feat: add ensure defaults to all migrated structs

Signed-off-by: Jan Larwig <jan@larwig.com>

pkg/apis/options/alpha_options.go

@@ -65,9 +65,9 @@ func (a *AlphaOptions) ExtractFrom(opts *Options) {
 	a.Providers = opts.Providers
 }
 
-// MergeInto replaces alpha options in the Options struct with the values
-// from the AlphaOptions
-func (a *AlphaOptions) MergeInto(opts *Options) {
+// MergeOptionsWithDefaults replaces alpha options in the Options struct
+// with the values from the AlphaOptions and ensures the defaults
+func (a *AlphaOptions) MergeOptionsWithDefaults(opts *Options) {
 	opts.UpstreamServers = a.UpstreamConfig
 	opts.InjectRequestHeaders = a.InjectRequestHeaders
 	opts.InjectResponseHeaders = a.InjectResponseHeaders

pkg/apis/options/header.go

@@ -1,5 +1,7 @@
 package options
 
+import "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr"
+
 // Header represents an individual header that will be added to a request or
 // response header.
 type Header struct {
@@ -53,3 +55,28 @@ type ClaimSource struct {
 	// basicAuthPassword will be used as the password value.
 	BasicAuthPassword *SecretSource `yaml:"basicAuthPassword,omitempty"`
 }
+
+// EnsureDefaults sets any default values for Header fields.
+func (h *Header) EnsureDefaults() {
+	if h.PreserveRequestValue == nil {
+		h.PreserveRequestValue = ptr.Ptr(false)
+	}
+	for i := range h.Values {
+		h.Values[i].EnsureDefaults()
+	}
+}
+
+// EnsureDefaults sets any default values for HeaderValue fields.
+func (hv *HeaderValue) EnsureDefaults() {
+	if hv.ClaimSource != nil {
+		hv.ClaimSource.EnsureDefaults()
+	}
+	if hv.SecretSource != nil {
+		hv.SecretSource.EnsureDefaults()
+	}
+}
+
+// EnsureDefaults sets any default values for ClaimSource fields.
+func (hc *ClaimSource) EnsureDefaults() {
+	// No defaults to set currently
+}

pkg/apis/options/legacy_options.go

@@ -177,10 +177,6 @@ func (l *LegacyUpstreams) convert() (UpstreamConfig, error) {
 			// Force defaults compatible with static responses
 			upstream.URI = ""
 			upstream.InsecureSkipTLSVerify = ptr.Ptr(false)
-			upstream.PassHostHeader = nil
-			upstream.ProxyWebSockets = nil
-			upstream.FlushInterval = nil
-			upstream.Timeout = nil
 			upstream.DisableKeepAlives = ptr.Ptr(false)
 		case "unix":
 			upstream.Path = "/"

pkg/apis/options/legacy_options_test.go

@@ -3,6 +3,7 @@ package options
 import (
 	"time"
 
+	. "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options/testutil"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -132,7 +133,7 @@ var _ = Describe("Legacy Options", func() {
 
 			converted, err := legacyOpts.ToOptions()
 			Expect(err).ToNot(HaveOccurred())
-			Expect(converted).To(Equal(opts))
+			Expect(converted).To(EqualOpts(opts))
 		})
 	})
 

pkg/apis/options/options.go

@@ -168,3 +168,23 @@ func NewFlagSet() *pflag.FlagSet {
 
 	return flagSet
 }
+
+// EnsureDefaults configures the defaults for all options
+// to ensure no unexpected empty strings for enum types or nils for booleans
+func (o *Options) EnsureDefaults() {
+	o.Providers.EnsureDefaults()
+	o.UpstreamServers.EnsureDefaults()
+
+	for i := range o.InjectRequestHeaders {
+		o.InjectRequestHeaders[i].EnsureDefaults()
+	}
+	for i := range o.InjectResponseHeaders {
+		o.InjectResponseHeaders[i].EnsureDefaults()
+	}
+
+	// TBD: Uncomment as we add EnsureDefaults methods
+	// o.Cookie.EnsureDefaults()
+	// o.Session.EnsureDefaults()
+	// o.Templates.EnsureDefaults()
+	// o.Logging.EnsureDefaults()
+}

pkg/apis/options/providers.go

@@ -289,6 +289,7 @@ type LoginGovOptions struct {
 	PubJWKURL string `yaml:"pubjwkURL,omitempty"`
 }
 
