github.com/chenbh/concourse/v6@v6.4.2/skymarshal/skycmd/oauth_flags.go (about) 1 package skycmd 2 3 import ( 4 "encoding/json" 5 "errors" 6 7 "github.com/concourse/dex/connector/oauth" 8 "github.com/concourse/flag" 9 multierror "github.com/hashicorp/go-multierror" 10 ) 11 12 func init() { 13 RegisterConnector(&Connector{ 14 id: "oauth", 15 config: &OAuthFlags{}, 16 teamConfig: &OAuthTeamFlags{}, 17 }) 18 } 19 20 type OAuthFlags struct { 21 DisplayName string `long:"display-name" description:"The auth provider name displayed to users on the login page"` 22 ClientID string `long:"client-id" description:"(Required) Client id"` 23 ClientSecret string `long:"client-secret" description:"(Required) Client secret"` 24 AuthURL string `long:"auth-url" description:"(Required) Authorization URL"` 25 TokenURL string `long:"token-url" description:"(Required) Token URL"` 26 UserInfoURL string `long:"userinfo-url" description:"(Required) UserInfo URL"` 27 Scopes []string `long:"scope" description:"Any additional scopes that need to be requested during authorization"` 28 GroupsKey string `long:"groups-key" default:"groups" description:"The groups key indicates which claim to use to map external groups to Concourse teams."` 29 UserIDKey string `long:"user-id-key" default:"user_id" description:"The user id key indicates which claim to use to map an external user id to a Concourse user id."` 30 UserNameKey string `long:"user-name-key" default:"user_name" description:"The user name key indicates which claim to use to map an external user name to a Concourse user name."` 31 CACerts []flag.File `long:"ca-cert" description:"CA Certificate"` 32 InsecureSkipVerify bool `long:"skip-ssl-validation" description:"Skip SSL validation"` 33 } 34 35 func (flag *OAuthFlags) Name() string { 36 if flag.DisplayName != "" { 37 return flag.DisplayName 38 } 39 return "OAuth2" 40 } 41 42 func (flag *OAuthFlags) Validate() error { 43 var errs *multierror.Error 44 45 if flag.AuthURL == "" { 46 errs = multierror.Append(errs, errors.New("Missing auth-url")) 47 } 48 49 if flag.TokenURL == "" { 50 errs = multierror.Append(errs, errors.New("Missing token-url")) 51 } 52 53 if flag.UserInfoURL == "" { 54 errs = multierror.Append(errs, errors.New("Missing userinfo-url")) 55 } 56 57 if flag.ClientID == "" { 58 errs = multierror.Append(errs, errors.New("Missing client-id")) 59 } 60 61 if flag.ClientSecret == "" { 62 errs = multierror.Append(errs, errors.New("Missing client-secret")) 63 } 64 65 return errs.ErrorOrNil() 66 } 67 68 func (flag *OAuthFlags) Serialize(redirectURI string) ([]byte, error) { 69 if err := flag.Validate(); err != nil { 70 return nil, err 71 } 72 73 caCerts := []string{} 74 for _, file := range flag.CACerts { 75 caCerts = append(caCerts, file.Path()) 76 } 77 78 return json.Marshal(oauth.Config{ 79 ClientID: flag.ClientID, 80 ClientSecret: flag.ClientSecret, 81 AuthorizationURL: flag.AuthURL, 82 TokenURL: flag.TokenURL, 83 UserInfoURL: flag.UserInfoURL, 84 Scopes: flag.Scopes, 85 GroupsKey: flag.GroupsKey, 86 UserIDKey: flag.UserIDKey, 87 UserNameKey: flag.UserNameKey, 88 RootCAs: caCerts, 89 InsecureSkipVerify: flag.InsecureSkipVerify, 90 RedirectURI: redirectURI, 91 }) 92 } 93 94 type OAuthTeamFlags struct { 95 Users []string `json:"users" long:"user" description:"A whitelisted OAuth2 user" value-name:"USERNAME"` 96 Groups []string `json:"groups" long:"group" description:"A whitelisted OAuth2 group" value-name:"GROUP_NAME"` 97 } 98 99 func (flag *OAuthTeamFlags) GetUsers() []string { 100 return flag.Users 101 } 102 103 func (flag *OAuthTeamFlags) GetGroups() []string { 104 return flag.Groups 105 }