Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite3ad958

Browse files
authored
chore: allow running fake idp with coderd dev (#11555)
* chore: allow running fake idp with coderd dev
1 parentc91b885 commite3ad958

File tree

4 files changed

+108
-10
lines changed

4 files changed

+108
-10
lines changed

‎cmd/testidp/README.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
#How to use
2+
3+
Start the idp service:
4+
5+
```bash
6+
$ go run main.go
7+
2024-01-10 16:48:01.415 [info] stdlib: 2024/01/10 10:48:01 IDP Issuer URL http://127.0.0.1:44517
8+
2024-01-10 16:48:01.415 [info] stdlib: 2024/01/10 10:48:01 Oauth Flags
9+
2024-01-10 16:48:01.415 [info] stdlib: 2024/01/10 10:48:01 --external-auth-providers='[{"type":"fake","client_id":"f2df566b-a1c9-407a-8b75-480db45c6476","client_secret":"55aca4e3-7b94-44b6-9f45-ecb5e81c560d","auth_url":"http://127.0.0.1:44517/oauth2/authorize","token_url":"http://127.0.0.1:44517/oauth2/token","validate_url":"http://127.0.0.1:44517/oauth2/userinfo","scopes":["openid","email","profile"]}]'
10+
2024-01-10 16:48:01.415 [info] stdlib: 2024/01/10 10:48:01 Press Ctrl+C toexit
11+
```
12+
13+
Then use the flag into your coderd instance:
14+
15+
```bash
16+
develop.sh -- --external-auth-providers='[{"type":"fake","client_id":"f2df566b-a1c9-407a-8b75-480db45c6476","client_secret":"55aca4e3-7b94-44b6-9f45-ecb5e81c560d","auth_url":"http://127.0.0.1:44517/oauth2/authorize","token_url":"http://127.0.0.1:44517/oauth2/token","validate_url":"http://127.0.0.1:44517/oauth2/userinfo","scopes":["openid","email","profile"]}]'
17+
```

‎cmd/testidp/main.go

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
package main
2+
3+
import (
4+
"flag"
5+
"log"
6+
"os"
7+
"os/signal"
8+
"testing"
9+
10+
"github.com/golang-jwt/jwt/v4"
11+
12+
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
13+
)
14+
15+
funcmain() {
16+
testing.Init()
17+
_=flag.Set("test.timeout","0")
18+
19+
flag.Parse()
20+
21+
// This is just a way to run tests outside go test
22+
testing.Main(func(pat,strstring) (bool,error) {
23+
returntrue,nil
24+
}, []testing.InternalTest{
25+
{
26+
Name:"Run Fake IDP",
27+
F:RunIDP(),
28+
},
29+
},nil,nil)
30+
}
31+
32+
// RunIDP needs the testing.T because our oidctest package requires the
33+
// testing.T.
34+
funcRunIDP()func(t*testing.T) {
35+
returnfunc(t*testing.T) {
36+
idp:=oidctest.NewFakeIDP(t,
37+
oidctest.WithServing(),
38+
oidctest.WithStaticUserInfo(jwt.MapClaims{}),
39+
oidctest.WithDefaultIDClaims(jwt.MapClaims{}),
40+
)
41+
id,sec:=idp.AppCredentials()
42+
prov:=idp.WellknownConfig()
43+
44+
log.Println("IDP Issuer URL",idp.IssuerURL())
45+
log.Println("Coderd Flags")
46+
log.Printf(`--external-auth-providers='[{"type":"fake","client_id":"%s","client_secret":"%s","auth_url":"%s","token_url":"%s","validate_url":"%s","scopes":["openid","email","profile"]}]'`,
47+
id,sec,prov.AuthURL,prov.TokenURL,prov.UserInfoURL,
48+
)
49+
50+
log.Println("Press Ctrl+C to exit")
51+
c:=make(chan os.Signal,1)
52+
signal.Notify(c,os.Interrupt)
53+
54+
// Block until ctl+c
55+
<-c
56+
log.Println("Closing")
57+
}
58+
}

