github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/application/applications/reconciling/config/auth/oidc.go (about) 1 package auth 2 3 import ( 4 "fmt" 5 6 "gopkg.in/yaml.v3" 7 8 "github.com/caos/orbos/internal/operator/boom/api/latest/reconciling/auth" 9 "github.com/caos/orbos/pkg/secret/read" 10 ) 11 12 type oidc struct { 13 Name string `yaml:"name,omitempty"` 14 Issuer string `yaml:"issuer,omitempty"` 15 ClientID string `yaml:"clientID,omitempty"` 16 ClientSecret string `yaml:"clientSecret,omitempty"` 17 RequestedScopes []string `yaml:"requestedScopes,omitempty"` 18 RequestedIDTokenClaims map[string]*Claim `yaml:"requestedIDTokenClaims,omitempty"` 19 } 20 type Claim struct { 21 Essential bool `yaml:"essential,omitempty"` 22 Values []string `yaml:"values,omitempty"` 23 } 24 25 func GetOIDC(spec *auth.Auth) (string, error) { 26 if spec == nil || spec.OIDC == nil { 27 return "", nil 28 } 29 30 clientID, err := read.GetSecretValueOnlyIncluster(spec.OIDC.ClientID, spec.OIDC.ExistingClientIDSecret) 31 if err != nil { 32 return "", err 33 } 34 35 clientSecret, err := read.GetSecretValueOnlyIncluster(spec.OIDC.ClientSecret, spec.OIDC.ExistingClientSecretSecret) 36 if err != nil { 37 return "", err 38 } 39 40 if clientID == "" || clientSecret == "" { 41 return "", nil 42 } 43 44 var claims map[string]*Claim 45 if len(spec.OIDC.RequestedIDTokenClaims) > 0 { 46 claims = make(map[string]*Claim, 0) 47 for k, v := range spec.OIDC.RequestedIDTokenClaims { 48 claims[k] = &Claim{ 49 Essential: v.Essential, 50 Values: v.Values, 51 } 52 } 53 } 54 55 oidc := &oidc{ 56 Name: spec.OIDC.Name, 57 Issuer: spec.OIDC.Issuer, 58 ClientID: clientID, 59 ClientSecret: clientSecret, 60 RequestedScopes: spec.OIDC.RequestedScopes, 61 RequestedIDTokenClaims: claims, 62 } 63 64 data, err := yaml.Marshal(oidc) 65 if err != nil { 66 return "", fmt.Errorf("error while generating argocd oidc configuration: %w", err) 67 } 68 return string(data), nil 69 }