go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-19 23:52:17 +02:00
Code Issues Releases Activity
Files
527c72f23f5aeceeb9cc4b3e7dd10fdaab8d67c2
oauth2-proxy/main_test.go

287 lines
8.8 KiB
Go
Raw Normal View History

Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
package main
import (
"errors"
"os"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
upgrading to go 1.21 (#2235) * chore: bump go to version 1.21 update all depedencies as well * fix linting issues based on golang 1.20 deprecations * cleanup go depedencies * add custom gomega matcher for option intefaces * revert and upgrade golangci-lint to 1.55.2 * fix lint issues for v1.55.2 of golangci-lint * fix toml loading test * remove second runspecs call * update go.sum * revert testutil package
2024-01-22 14:39:53 +01:00
. "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options/testutil"
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr"
chore(deps): Updated to ginkgo v2 (#2459) * chore(deps): Updated to ginkgo v2 * fix basic auth test suite cleanup * fix redis store tests * add changelog entry --------- Co-authored-by: Jan Larwig <jan@larwig.com>
2024-07-18 22:41:02 +02:00
. "github.com/onsi/ginkgo/v2"
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
. "github.com/onsi/gomega"
upgrading to go 1.21 (#2235) * chore: bump go to version 1.21 update all depedencies as well * fix linting issues based on golang 1.20 deprecations * cleanup go depedencies * add custom gomega matcher for option intefaces * revert and upgrade golangci-lint to 1.55.2 * fix lint issues for v1.55.2 of golangci-lint * fix toml loading test * remove second runspecs call * update go.sum * revert testutil package
2024-01-22 14:39:53 +01:00
"github.com/onsi/gomega/format"
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
"github.com/spf13/pflag"
)
var _ = Describe("Configuration Loading Suite", func() {
upgrading to go 1.21 (#2235) * chore: bump go to version 1.21 update all depedencies as well * fix linting issues based on golang 1.20 deprecations * cleanup go depedencies * add custom gomega matcher for option intefaces * revert and upgrade golangci-lint to 1.55.2 * fix lint issues for v1.55.2 of golangci-lint * fix toml loading test * remove second runspecs call * update go.sum * revert testutil package
2024-01-22 14:39:53 +01:00
// For comparing the full configuration differences of our structs we need to increase the gomega limits
format.MaxLength = 50000
format.MaxDepth = 10
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
const testLegacyConfig = `
Integrate new server implementation into main OAuth2 Proxy
2021-02-14 17:08:04 +00:00
http_address="127.0.0.1:4180"
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
upstreams="http://httpbin"
set_basic_auth="true"
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
basic_auth_password="c3VwZXItc2VjcmV0LXBhc3N3b3Jk"
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
client_id="oauth2-proxy"
client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
google_admin_email="admin@example.com"
google_target_principal="principal"
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
`
const testAlphaConfig = `
rename Upstreams to UpstreamConfig and its Configs member to Upstreams then
2021-09-17 11:08:18 +00:00
upstreamConfig:
upstreams:
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
- id: /
path: /
uri: http://httpbin
flushInterval: 1s
passHostHeader: true
proxyWebSockets: true
Implement configurable timeout for upstream connections Signed-off-by: Jack Henschel <jack.henschel@cern.ch>
2022-05-13 22:36:21 +02:00
timeout: 30s
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
insecureSkipTLSVerify: false
disableKeepAlives: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
injectRequestHeaders:
- name: Authorization
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
preserveRequestValue: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: user
prefix: "Basic "
basicAuthPassword:
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
value: c3VwZXItc2VjcmV0LXBhc3N3b3Jk
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
- name: X-Forwarded-Groups
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
preserveRequestValue: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: groups
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
- name: X-Forwarded-User
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
preserveRequestValue: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: user
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
- name: X-Forwarded-Email
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
preserveRequestValue: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: email
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
- name: X-Forwarded-Preferred-Username
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
preserveRequestValue: false
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: preferred_username
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
injectResponseHeaders:
- name: Authorization
values:
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
- claimSource:
claim: user
prefix: "Basic "
basicAuthPassword:
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
value: c3VwZXItc2VjcmV0LXBhc3N3b3Jk
Integrate new server implementation into main OAuth2 Proxy
