go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity

feat: make google-groups argument optional (#3138)

Browse Source 
add test cases

update documentation

refactor code and some cleanup

update changelog

Signed-off-by: Jan Larwig <jan@larwig.com>
This commit is contained in:
Sourav Agrawal
2025-07-24 11:25:54 +05:30
committed by GitHub
parent b905f2cd93
commit e75a258299
6 changed files with 135 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/validation/options_test.go
View File

@ -55,18 +55,38 @@ func TestNewOptions(t *testing.T) {
assert.Equal(t, expected, err.Error())
}
func TestGoogleGroupOptions(t *testing.T) {
func TestGoogleGroupOptionsWithoutServiceAccountJSON(t *testing.T) {
o := testOptions()
o.Providers[0].GoogleConfig.Groups = []string{"googlegroup"}
o.Providers[0].GoogleConfig.AdminEmail = "admin@example.com"
err := Validate(o)
assert.NotEqual(t, nil, err)
expected := errorMsg([]string{
"missing setting: google-admin-email",
"missing setting: google-service-account-json or google-use-application-default-credentials"})
assert.Equal(t, expected, err.Error())
}
func TestGoogleGroupOptionsWithoutAdminEmail(t *testing.T) {
o := testOptions()
o.Providers[0].GoogleConfig.UseApplicationDefaultCredentials = true
err := Validate(o)
assert.NotEqual(t, nil, err)
expected := errorMsg([]string{
"missing setting: google-admin-email"})
assert.Equal(t, expected, err.Error())
}
func TestGoogleGroupOptionsWithoutGroups(t *testing.T) {
o := testOptions()
// Set admin email and application default credentials but no groups - should still require them
o.Providers[0].GoogleConfig.AdminEmail = "admin@example.com"
o.Providers[0].GoogleConfig.UseApplicationDefaultCredentials = true
err := Validate(o)
// Should pass validation since google-group is now optional
assert.Equal(t, nil, err)
}
func TestGoogleGroupInvalidFile(t *testing.T) {
o := testOptions()
o.Providers[0].GoogleConfig.Groups = []string{"test_group"}

6
pkg/validation/providers.go
View File

@ -94,18 +94,14 @@ func validateClientSecret(provider options.Provider) []string {
func validateGoogleConfig(provider options.Provider) []string {
msgs := []string{}
hasGoogleGroups := len(provider.GoogleConfig.Groups) >= 1
hasAdminEmail := provider.GoogleConfig.AdminEmail != ""
hasSAJSON := provider.GoogleConfig.ServiceAccountJSON != ""
useADC := provider.GoogleConfig.UseApplicationDefaultCredentials
if !hasGoogleGroups && !hasAdminEmail && !hasSAJSON && !useADC {
if !hasAdminEmail && !hasSAJSON && !useADC {
return msgs
}
if !hasGoogleGroups {
msgs = append(msgs, "missing setting: google-group")
}
if !hasAdminEmail {
msgs = append(msgs, "missing setting: google-admin-email")
}