+// Legacy default providers configuration
 func providerDefaults() Providers {
 	providers := Providers{
 		{
@@ -310,3 +311,72 @@ func providerDefaults() Providers {
 	}
 	return providers
 }
+
+// EnsureDefaults sets any default values for Providers fields.
+func (p Providers) EnsureDefaults() {
+	for i := range p {
+		p[i].EnsureDefaults()
+	}
+}
+
+// EnsureDefaults sets any default values for Provider fields.
+func (p *Provider) EnsureDefaults() {
+	if p.SkipClaimsFromProfileURL == nil {
+		p.SkipClaimsFromProfileURL = ptr.Ptr(false)
+	}
+	if p.UseSystemTrustStore == nil {
+		p.UseSystemTrustStore = ptr.Ptr(true)
+	}
+
+	p.OIDCConfig.EnsureDefaults()
+	p.MicrosoftEntraIDConfig.EnsureDefaults()
+	p.ADFSConfig.EnsureDefaults()
+	p.GoogleConfig.EnsureDefaults()
+}
+
+// EnsureDefaults sets any default values for OIDCOptions fields.
+func (o *OIDCOptions) EnsureDefaults() {
+	// Ensure OIDC defaults
+	if o.InsecureAllowUnverifiedEmail == nil {
+		o.InsecureAllowUnverifiedEmail = ptr.Ptr(false)
+	}
+	if o.InsecureSkipNonce == nil {
+		o.InsecureSkipNonce = ptr.Ptr(true)
+	}
+	if o.SkipDiscovery == nil {
+		o.SkipDiscovery = ptr.Ptr(false)
+	}
+	if o.UserIDClaim == "" {
+		o.UserIDClaim = OIDCEmailClaim
+	}
+	if o.EmailClaim == "" {
+		o.EmailClaim = OIDCEmailClaim
+	}
+	if o.GroupsClaim == "" {
+		o.GroupsClaim = OIDCGroupsClaim
+	}
+	if len(o.AudienceClaims) == 0 {
+		o.AudienceClaims = OIDCAudienceClaims
+	}
+}
+
+// EnsureDefaults sets any default values for MicrosoftEntraIDOptions fields.
+func (me *MicrosoftEntraIDOptions) EnsureDefaults() {
+	if me.FederatedTokenAuth == nil {
+		me.FederatedTokenAuth = ptr.Ptr(false)
+	}
+}
+
+// EnsureDefaults sets any default values for ADFSOptions fields.
+func (a *ADFSOptions) EnsureDefaults() {
+	if a.SkipScope == nil {
+		a.SkipScope = ptr.Ptr(false)
+	}
+}
+
+// EnsureDefaults sets any default values for GoogleOptions fields.
+func (g *GoogleOptions) EnsureDefaults() {
+	if g.UseApplicationDefaultCredentials == nil {
+		g.UseApplicationDefaultCredentials = ptr.Ptr(false)
+	}
+}

pkg/apis/options/secret_source.go

@@ -12,3 +12,8 @@ type SecretSource struct {
 	// FromFile expects a path to a file containing the secret value.
 	FromFile string `yaml:"fromFile,omitempty"`
 }
+
+// EnsureDefaults sets any default values for SecretSource fields.
+func (ss *SecretSource) EnsureDefaults() {
+	// No defaults to set currently
+}

pkg/apis/options/upstreams.go

@@ -1,6 +1,10 @@
 package options
 
-import "time"
+import (
+	"time"
+
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util/ptr"
+)
 
 const (
 	// DefaultUpstreamFlushInterval is the default value for the Upstream FlushInterval.
@@ -98,3 +102,38 @@ type Upstream struct {
 	// Defaults to false.
 	DisableKeepAlives *bool `yaml:"disableKeepAlives,omitempty"`
 }
+
+// EnsureDefaults sets any default values for UpstreamConfig fields.
+func (uc *UpstreamConfig) EnsureDefaults() {
+	if uc.ProxyRawPath == nil {
+		uc.ProxyRawPath = ptr.Ptr(false)
+	}
+	for i := range uc.Upstreams {
+		uc.Upstreams[i].EnsureDefaults()
+	}
+}
+
+// EnsureDefaults sets any default values for Upstream fields.
+func (u *Upstream) EnsureDefaults() {
+	if u.InsecureSkipTLSVerify == nil {
+		u.InsecureSkipTLSVerify = ptr.Ptr(false)
+	}
+	if u.Static == nil {
+		u.Static = ptr.Ptr(false)
+	}
+	if u.FlushInterval == nil {
+		u.FlushInterval = ptr.Ptr(DefaultUpstreamFlushInterval)
+	}
+	if u.PassHostHeader == nil {
+		u.PassHostHeader = ptr.Ptr(true)
+	}
+	if u.ProxyWebSockets == nil {
+		u.ProxyWebSockets = ptr.Ptr(true)
+	}
+	if u.Timeout == nil {
+		u.Timeout = ptr.Ptr(DefaultUpstreamTimeout)
+	}
+	if u.DisableKeepAlives == nil {
+		u.DisableKeepAlives = ptr.Ptr(false)
+	}
+}