2021-02-14 17:08:04 +00:00
server:
bindAddress: "127.0.0.1:4180"
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
providers:
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
- id: google=oauth2-proxy
provider: google
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
clientSecret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK
clientID: oauth2-proxy
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
useSystemTrustStore: false
skipClaimsFromProfileURL: false
googleConfig:
adminEmail: admin@example.com
targetPrincipal: principal
useApplicationDefaultCredentials: false
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
oidcConfig:
groupsClaim: groups
emailClaim: email
userIDClaim: email
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
insecureSkipIssuerVerification: false
Support nonce checks in OIDC Provider (#967) * Set and verify a nonce with OIDC * Create a CSRF object to manage nonces & cookies * Add missing generic cookie unit tests * Add config flag to control OIDC SkipNonce * Send hashed nonces in authentication requests * Encrypt the CSRF cookie * Add clarity to naming & add more helper methods * Make CSRF an interface and keep underlying nonces private * Add ReverseProxy scope to cookie tests * Align to new 1.16 SameSite cookie default * Perform SecretBytes conversion on CSRF cookie crypto * Make state encoding signatures consistent * Mock time in CSRF struct via Clock * Improve InsecureSkipNonce docstring
2021-04-21 02:33:27 -07:00
insecureSkipNonce: true
improved audience handling to support client credentials access tokens without aud claims (#1204) * implementation draft * add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options * refactor configs, added logging and add additional claim verification * simplify logic by just having one configuration similar to oidc-email-claim * added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers * refactored verification to reduce complexity * refactored verification to reduce complexity * added docs * adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options * extend unit tests and ensure that audience is set with the value of aud claim configuration * revert filemodes and update docs * update docs * remove unneccesary logging, refactor audience existence check and added additional unit tests * fix linting issues after rebase on origin/main * cleanup: use new imports for migrated libraries after rebase on origin/main * adapt mock in keycloak_oidc_test.go * allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation * fixed formatting issue * do not pass the whole options struct to minimize complexity and dependency to the configuration structure * added changelog entry * update docs Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com> Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
2022-02-15 17:12:22 +01:00
audienceClaims: [aud]
extraAudiences: []
Support for passing through URL query parameters from /oauth2/start to the ID provider's login URL. You must explicitly configure oauth2-proxy (alpha config only) with which parameters are allowed to pass through, and optionally provide an allow-list of valid values and/or regular expressions for each one. Note that this mechanism subsumes the functionality of the "prompt", "approval_prompt" and "acr_values" legacy configuration options, which must be converted to the equivalent YAML when running in alpha config mode.
2022-02-16 16:18:51 +00:00
loginURLParameters:
- name: approval_prompt
default:
- force
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
`
const testCoreConfig = `
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com"
cookie_secure="false"
redirect_url="http://localhost:4180/oauth2/callback"
`
testExpectedOptions := func() *options.Options {
opts, err := options.NewLegacyOptions().ToOptions()
Expect(err).ToNot(HaveOccurred())
opts.Cookie.Secret = "OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
opts.EmailDomains = []string{"example.com"}
opts.Cookie.Secure = false
opts.RawRedirectURL = "http://localhost:4180/oauth2/callback"
rename Upstreams to UpstreamConfig and its Configs member to Upstreams then
2021-09-17 11:08:18 +00:00
opts.UpstreamServers = options.UpstreamConfig{
Upstreams: []options.Upstream{
Make the Upstreams mux configurable This commit changes Upstreams from []Upstream to a struct{} moving the previous []Upstream into .Configs and adjusts all uses of it.
2021-08-09 13:32:15 +00:00
{
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
ID: "/",
Path: "/",
URI: "http://httpbin",
feat: add ensure defaults to all migrated structs Signed-off-by: Jan Larwig <jan@larwig.com>
2025-10-30 09:26:14 +01:00
FlushInterval: ptr.Ptr(options.DefaultUpstreamFlushInterval),
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
PassHostHeader: ptr.Ptr(true),
ProxyWebSockets: ptr.Ptr(true),
feat: add ensure defaults to all migrated structs Signed-off-by: Jan Larwig <jan@larwig.com>
2025-10-30 09:26:14 +01:00
Timeout: ptr.Ptr(options.DefaultUpstreamTimeout),
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
InsecureSkipTLSVerify: ptr.Ptr(false),
DisableKeepAlives: ptr.Ptr(false),
Make the Upstreams mux configurable This commit changes Upstreams from []Upstream to a struct{} moving the previous []Upstream into .Configs and adjusts all uses of it.
