Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ spec:
endpointRef:
name: azure-entra
namespace: krateo-system
filter: .value | map(.displayName)
filter: .groups.value | map(.displayName)
```
To obtain groups through the rest action, add `Directory.Read.All` in the `additionalScopes`.

Expand Down
9 changes: 6 additions & 3 deletions internal/helpers/restaction/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,17 @@ func Resolve(ctx context.Context, rc *rest.Config, restaction *core.ObjectRef, e
return nil, fmt.Errorf("failed to create http request for restaction call to snowplow: %w", err)
}

jwt, _ := xcontext.AccessToken(ctx)
request.Header.Add("Authorization", fmt.Sprintf("Bearer: %s", jwt))
jwt, ok := xcontext.AccessToken(ctx)
if !ok {
return nil, fmt.Errorf("failed to retrieve jwt token for authn")
}
request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", jwt))

resp, err := http.DefaultClient.Do(request)
if err != nil {
return nil, fmt.Errorf("failed to send http request for restaction call to snowplow: %w", err)
}
responseRaw, err := io.ReadAll(resp.Body)
responseRaw, _ := io.ReadAll(resp.Body)
defer resp.Body.Close()

var responseStruct Response
Expand Down
4 changes: 1 addition & 3 deletions internal/routes/auth/oauth/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,6 @@ func (r *loginRoute) Handler() http.HandlerFunc {
return
}

ctx := context.WithValue(req.Context(), restaction.RestActionContextKey("username"), r.ctx.Value(restaction.RestActionContextKey("username")).(string))
ctx = context.WithValue(ctx, restaction.RestActionContextKey("snowplowURL"), r.ctx.Value(restaction.RestActionContextKey("snowplowURL")).(string))
userinfo := userInfo{}
log.Debug().Str("name", name).Msg("resolving restaction")
if restactionRef != nil {
Expand All @@ -110,7 +108,7 @@ func (r *loginRoute) Handler() http.HandlerFunc {
encode.InternalError(wri, err)
return
}
additionalFieldstoReplace, err := restaction.Resolve(ctx, r.rc, restactionRef, uuid.New().String(), tok.AccessToken)
additionalFieldstoReplace, err := restaction.Resolve(r.ctx, r.rc, restactionRef, uuid.New().String(), tok.AccessToken)
if err != nil {
log.Err(err).Str("name", name).Msg("unable to resolve restaction")
encode.InternalError(wri, err)
Expand Down
5 changes: 1 addition & 4 deletions internal/routes/auth/oidc/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,9 @@ func (r *loginRoute) Handler() http.HandlerFunc {
return
}

ctx := context.WithValue(req.Context(), restaction.RestActionContextKey("username"), r.ctx.Value(restaction.RestActionContextKey("username")).(string))
ctx = context.WithValue(ctx, restaction.RestActionContextKey("snowplowURL"), r.ctx.Value(restaction.RestActionContextKey("snowplowURL")).(string))

log.Debug().Str("name", name).Msg("resolving restaction")
if cfg.RESTActionRef != nil {
additionalFieldstoReplace, err := restaction.Resolve(ctx, r.rc, cfg.RESTActionRef, idToken.email, idToken.bearerToken)
additionalFieldstoReplace, err := restaction.Resolve(r.ctx, r.rc, cfg.RESTActionRef, idToken.email, idToken.bearerToken)
if err != nil {
log.Err(err).Str("name", name).Msg("unable to resolve restaction")
encode.InternalError(wri, err)
Expand Down
2 changes: 1 addition & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ func main() {
defer stop()

// Create authn clientconfig to call snowplow's RESTActions
_, err = signup.Do(context.TODO(), signup.Options{
_, _ = signup.Do(context.TODO(), signup.Options{
RestConfig: cfg,
Namespace: *storageNamespace,
CAData: string(cfg.CAData),
Expand Down
4 changes: 2 additions & 2 deletions testdata/oauth.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ spec:
name: github-api
namespace: krateo-system
filter: |
{ "name": .login, "email": .email, "preferredUsername": .login, "avatarURL": .avatar_url }
{ "name": .userInfo.login, "email": .userInfo.email, "preferredUsername": .userInfo.login, "avatarURL": .userInfo.avatar_url }
- name: groups
verb: POST
headers:
Expand All @@ -55,7 +55,7 @@ spec:
endpointRef:
name: github-graphql-api
namespace: krateo-system
filter: "[.data.organization.teams.edges[] | .node.slug]"
filter: "[.groups.data.organization.teams.edges[] | .node.slug]"
filter: |
{groups: .groups, "name": .userInfo.name, "email": .userInfo.email, "preferredUsername": .userInfo.preferredUsername, "avatarURL": .userInfo.AvatarURL }
---
Expand Down
10 changes: 9 additions & 1 deletion testdata/oidc-azure.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@ metadata:
stringData:
clientSecret: <client-secret-provided-by-service>
---
apiVersion: "v1"
kind: Secret
metadata:
name: azure-entra
namespace: krateo-system
stringData:
server-url: https://graph.microsoft.com
---
apiVersion: oidc.authn.krateo.io/v1alpha1
kind: OIDCConfig
metadata:
Expand Down Expand Up @@ -49,4 +57,4 @@ spec:
endpointRef:
name: azure-entra
namespace: krateo-system
filter: .value | map(.displayName)
filter: .groups.value | map(.displayName)
Loading