From acbf8184114107f6e2e509cf35f58e5e519b959b Mon Sep 17 00:00:00 2001
From: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
Date: Thu, 10 Nov 2022 15:41:29 +0530
Subject: [PATCH] Adding configurable audience property for flyte clients
 (#485)

* Adding configurable audience property for flyte clients

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

* gen

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>

Signed-off-by: pmahindrakar-oss <prafulla.mahindrakar@gmail.com>
---
 auth/authzserver/metadata_provider.go      |  1 +
 auth/authzserver/metadata_provider_test.go |  2 ++
 auth/config/config_flags.go                |  1 +
 auth/config/config_flags_test.go           | 14 ++++++++++++++
 auth/config/third_party_config.go          |  1 +
 go.sum                                     |  2 --
 pkg/config/serverconfig_flags.go           |  1 +
 pkg/config/serverconfig_flags_test.go      | 14 ++++++++++++++
 8 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/auth/authzserver/metadata_provider.go b/auth/authzserver/metadata_provider.go
index 6e6ed79a7e..bba6f47c40 100644
--- a/auth/authzserver/metadata_provider.go
+++ b/auth/authzserver/metadata_provider.go
@@ -90,6 +90,7 @@ func (s OAuth2MetadataProvider) GetPublicClientConfig(context.Context, *service.
 		RedirectUri:              s.cfg.AppAuth.ThirdParty.FlyteClientConfig.RedirectURI,
 		Scopes:                   s.cfg.AppAuth.ThirdParty.FlyteClientConfig.Scopes,
 		AuthorizationMetadataKey: s.cfg.GrpcAuthorizationHeader,
+		Audience:                 s.cfg.AppAuth.ThirdParty.FlyteClientConfig.Audience,
 	}, nil
 }
 
diff --git a/auth/authzserver/metadata_provider_test.go b/auth/authzserver/metadata_provider_test.go
index 527091c71b..b3606ac4a1 100644
--- a/auth/authzserver/metadata_provider_test.go
+++ b/auth/authzserver/metadata_provider_test.go
@@ -24,6 +24,7 @@ func TestOAuth2MetadataProvider_FlyteClient(t *testing.T) {
 					ClientID:    "my-client",
 					RedirectURI: "client/",
 					Scopes:      []string{"all"},
+					Audience:    "http://dummyServer",
 				},
 			},
 		},
@@ -35,6 +36,7 @@ func TestOAuth2MetadataProvider_FlyteClient(t *testing.T) {
 	assert.Equal(t, "my-client", resp.ClientId)
 	assert.Equal(t, "client/", resp.RedirectUri)
 	assert.Equal(t, []string{"all"}, resp.Scopes)
+	assert.Equal(t, "http://dummyServer", resp.Audience)
 }
 
 func TestOAuth2MetadataProvider_OAuth2Metadata(t *testing.T) {
diff --git a/auth/config/config_flags.go b/auth/config/config_flags.go
index a131931642..2a27504069 100755
--- a/auth/config/config_flags.go
+++ b/auth/config/config_flags.go
@@ -77,5 +77,6 @@ func (cfg Config) GetPFlagSet(prefix string) *pflag.FlagSet {
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "appAuth.thirdPartyConfig.flyteClient.clientId"), DefaultConfig.AppAuth.ThirdParty.FlyteClientConfig.ClientID, "public identifier for the app which handles authorization for a Flyte deployment")
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "appAuth.thirdPartyConfig.flyteClient.redirectUri"), DefaultConfig.AppAuth.ThirdParty.FlyteClientConfig.RedirectURI, "This is the callback uri registered with the app which handles authorization for a Flyte deployment")
 	cmdFlags.StringSlice(fmt.Sprintf("%v%v", prefix, "appAuth.thirdPartyConfig.flyteClient.scopes"), DefaultConfig.AppAuth.ThirdParty.FlyteClientConfig.Scopes, "Recommended scopes for the client to request.")
+	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "appAuth.thirdPartyConfig.flyteClient.audience"), DefaultConfig.AppAuth.ThirdParty.FlyteClientConfig.Audience, "Audience to use when initiating OAuth2 authorization requests.")
 	return cmdFlags
 }
diff --git a/auth/config/config_flags_test.go b/auth/config/config_flags_test.go
index 12a18a1f99..5e835f66ee 100755
--- a/auth/config/config_flags_test.go
+++ b/auth/config/config_flags_test.go
@@ -477,4 +477,18 @@ func TestConfig_SetFlags(t *testing.T) {
 			}
 		})
 	})
+	t.Run("Test_appAuth.thirdPartyConfig.flyteClient.audience", func(t *testing.T) {
+
+		t.Run("Override", func(t *testing.T) {
+			testValue := "1"
+
+			cmdFlags.Set("appAuth.thirdPartyConfig.flyteClient.audience", testValue)
+			if vString, err := cmdFlags.GetString("appAuth.thirdPartyConfig.flyteClient.audience"); err == nil {
+				testDecodeJson_Config(t, fmt.Sprintf("%v", vString), &actual.AppAuth.ThirdParty.FlyteClientConfig.Audience)
+
+			} else {
+				assert.FailNow(t, err.Error())
+			}
+		})
+	})
 }
diff --git a/auth/config/third_party_config.go b/auth/config/third_party_config.go
index b7474d6100..3b9b97896e 100644
--- a/auth/config/third_party_config.go
+++ b/auth/config/third_party_config.go
@@ -10,6 +10,7 @@ type FlyteClientConfig struct {
 	ClientID    string   `json:"clientId" pflag:",public identifier for the app which handles authorization for a Flyte deployment"`
 	RedirectURI string   `json:"redirectUri" pflag:",This is the callback uri registered with the app which handles authorization for a Flyte deployment"`
 	Scopes      []string `json:"scopes" pflag:",Recommended scopes for the client to request."`
+	Audience    string   `json:"audience" pflag:",Audience to use when initiating OAuth2 authorization requests."`
 }
 