2021-08-09 13:32:15 +00:00
},
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
},
}
authHeader := options.Header{
Name: "Authorization",
Values: []options.HeaderValue{
{
ClaimSource: &options.ClaimSource{
Claim: "user",
Prefix: "Basic ",
BasicAuthPassword: &options.SecretSource{
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
Value: []byte("c3VwZXItc2VjcmV0LXBhc3N3b3Jk"),
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
},
},
},
},
}
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
authHeader.PreserveRequestValue = ptr.Ptr(false)
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
opts.InjectRequestHeaders = append([]options.Header{authHeader}, opts.InjectRequestHeaders...)
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
authHeader.PreserveRequestValue = nil
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
opts.InjectResponseHeaders = append(opts.InjectResponseHeaders, authHeader)
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
opts.Providers = options.Providers{
Make the Upstreams mux configurable This commit changes Upstreams from []Upstream to a struct{} moving the previous []Upstream into .Configs and adjusts all uses of it.
2021-08-09 13:32:15 +00:00
options.Provider{
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
ID: "google=oauth2-proxy",
Type: "google",
ClientSecret: "b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK",
ClientID: "oauth2-proxy",
UseSystemTrustStore: ptr.Ptr(false),
SkipClaimsFromProfileURL: ptr.Ptr(false),
GoogleConfig: options.GoogleOptions{
AdminEmail: "admin@example.com",
UseApplicationDefaultCredentials: ptr.Ptr(false),
TargetPrincipal: "principal",
},
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
AzureConfig: options.AzureOptions{
Tenant: "common",
},
OIDCConfig: options.OIDCOptions{
feat: migrate all alpha config booleans to pointers Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-19 16:27:53 +02:00
GroupsClaim: "groups",
EmailClaim: "email",
UserIDClaim: "email",
AudienceClaims: []string{"aud"},
ExtraAudiences: []string{},
InsecureSkipNonce: ptr.Ptr(true),
InsecureAllowUnverifiedEmail: ptr.Ptr(false),
InsecureSkipIssuerVerification: ptr.Ptr(false),
SkipDiscovery: ptr.Ptr(false),
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
},
Support for passing through URL query parameters from /oauth2/start to the ID provider's login URL. You must explicitly configure oauth2-proxy (alpha config only) with which parameters are allowed to pass through, and optionally provide an allow-list of valid values and/or regular expressions for each one. Note that this mechanism subsumes the functionality of the "prompt", "approval_prompt" and "acr_values" legacy configuration options, which must be converted to the equivalent YAML when running in alpha config mode.
2022-02-16 16:18:51 +00:00
LoginURLParameters: []options.LoginURLParameter{
{Name: "approval_prompt", Default: []string{"force"}},
},
Multiple providers in alpha config (#947) * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * fixed typo * removed weird : file * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/apis/options/providers.go Co-authored-by: Nick Meves <nick.meves@greenhouse.io> * Initial commit of multiple provider logic: 1. Created new provider options. 2. Created legacy provider options and conversion options. 3. Added Providers to alpha Options. 4. Started Validation migration of multiple providers 5. Tests. * fixed lint issues * additional lint fixes * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * auto generates alpha_config.md * rebase (mainly service alpha options related conflicts) * removed : * Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options * small CR changes * Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG * "cntd. rebase" * ran make generate again * last conflicts * removed duplicate client id validation * 1. Removed provider prefixes 2. altered optionsWithNilProvider logic 3. altered default provider logic 4. moved change in CHANELOG to 7.0.0 * fixed TestGoogleGroupOptions test * ran make generate * moved CHANGLOG line to 7.1.1 * moved changelog comment to 7.1.2 (additional rebase) Co-authored-by: Yana Segal <yana.segal@nielsen.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 19:06:30 +03:00
},
}
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
return opts
}
type loadConfigurationTableInput struct {
configContent string
alphaConfigContent string
args []string
extraFlags func() *pflag.FlagSet
expectedOptions func() *options.Options
expectedErr error
}
DescribeTable("LoadConfiguration",
func(in loadConfigurationTableInput) {
var configFileName, alphaConfigFileName string
defer func() {
if configFileName != "" {
Expect(os.Remove(configFileName)).To(Succeed())
}
if alphaConfigFileName != "" {
Expect(os.Remove(alphaConfigFileName)).To(Succeed())
}
}()
if in.configContent != "" {
By("Writing the config to a temporary file", func() {
