster or network.

Describe the solution you'd like

I'd like to be able to pass a service account token to the CLI, so that connection would be available until the SA token expires.

A container should quit if the token is expired with a clear error message.

Describe alternatives you've considered

Explain any additional use-cases

Additional context

Related: #58

The text was updated successfully, but these errors were encountered:

desimone · 2022-11-14T17:41:06Z

Problems this aims to solve:

Session expiration can be frustrating when multiple connections are open (then they all open up at once) multiple auth windows open at once when session expires desktop-client#162
Not having control over which browser (or browser profile) is opened when the session is expired
We want to provide a way for folks to leverage the cli and service accounts to make machine to machine calls.

I think we should tackle (1) (2) in follow up tickets in the desktop client. We should support (3).

desimone added backend accepted labels Nov 14, 2022

calebdoxsey self-assigned this Nov 16, 2022

calebdoxsey mentioned this issue Nov 16, 2022

authclient: add support for service accounts #164

Merged

6 tasks

wasaga mentioned this issue Nov 16, 2022

tutorial: use pomerium-cli in k8s as a sidecar pomerium/documentation#168

Open

calebdoxsey closed this as completed in #164 Nov 16, 2022

Provide feedback