From 6ee242dd95c439eca87aafa3fb1f81d116682467 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Thu, 7 Nov 2024 15:39:21 -0500 Subject: [PATCH] Prepare to remove go-oidc/oauth2 from config packages (#48620) Adds a OAuthClientCredentials type directly into the servicecfg package so that the dependency on go-oidc/oauth2 can be removed. The PluginOAuthProviders.Slack field has been deprecated, but left in place so as not to break teleport.e and a new PluginOAuthProviders.SlackCredentials field has been added to use the new type. Both fields are being populated with the same data from the file config at the moment. Once teleport.e has been updated to consume the credentials from PluginOAuthProviders.SlackCredentials the original field will be removed. --- lib/config/configuration_test.go | 4 ++++ lib/config/fileconf.go | 14 +++++++++----- lib/service/servicecfg/auth.go | 11 +++++++++++ 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go index 9506232b47e81..cee0034987854 100644 --- a/lib/config/configuration_test.go +++ b/lib/config/configuration_test.go @@ -3673,6 +3673,10 @@ func TestAuthHostedPlugins(t *testing.T) { require.NotNil(t, p.OAuthProviders.Slack) require.Equal(t, "foo", p.OAuthProviders.Slack.ID) require.Equal(t, "bar", p.OAuthProviders.Slack.Secret) + + require.NotNil(t, p.OAuthProviders.SlackCredentials) + require.Equal(t, "foo", p.OAuthProviders.SlackCredentials.ClientID) + require.Equal(t, "bar", p.OAuthProviders.SlackCredentials.ClientSecret) }, }, } diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go index 1fbabce2e4b43..bb10a43d3085b 100644 --- a/lib/config/fileconf.go +++ b/lib/config/fileconf.go @@ -1304,7 +1304,11 @@ func (p *PluginOAuthProviders) Parse() (servicecfg.PluginOAuthProviders, error) if err != nil { return out, trace.Wrap(err) } - out.Slack = slack + out.Slack = &oauth2.ClientCredentials{ + ID: slack.ClientID, + Secret: slack.ClientSecret, + } + out.SlackCredentials = slack } return out, nil } @@ -1318,7 +1322,7 @@ type OAuthClientCredentials struct { ClientSecret string `yaml:"client_secret"` } -func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) { +func (o *OAuthClientCredentials) Parse() (*servicecfg.OAuthClientCredentials, error) { if o.ClientID == "" || o.ClientSecret == "" { return nil, trace.BadParameter("both client_id and client_secret paths must be specified") } @@ -1337,9 +1341,9 @@ func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) { } clientSecret = strings.TrimSpace(string(content)) - return &oauth2.ClientCredentials{ - ID: clientID, - Secret: clientSecret, + return &servicecfg.OAuthClientCredentials{ + ClientID: clientID, + ClientSecret: clientSecret, }, nil } diff --git a/lib/service/servicecfg/auth.go b/lib/service/servicecfg/auth.go index 3663ea25ae0ea..1ecc416e3c453 100644 --- a/lib/service/servicecfg/auth.go +++ b/lib/service/servicecfg/auth.go @@ -178,7 +178,18 @@ type HostedPluginsConfig struct { // PluginOAuthProviders holds application credentials for each // 3rd party API provider type PluginOAuthProviders struct { + // TODO(tross) delete once teleport.e has been converted. + // Deprecated: use SlackCredentials instead. Slack *oauth2.ClientCredentials + + SlackCredentials *OAuthClientCredentials +} + +// OAuthClientCredentials stores the client_id and client_secret +// of an OAuth application. +type OAuthClientCredentials struct { + ClientID string + ClientSecret string } // KeystoreConfig configures the auth keystore.