‎coderd/coderdtest/oidctest/idp.go

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,12 @@ type FakeIDP struct {
7878
// "Authorized Redirect URLs". This can be used to emulate that.
7979
hookValidRedirectURLfunc(redirectURLstring)error
8080
hookUserInfofunc(emailstring) (jwt.MapClaims,error)
81-
hookMutateTokenfunc(tokenmap[string]interface{})
82-
fakeCoderdfunc(req*http.Request) (*http.Response,error)
83-
hookOnRefreshfunc(emailstring)error
81+
// defaultIDClaims is if a new client connects and we didn't preset
82+
// some claims.
83+
defaultIDClaims jwt.MapClaims
84+
hookMutateTokenfunc(tokenmap[string]interface{})
85+
fakeCoderdfunc(req*http.Request) (*http.Response,error)
86+
hookOnRefreshfunc(emailstring)error
8487
// Custom authentication for the client. This is useful if you want
8588
// to test something like PKI auth vs a client_secret.
8689
hookAuthenticateClientfunc(t testing.TB,req*http.Request) (url.Values,error)
@@ -162,6 +165,12 @@ func WithStaticUserInfo(info jwt.MapClaims) func(*FakeIDP) {
162165
}
163166
}
164167

168+
funcWithDefaultIDClaims(claims jwt.MapClaims)func(*FakeIDP) {
169+
returnfunc(f*FakeIDP) {
170+
f.defaultIDClaims=claims
171+
}
172+
}
173+
165174
funcWithDynamicUserInfo(userInfoFuncfunc(emailstring) (jwt.MapClaims,error))func(*FakeIDP) {
166175
returnfunc(f*FakeIDP) {
167176
f.hookUserInfo=userInfoFunc
@@ -679,7 +688,7 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler {
679688
// Always invalidate the code after it is used.
680689
f.codeToStateMap.Delete(code)
681690

682-
idTokenClaims,ok:=f.stateToIDTokenClaims.Load(stateStr)
691+
idTokenClaims,ok:=f.getClaims(f.stateToIDTokenClaims,stateStr)
683692
if!ok {
684693
t.Errorf("missing id token claims")
685694
http.Error(rw,"missing id token claims",http.StatusBadRequest)
@@ -699,7 +708,7 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler {
699708
return
700709
}
701710

702-
idTokenClaims,ok:=f.refreshIDTokenClaims.Load(refreshToken)
711+
idTokenClaims,ok:=f.getClaims(f.refreshIDTokenClaims,refreshToken)
703712
if!ok {
704713
t.Errorf("missing id token claims in refresh")
705714
http.Error(rw,"missing id token claims in refresh",http.StatusBadRequest)
@@ -971,6 +980,10 @@ func (f *FakeIDP) ExternalAuthConfig(t testing.TB, id string, custom *ExternalAu
971980
returncfg
972981
}
973982

983+
func (f*FakeIDP)AppCredentials() (clientIDstring,clientSecretstring) {
984+
returnf.clientID,f.clientSecret
985+
}
986+
974987
// OIDCConfig returns the OIDC config to use for Coderd.
975988
func (f*FakeIDP)OIDCConfig(t testing.TB,scopes []string,opts...func(cfg*coderd.OIDCConfig))*coderd.OIDCConfig {
976989
t.Helper()
@@ -1023,6 +1036,17 @@ func (f *FakeIDP) OIDCConfig(t testing.TB, scopes []string, opts ...func(cfg *co
10231036
returncfg
10241037
}
10251038

1039+
func (f*FakeIDP)getClaims(m*syncmap.Map[string, jwt.MapClaims],keystring) (jwt.MapClaims,bool) {
1040+
v,ok:=m.Load(key)
1041+
if!ok {
1042+
iff.defaultIDClaims!=nil {
1043+
returnf.defaultIDClaims,true
1044+
}
1045+
returnnil,false
1046+
}
1047+
returnv,true
1048+
}
1049+
10261050
funchttpErrorCode(defaultCodeint,errerror)int {
10271051
varstautsErrstatusHookError
10281052
status:=defaultCode

‎codersdk/deployment.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1790,11 +1790,10 @@ Write out the current server config as YAML to stdout.`,
17901790
// Env handling is done in cli.ReadGitAuthFromEnvironment
17911791
Name:"External Auth Providers",
17921792
Description:"External Authentication providers.",
1793-
// We need extra scrutiny to ensure this works, is documented, and
1794-
// tested before enabling.
1795-
YAML:"externalAuthProviders",
1796-
Value:&c.ExternalAuthConfigs,
1797-
Hidden:true,
1793+
YAML:"externalAuthProviders",
1794+
Flag:"external-auth-providers",
1795+
Value:&c.ExternalAuthConfigs,
1796+
Hidden:true,
17981797
},
17991798
{
18001799
Name:"Custom wgtunnel Host",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp