Skip to content

Commit

Permalink
feat: add --oidc-issuer-url-override flag
Browse files Browse the repository at this point in the history
Signed-off-by: kahirokunn <[email protected]>
  • Loading branch information
kahirokunn committed Apr 5, 2024
1 parent c088abb commit 0afe16b
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 22 deletions.
13 changes: 8 additions & 5 deletions pkg/cmd/get_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
// getTokenOptions represents the options for get-token command.
type getTokenOptions struct {
IssuerURL string
IssuerURLOverride string
ClientID string
ClientSecret string
ExtraScopes []string
Expand All @@ -26,6 +27,7 @@ type getTokenOptions struct {

func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
f.StringVar(&o.IssuerURL, "oidc-issuer-url", "", "Issuer URL of the provider (mandatory)")
f.StringVar(&o.IssuerURLOverride, "oidc-issuer-url-override", "", "Override Issuer URL")
f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider (mandatory)")
f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
Expand Down Expand Up @@ -75,11 +77,12 @@ func (cmd *GetToken) New() *cobra.Command {
}
in := credentialplugin.Input{
Provider: oidc.Provider{
IssuerURL: o.IssuerURL,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
UsePKCE: o.UsePKCE,
ExtraScopes: o.ExtraScopes,
IssuerURL: o.IssuerURL,
IssuerURLOverride: o.IssuerURLOverride,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
UsePKCE: o.UsePKCE,
ExtraScopes: o.ExtraScopes,
},
TokenCacheDir: o.TokenCacheDir,
GrantOptionSet: grantOptionSet,
Expand Down
17 changes: 10 additions & 7 deletions pkg/cmd/setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
// setupOptions represents the options for setup command.
type setupOptions struct {
IssuerURL string
IssuerURLOverride string
ClientID string
ClientSecret string
ExtraScopes []string
Expand All @@ -21,6 +22,7 @@ type setupOptions struct {

func (o *setupOptions) addFlags(f *pflag.FlagSet) {
f.StringVar(&o.IssuerURL, "oidc-issuer-url", "", "Issuer URL of the provider")
f.StringVar(&o.IssuerURLOverride, "oidc-issuer-url-override", "", "Overrided Issuer URL of the provider")
f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider")
f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
Expand All @@ -45,13 +47,14 @@ func (cmd *Setup) New() *cobra.Command {
return fmt.Errorf("setup: %w", err)
}
in := setup.Stage2Input{
IssuerURL: o.IssuerURL,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
ExtraScopes: o.ExtraScopes,
UsePKCE: o.UsePKCE,
GrantOptionSet: grantOptionSet,
TLSClientConfig: o.tlsOptions.tlsClientConfig(),
IssuerURL: o.IssuerURL,
IssuerURLOverride: o.IssuerURLOverride,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
ExtraScopes: o.ExtraScopes,
UsePKCE: o.UsePKCE,
GrantOptionSet: grantOptionSet,
TLSClientConfig: o.tlsOptions.tlsClientConfig(),
}
if c.Flags().Lookup("listen-address").Changed {
in.ListenAddressArgs = o.authenticationOptions.ListenAddress
Expand Down
5 changes: 5 additions & 0 deletions pkg/oidc/client/factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ func (f *Factory) New(ctx context.Context, p oidc.Provider, tlsClientConfig tlsc
}

ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)

if p.IssuerURLOverride != "" {
ctx = gooidc.InsecureIssuerURLContext(ctx, p.IssuerURLOverride)
}

provider, err := gooidc.NewProvider(ctx, p.IssuerURL)
if err != nil {
return nil, fmt.Errorf("oidc discovery error: %w", err)
Expand Down
11 changes: 6 additions & 5 deletions pkg/oidc/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,12 @@ import (

// Provider represents an OIDC provider.
type Provider struct {
IssuerURL string
ClientID string
ClientSecret string // optional
ExtraScopes []string // optional
UsePKCE bool // optional
IssuerURL string
IssuerURLOverride string // optional
ClientID string
ClientSecret string // optional
ExtraScopes []string // optional
UsePKCE bool // optional
}

// TokenSet represents a set of ID token and refresh token.
Expand Down
15 changes: 10 additions & 5 deletions pkg/usecases/setup/stage2.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@ type stage2Vars struct {
ClientID string
Args []string
Subject string
IssuerURLOverride string
}

// Stage2Input represents an input DTO of the stage2.
type Stage2Input struct {
IssuerURL string
IssuerURLOverride string
ClientID string
ClientSecret string
ExtraScopes []string // optional
Expand All @@ -83,11 +85,12 @@ func (u *Setup) DoStage2(ctx context.Context, in Stage2Input) error {
u.Logger.Printf("authentication in progress...")
out, err := u.Authentication.Do(ctx, authentication.Input{
Provider: oidc.Provider{
IssuerURL: in.IssuerURL,
ClientID: in.ClientID,
ClientSecret: in.ClientSecret,
ExtraScopes: in.ExtraScopes,
UsePKCE: in.UsePKCE,
IssuerURL: in.IssuerURL,
IssuerURLOverride: in.IssuerURLOverride,
ClientID: in.ClientID,
ClientSecret: in.ClientSecret,
ExtraScopes: in.ExtraScopes,
UsePKCE: in.UsePKCE,
},
GrantOptionSet: in.GrantOptionSet,
TLSClientConfig: in.TLSClientConfig,
Expand All @@ -103,6 +106,7 @@ func (u *Setup) DoStage2(ctx context.Context, in Stage2Input) error {
v := stage2Vars{
IDTokenPrettyJSON: idTokenClaims.Pretty,
IssuerURL: in.IssuerURL,
IssuerURLOverride: in.IssuerURLOverride,
ClientID: in.ClientID,
Args: makeCredentialPluginArgs(in),
Subject: idTokenClaims.Subject,
Expand All @@ -118,6 +122,7 @@ func (u *Setup) DoStage2(ctx context.Context, in Stage2Input) error {
func makeCredentialPluginArgs(in Stage2Input) []string {
var args []string
args = append(args, "--oidc-issuer-url="+in.IssuerURL)
args = append(args, "--oidc-issuer-url-override="+in.IssuerURL)
args = append(args, "--oidc-client-id="+in.ClientID)
if in.ClientSecret != "" {
args = append(args, "--oidc-client-secret="+in.ClientSecret)
Expand Down

0 comments on commit 0afe16b

Please sign in to comment.