Fix Linting Errors (#1835) * initial commit: add groups to azure Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com> * fix deprecations and linting errors Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * remove groups testing from azure provider Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * fix test error Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * verify-generate Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com> Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 12:57:51 +02:00
file, err := os.CreateTemp("", "oauth2-proxy-test-config-XXXX.cfg")
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
Expect(err).ToNot(HaveOccurred())
defer file.Close()
configFileName = file.Name()
_, err = file.WriteString(in.configContent)
Expect(err).ToNot(HaveOccurred())
})
}
if in.alphaConfigContent != "" {
By("Writing the config to a temporary file", func() {
Fix Linting Errors (#1835) * initial commit: add groups to azure Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com> * fix deprecations and linting errors Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * remove groups testing from azure provider Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * fix test error Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> * verify-generate Signed-off-by: Andrew Hamade <andrewphamade@gmail.com> Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com> Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 12:57:51 +02:00
file, err := os.CreateTemp("", "oauth2-proxy-test-alpha-config-XXXX.yaml")
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
Expect(err).ToNot(HaveOccurred())
defer file.Close()
alphaConfigFileName = file.Name()
_, err = file.WriteString(in.alphaConfigContent)
Expect(err).ToNot(HaveOccurred())
})
}
extraFlags := pflag.NewFlagSet("test-flagset", pflag.ExitOnError)
if in.extraFlags != nil {
extraFlags = in.extraFlags()
}
opts, err := loadConfiguration(configFileName, alphaConfigFileName, extraFlags, in.args)
if in.expectedErr != nil {
introduce mapstructure decoder for yaml parsing remove color output in tests for better readability in github actions bugfix: remove google as default provider for alpha options fix conversion flow for toml to yaml revert ginkgo color deactivation revert claim- and secret source back to pointers regenerate alpha config Signed-off-by: Jan Larwig <jan@larwig.com>
2024-05-04 16:41:54 +02:00
Expect(err).To(MatchError(ContainSubstring(in.expectedErr.Error())))
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
} else {
Expect(err).ToNot(HaveOccurred())
}
Expect(in.expectedOptions).ToNot(BeNil())
upgrading to go 1.21 (#2235) * chore: bump go to version 1.21 update all depedencies as well * fix linting issues based on golang 1.20 deprecations * cleanup go depedencies * add custom gomega matcher for option intefaces * revert and upgrade golangci-lint to 1.55.2 * fix lint issues for v1.55.2 of golangci-lint * fix toml loading test * remove second runspecs call * update go.sum * revert testutil package
2024-01-22 14:39:53 +01:00
Expect(opts).To(EqualOpts(in.expectedOptions()))
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
},
Entry("with legacy configuration", loadConfigurationTableInput{
configContent: testCoreConfig + testLegacyConfig,
expectedOptions: testExpectedOptions,
}),
Entry("with alpha configuration", loadConfigurationTableInput{
configContent: testCoreConfig,
alphaConfigContent: testAlphaConfig,
expectedOptions: testExpectedOptions,
}),
Entry("with bad legacy configuration", loadConfigurationTableInput{
configContent: testCoreConfig + "unknown_field=\"something\"",
expectedOptions: func() *options.Options { return nil },
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
expectedErr: errors.New("failed to load legacy options: failed to load config: error unmarshalling config: decoding failed due to the following error(s):\n\n'' has invalid keys: unknown_field"),
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
}),
Entry("with bad alpha configuration", loadConfigurationTableInput{
configContent: testCoreConfig,
alphaConfigContent: testAlphaConfig + ":",
expectedOptions: func() *options.Options { return nil },
use official upstream yaml library v3 Signed-off-by: Jan Larwig <jan@larwig.com>
2025-02-09 17:23:03 +01:00
expectedErr: errors.New("failed to load alpha options: error unmarshalling config: yaml: line 1: did not find expected key"),
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
}),
Entry("with alpha configuration and bad core configuration", loadConfigurationTableInput{
configContent: testCoreConfig + "unknown_field=\"something\"",
alphaConfigContent: testAlphaConfig,
expectedOptions: func() *options.Options { return nil },
fix merge problems and test cases Signed-off-by: Jan Larwig <jan@larwig.com>
2025-07-25 15:08:50 +02:00
expectedErr: errors.New("failed to load legacy options: failed to load config: error unmarshalling config: decoding failed due to the following error(s):\n\n'' has invalid keys: unknown_field"),
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
}),
)
})
Reference in New Issue Copy Permalink