Skip to content

Commit 978601c

Browse files
EmyrkEmyrk
committed
Add logging
1 parent 82c8169 commit 978601c

File tree

2 files changed

+50
-3
lines changed

2 files changed

+50
-3
lines changed

coderd/coderdtest/oidctest/idp.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,7 @@ func (f *FakeIDP) updateIssuerURL(t testing.TB, issuer string) {
284284
Algorithms: []string{
285285
"RS256",
286286
},
287+
ExternalAuthURL: u.ResolveReference(&url.URL{Path: fmt.Sprintf("/external-auth-validate/%s", f.externalProviderID)}).String(),
287288
}
288289
}
289290

@@ -529,6 +530,8 @@ type ProviderJSON struct {
529530
JWKSURL string `json:"jwks_uri"`
530531
UserInfoURL string `json:"userinfo_endpoint"`
531532
Algorithms []string `json:"id_token_signing_alg_values_supported"`
533+
// This is custom
534+
ExternalAuthURL string `json:"exteral_auth_url"`
532535
}
533536

534537
// newCode enforces the code exchanged is actually a valid code
@@ -999,6 +1002,7 @@ func (f *FakeIDP) ExternalAuthConfig(t testing.TB, id string, custom *ExternalAu
9991002
}
10001003
instrumentF := promoauth.NewFactory(prometheus.NewRegistry())
10011004
cfg := &externalauth.Config{
1005+
DisplayName: id,
10021006
InstrumentedOAuth2Config: instrumentF.New(f.clientID, f.OIDCConfig(t, nil)),
10031007
ID: id,
10041008
// No defaults for these fields by omitting the type
@@ -1011,6 +1015,7 @@ func (f *FakeIDP) ExternalAuthConfig(t testing.TB, id string, custom *ExternalAu
10111015
for _, opt := range opts {
10121016
opt(cfg)
10131017
}
1018+
f.updateIssuerURL(t, f.issuer)
10141019
return cfg
10151020
}
10161021

scripts/testidp/main.go

Lines changed: 45 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package main
22

33
import (
4+
"encoding/json"
45
"flag"
56
"log"
67
"os"
@@ -9,15 +10,21 @@ import (
910
"time"
1011

1112
"github.com/golang-jwt/jwt/v4"
13+
"github.com/stretchr/testify/require"
1214

15+
"cdr.dev/slog"
16+
"cdr.dev/slog/sloggers/sloghuman"
1317
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
18+
"github.com/coder/coder/v2/codersdk"
1419
)
1520

1621
// Flags
1722
var (
1823
expiry = flag.Duration("expiry", time.Minute*5, "Token expiry")
1924
clientID = flag.String("client-id", "static-client-id", "Client ID, set empty to be random")
2025
clientSecret = flag.String("client-sec", "static-client-secret", "Client Secret, set empty to be random")
26+
// By default, no regex means it will never match anything. So at least default to matching something.
27+
extRegex = flag.String("ext-regex", `^(https?://)?example\.com(/.*)?$`, "External auth regex")
2128
)
2229

2330
func main() {
@@ -37,6 +44,12 @@ func main() {
3744
}, nil, nil)
3845
}
3946

47+
type withClientSecret struct {
48+
// We never unmarshal this in prod, but we need this field for testing.
49+
ClientSecret string `json:"client_secret"`
50+
codersdk.ExternalAuthConfig
51+
}
52+
4053
// RunIDP needs the testing.T because our oidctest package requires the
4154
// testing.T.
4255
func RunIDP() func(t *testing.T) {
@@ -48,15 +61,44 @@ func RunIDP() func(t *testing.T) {
4861
oidctest.WithDefaultExpire(*expiry),
4962
oidctest.WithStaticCredentials(*clientID, *clientSecret),
5063
oidctest.WithIssuer("http://localhost:4500"),
64+
oidctest.WithLogger(slog.Make(sloghuman.Sink(os.Stderr))),
5165
)
5266
id, sec := idp.AppCredentials()
5367
prov := idp.WellknownConfig()
68+
const appID = "fake"
69+
coderCfg := idp.ExternalAuthConfig(t, appID, nil)
5470

5571
log.Println("IDP Issuer URL", idp.IssuerURL())
5672
log.Println("Coderd Flags")
57-
log.Printf(`--external-auth-providers='[{"type":"fake","client_id":"%s","client_secret":"%s","auth_url":"%s","token_url":"%s","validate_url":"%s","scopes":["openid","email","profile"]}]'`,
58-
id, sec, prov.AuthURL, prov.TokenURL, prov.UserInfoURL,
59-
)
73+
deviceCodeURL := ""
74+
if coderCfg.DeviceAuth != nil {
75+
deviceCodeURL = coderCfg.DeviceAuth.CodeURL
76+
}
77+
cfg := withClientSecret{
78+
ClientSecret: sec,
79+
ExternalAuthConfig: codersdk.ExternalAuthConfig{
80+
Type: appID,
81+
ClientID: id,
82+
ClientSecret: sec,
83+
ID: appID,
84+
AuthURL: prov.AuthURL,
85+
TokenURL: prov.TokenURL,
86+
ValidateURL: prov.ExternalAuthURL,
87+
AppInstallURL: coderCfg.AppInstallURL,
88+
AppInstallationsURL: coderCfg.AppInstallationsURL,
89+
NoRefresh: false,
90+
Scopes: []string{"openid", "email", "profile"},
91+
ExtraTokenKeys: coderCfg.ExtraTokenKeys,
92+
DeviceFlow: coderCfg.DeviceAuth != nil,
93+
DeviceCodeURL: deviceCodeURL,
94+
Regex: *extRegex,
95+
DisplayName: coderCfg.DisplayName,
96+
DisplayIcon: coderCfg.DisplayIcon,
97+
},
98+
}
99+
data, err := json.Marshal([]withClientSecret{cfg})
100+
require.NoError(t, err)
101+
log.Printf(`--external-auth-providers='%s'`, string(data))
60102

61103
log.Println("Press Ctrl+C to exit")
62104
c := make(chan os.Signal, 1)

0 commit comments

Comments
 (0)