particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

jwt: support multiple key providers

Browse source 
We may need to use several SSO providers, so extend our
configuration to allow that.

Based on PoC from Sanne:

```
package main

import (
	"net/http"
	"log"

	"github.com/openshift-online/ocm-sdk-go/authentication"
	"github.com/openshift-online/ocm-sdk-go/logging"
)

type H struct{}

func (h *H) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	log.Println("HURRAY")
}

func main() {

	logBuilder := logging.NewGoLoggerBuilder()
	logger, err := logBuilder.Build()
	if err != nil {
		panic(err)
	}

	aH, err := authentication.NewHandler().
		KeysURL("https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs").
		KeysURL("https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/certs").
			Logger(logger).Next(&H{}).Build()
	if err != nil {
		panic(err)
	}

	log.Fatal(http.ListenAndServe(":8080", aH))

}
```
This commit is contained in:
Tom Gundersen 2022-01-30 14:53:16 +00:00
parent f3d0a4ac89
commit 0b24099751
3 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/osbuild-composer/composer.go
View file

@ -220,8 +220,12 @@ func (c *Composer) Start() error {
handler := c.workers.Handler()
var err error
if c.config.Worker.EnableJWT {
keysURLs := c.config.Worker.JWTKeysURLs
if c.config.Worker.JWTKeysURL != "" {
keysURLs = append(keysURLs, c.config.Worker.JWTKeysURL)
}
handler, err = auth.BuildJWTAuthHandler(
c.config.Worker.JWTKeysURL,
keysURLs,
c.config.Worker.JWTKeysCA,
c.config.Worker.JWTACLFile,
[]string{
@ -265,8 +269,12 @@ func (c *Composer) Start() error {
handler := http.Handler(mux)
var err error
if c.config.Koji.EnableJWT {
keysURLs := c.config.Koji.JWTKeysURLs
if c.config.Koji.JWTKeysURL != "" {
keysURLs = append(keysURLs, c.config.Koji.JWTKeysURL)
}
handler, err = auth.BuildJWTAuthHandler(
c.config.Koji.JWTKeysURL,
keysURLs,
c.config.Koji.JWTKeysCA,
c.config.Koji.JWTACLFile,
[]string{

2
cmd/osbuild-composer/config.go
View file

@ -25,6 +25,7 @@ type KojiAPIConfig struct {
EnableMTLS bool `toml:"enable_mtls"`
EnableJWT bool `toml:"enable_jwt"`
JWTKeysURL string `toml:"jwt_keys_url"`
JWTKeysURLs []string `toml:"jwt_keys_urls"`
JWTKeysCA string `toml:"jwt_ca_file"`
JWTACLFile string `toml:"jwt_acl_file"`
AWS AWSConfig `toml:"aws_config"`
@ -51,6 +52,7 @@ type WorkerAPIConfig struct {
EnableMTLS bool `toml:"enable_mtls"`
EnableJWT bool `toml:"enable_jwt"`
JWTKeysURL string `toml:"jwt_keys_url"`
JWTKeysURLs []string `toml:"jwt_keys_urls"`
JWTKeysCA string `toml:"jwt_ca_file"`
JWTACLFile string `toml:"jwt_acl_file"`
}