*: load static clients from config file

This commit is contained in:
Eric Chiang 2016-08-05 09:50:22 -07:00
parent 725a94214a
commit 53d1be4a87
7 changed files with 101 additions and 9 deletions

View File

@ -9,6 +9,7 @@ import (
"github.com/coreos/poke/connector/mock"
"github.com/coreos/poke/storage"
"github.com/coreos/poke/storage/kubernetes"
"github.com/coreos/poke/storage/memory"
)
// Config is the config format for the main application.
@ -17,6 +18,8 @@ type Config struct {
Storage Storage `yaml:"storage"`
Connectors []Connector `yaml:"connectors"`
Web Web `yaml:"web"`
StaticClients []storage.Client `yaml:"staticClients"`
}
// Web is the config format for the HTTP server.
@ -46,9 +49,12 @@ func (s *Storage) UnmarshalYAML(unmarshal func(interface{}) error) error {
var c struct {
Config StorageConfig `yaml:"config"`
}
// TODO(ericchiang): replace this with a registration process.
switch storageMeta.Type {
case "kubernetes":
c.Config = &kubernetes.Config{}
case "memory":
c.Config = &memory.Config{}
default:
return fmt.Errorf("unknown storage type %q", storageMeta.Type)
}

39
cmd/poke/config_test.go Normal file
View File

@ -0,0 +1,39 @@
package main
import (
"testing"
"github.com/coreos/poke/storage"
"github.com/kylelemons/godebug/pretty"
yaml "gopkg.in/yaml.v2"
)
func TestUnmarshalClients(t *testing.T) {
data := `staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
`
var c Config
if err := yaml.Unmarshal([]byte(data), &c); err != nil {
t.Fatal(err)
}
wantClients := []storage.Client{
{
ID: "example-app",
Name: "Example App",
Secret: "ZXhhbXBsZS1hcHAtc2VjcmV0",
RedirectURIs: []string{
"http://127.0.0.1:5555/callback",
},
},
}
if diff := pretty.Compare(wantClients, c.StaticClients); diff != "" {
t.Errorf("did not get expected clients: %s", diff)
}
}

View File

@ -7,10 +7,11 @@ import (
"log"
"net/http"
"github.com/spf13/cobra"
yaml "gopkg.in/yaml.v2"
"github.com/coreos/poke/server"
"github.com/spf13/cobra"
"github.com/coreos/poke/storage"
)
func commandServe() *cobra.Command {
@ -83,6 +84,9 @@ func serve(cmd *cobra.Command, args []string) error {
if err != nil {
return fmt.Errorf("initializing storage: %v", err)
}
if len(c.StaticClients) > 0 {
s = storage.WithStaticClients(s, c.StaticClients)
}
serverConfig := server.Config{
Issuer: c.Issuer,

27
example/config-dev.yaml Normal file
View File

@ -0,0 +1,27 @@
issuer: http://127.0.0.1:5556
storage:
# NOTE(ericchiang): This will be replaced by sqlite3 in the future.
type: memory
web:
http: 127.0.0.1:5556
connectors:
- type: mock
id: mock
name: Mock
- type: github
id: github
name: GitHub
config:
clientID: "$GITHUB_CLIENT_ID"
clientSecret: "$GITHUB_CLIENT_SECRET"
redirectURI: http://127.0.0.1:5556/callback/github
org: kubernetes
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0

View File

@ -2,6 +2,7 @@ package server
import (
"encoding/json"
"errors"
"fmt"
"log"
"net/http"
@ -125,7 +126,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
for id := range s.connectors {
connectorInfos[i] = connectorInfo{
DisplayName: id,
URL: s.absPath("/auth", id) + "?state=" + state,
URL: s.absPath("/auth", id),
}
i++
}
@ -224,6 +225,9 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
}
func (s *Server) finalizeLogin(identity connector.Identity, authReqID, connectorID string, conn connector.Connector) (string, error) {
if authReqID == "" {
return "", errors.New("no auth request ID passed")
}
claims := storage.Claims{
UserID: identity.UserID,
Username: identity.Username,

View File

@ -18,6 +18,18 @@ func New() storage.Storage {
}
}
// Config is an implementation of a storage configuration.
//
// TODO(ericchiang): Actually define a storage config interface and have registration.
type Config struct {
// The in memory implementation has no config.
}
// Open always returns a new in memory storage.
func (c *Config) Open() (storage.Storage, error) {
return New(), nil
}
type memStorage struct {
mu sync.Mutex

View File

@ -81,19 +81,19 @@ type Storage interface {
// * Trusted peers: https://developers.google.com/identity/protocols/CrossClientAuth
// * Public clients: https://developers.google.com/api-client-library/python/auth/installed-app
type Client struct {
ID string
Secret string
RedirectURIs []string
ID string `json:"id" yaml:"id"`
Secret string `json:"secret" yaml:"secret"`
RedirectURIs []string `json:"redirectURIs" yaml:"redirectURIs"`
// TrustedPeers are a list of peers which can issue tokens on this client's behalf.
// Clients inherently trust themselves.
TrustedPeers []string
TrustedPeers []string `json:"trustedPeers" yaml:"trustedPeers"`
// Public clients must use either use a redirectURL 127.0.0.1:X or "urn:ietf:wg:oauth:2.0:oob"
Public bool
Public bool `json:"public" yaml:"public"`
Name string
LogoURL string
Name string `json:"name" yaml:"name"`
LogoURL string `json:"logoURL" yaml:"logoURL"`
}
// Claims represents the ID Token claims supported by the server.