github.com/chenbh/concourse/v6@v6.4.2/skymarshal/skycmd/oidc_flags.go (about) 1 package skycmd 2 3 import ( 4 "encoding/json" 5 "errors" 6 7 "github.com/concourse/dex/connector/oidc" 8 "github.com/concourse/flag" 9 multierror "github.com/hashicorp/go-multierror" 10 ) 11 12 func init() { 13 RegisterConnector(&Connector{ 14 id: "oidc", 15 config: &OIDCFlags{}, 16 teamConfig: &OIDCTeamFlags{}, 17 }) 18 } 19 20 type OIDCFlags struct { 21 DisplayName string `long:"display-name" description:"The auth provider name displayed to users on the login page"` 22 Issuer string `long:"issuer" description:"(Required) An OIDC issuer URL that will be used to discover provider configuration using the .well-known/openid-configuration"` 23 ClientID string `long:"client-id" description:"(Required) Client id"` 24 ClientSecret string `long:"client-secret" description:"(Required) Client secret"` 25 Scopes []string `long:"scope" description:"Any additional scopes that need to be requested during authorization"` 26 GroupsKey string `long:"groups-key" default:"groups" description:"The groups key indicates which claim to use to map external groups to Concourse teams."` 27 UserNameKey string `long:"user-name-key" default:"username" description:"The user name key indicates which claim to use to map an external user name to a Concourse user name."` 28 HostedDomains []string `long:"hosted-domains" description:"List of whitelisted domains when using Google, only users from a listed domain will be allowed to log in"` 29 CACerts []flag.File `long:"ca-cert" description:"CA Certificate"` 30 InsecureSkipVerify bool `long:"skip-ssl-validation" description:"Skip SSL validation"` 31 } 32 33 func (flag *OIDCFlags) Name() string { 34 if flag.DisplayName != "" { 35 return flag.DisplayName 36 } 37 return "OIDC" 38 } 39 40 func (flag *OIDCFlags) Validate() error { 41 var errs *multierror.Error 42 43 if flag.Issuer == "" { 44 errs = multierror.Append(errs, errors.New("Missing issuer")) 45 } 46 47 if flag.ClientID == "" { 48 errs = multierror.Append(errs, errors.New("Missing client-id")) 49 } 50 51 if flag.ClientSecret == "" { 52 errs = multierror.Append(errs, errors.New("Missing client-secret")) 53 } 54 55 return errs.ErrorOrNil() 56 } 57 58 func (flag *OIDCFlags) Serialize(redirectURI string) ([]byte, error) { 59 if err := flag.Validate(); err != nil { 60 return nil, err 61 } 62 63 caCerts := []string{} 64 for _, file := range flag.CACerts { 65 caCerts = append(caCerts, file.Path()) 66 } 67 68 return json.Marshal(oidc.Config{ 69 Issuer: flag.Issuer, 70 ClientID: flag.ClientID, 71 ClientSecret: flag.ClientSecret, 72 Scopes: flag.Scopes, 73 GroupsKey: flag.GroupsKey, 74 UserNameKey: flag.UserNameKey, 75 HostedDomains: flag.HostedDomains, 76 RootCAs: caCerts, 77 InsecureSkipVerify: flag.InsecureSkipVerify, 78 RedirectURI: redirectURI, 79 }) 80 } 81 82 type OIDCTeamFlags struct { 83 Users []string `json:"users" long:"user" description:"A whitelisted OIDC user" value-name:"USERNAME"` 84 Groups []string `json:"groups" long:"group" description:"A whitelisted OIDC group" value-name:"GROUP_NAME"` 85 } 86 87 func (flag *OIDCTeamFlags) GetUsers() []string { 88 return flag.Users 89 } 90 91 func (flag *OIDCTeamFlags) GetGroups() []string { 92 return flag.Groups 93 }