From c1cfb685c9ed9e245516f3583673782cef53a6f2 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Thu, 7 Nov 2024 11:40:01 -0500 Subject: [PATCH] Prepare to remove go-oidc/oauth2 from config packages Adds a OAuthClientCredentials type directly into the servicecfg package so that the dependency on go-oidc/oauth2 can be removed. The PluginOAuthProviders.Slack field has been deprecated, but left in place so as not to break teleport.e and a new PluginOAuthProviders.SlackCredentials field has been added to use the new type. Both fields are being populated with the same data from the file config at the moment. Once teleport.e has been updated to consume the credentials from PluginOAuthProviders.SlackCredentials the original field will be removed. --- lib/config/configuration_test.go | 4 ++++ lib/config/fileconf.go | 10 +++++++--- lib/service/servicecfg/auth.go | 11 +++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go index 60a86d8815131..220d61fb000a8 100644 --- a/lib/config/configuration_test.go +++ b/lib/config/configuration_test.go @@ -3673,6 +3673,10 @@ func TestAuthHostedPlugins(t *testing.T) { require.NotNil(t, p.OAuthProviders.Slack) require.Equal(t, "foo", p.OAuthProviders.Slack.ID) require.Equal(t, "bar", p.OAuthProviders.Slack.Secret) + + require.NotNil(t, p.OAuthProviders.SlackCredentials) + require.Equal(t, "foo", p.OAuthProviders.SlackCredentials.ID) + require.Equal(t, "bar", p.OAuthProviders.SlackCredentials.Secret) }, }, } diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go index 8a666b8221803..6d3b97b923cd2 100644 --- a/lib/config/fileconf.go +++ b/lib/config/fileconf.go @@ -1321,7 +1321,11 @@ func (p *PluginOAuthProviders) Parse() (servicecfg.PluginOAuthProviders, error) if err != nil { return out, trace.Wrap(err) } - out.Slack = slack + out.Slack = &oauth2.ClientCredentials{ + ID: slack.ID, + Secret: slack.Secret, + } + out.SlackCredentials = slack } return out, nil } @@ -1335,7 +1339,7 @@ type OAuthClientCredentials struct { ClientSecret string `yaml:"client_secret"` } -func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) { +func (o *OAuthClientCredentials) Parse() (*servicecfg.OAuthClientCredentials, error) { if o.ClientID == "" || o.ClientSecret == "" { return nil, trace.BadParameter("both client_id and client_secret paths must be specified") } @@ -1354,7 +1358,7 @@ func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) { } clientSecret = strings.TrimSpace(string(content)) - return &oauth2.ClientCredentials{ + return &servicecfg.OAuthClientCredentials{ ID: clientID, Secret: clientSecret, }, nil diff --git a/lib/service/servicecfg/auth.go b/lib/service/servicecfg/auth.go index 3663ea25ae0ea..b6e5c143c2486 100644 --- a/lib/service/servicecfg/auth.go +++ b/lib/service/servicecfg/auth.go @@ -178,7 +178,18 @@ type HostedPluginsConfig struct { // PluginOAuthProviders holds application credentials for each // 3rd party API provider type PluginOAuthProviders struct { + // TODO(tross) delete once teleport.e has been converted. + // Deprecated: use SlackCredentials instead. Slack *oauth2.ClientCredentials + + SlackCredentials *OAuthClientCredentials +} + +// OAuthClientCredentials stores the client_id and client_secret +// of an OAuth application. +type OAuthClientCredentials struct { + ID string + Secret string } // KeystoreConfig configures the auth keystore.