 func (o ThirdPartyConfigOptions) IsEmpty() bool {
diff --git a/go.sum b/go.sum
index ea06e1e62d..4d8ad98cd2 100644
--- a/go.sum
+++ b/go.sum
@@ -352,8 +352,6 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/flyteorg/flyteidl v1.1.21 h1:09/xqYWFdUA22bVWKLjkSzhhSJfaJmDAraczpJ/Yiis=
-github.com/flyteorg/flyteidl v1.1.21/go.mod h1:f0AFl7RFycH7+JLq2th0ReH7v+Xse+QTw4jGdIxiS8I=
 github.com/flyteorg/flyteidl v1.2.0 h1:snJPpc5a5Gr4GXYiAMX6Io1edT91ZxN/7oE6uhydrvk=
 github.com/flyteorg/flyteidl v1.2.0/go.mod h1:f0AFl7RFycH7+JLq2th0ReH7v+Xse+QTw4jGdIxiS8I=
 github.com/flyteorg/flyteplugins v1.0.10 h1:XBycM4aOSE/WlI8iP9vqogKGXy4FMfVCUUfzxJus/p4=
diff --git a/pkg/config/serverconfig_flags.go b/pkg/config/serverconfig_flags.go
index 54d374c80d..ebdf12deb7 100755
--- a/pkg/config/serverconfig_flags.go
+++ b/pkg/config/serverconfig_flags.go
@@ -69,6 +69,7 @@ func (cfg ServerConfig) GetPFlagSet(prefix string) *pflag.FlagSet {
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "thirdPartyConfig.flyteClient.clientId"), defaultServerConfig.DeprecatedThirdPartyConfig.FlyteClientConfig.ClientID, "public identifier for the app which handles authorization for a Flyte deployment")
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "thirdPartyConfig.flyteClient.redirectUri"), defaultServerConfig.DeprecatedThirdPartyConfig.FlyteClientConfig.RedirectURI, "This is the callback uri registered with the app which handles authorization for a Flyte deployment")
 	cmdFlags.StringSlice(fmt.Sprintf("%v%v", prefix, "thirdPartyConfig.flyteClient.scopes"), defaultServerConfig.DeprecatedThirdPartyConfig.FlyteClientConfig.Scopes, "Recommended scopes for the client to request.")
+	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "thirdPartyConfig.flyteClient.audience"), defaultServerConfig.DeprecatedThirdPartyConfig.FlyteClientConfig.Audience, "Audience to use when initiating OAuth2 authorization requests.")
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "dataProxy.upload.maxSize"), defaultServerConfig.DataProxy.Upload.MaxSize.String(), "Maximum allowed upload size.")
 	cmdFlags.String(fmt.Sprintf("%v%v", prefix, "dataProxy.upload.maxExpiresIn"), defaultServerConfig.DataProxy.Upload.MaxExpiresIn.String(), "Maximum allowed expiration duration.")
 	cmdFlags.Int(fmt.Sprintf("%v%v", prefix, "dataProxy.upload.defaultFileNameLength"), defaultServerConfig.DataProxy.Upload.DefaultFileNameLength, "Default length for the generated file name if not provided in the request.")
diff --git a/pkg/config/serverconfig_flags_test.go b/pkg/config/serverconfig_flags_test.go
index c2493f1106..4412be6374 100755
--- a/pkg/config/serverconfig_flags_test.go
+++ b/pkg/config/serverconfig_flags_test.go
@@ -365,6 +365,20 @@ func TestServerConfig_SetFlags(t *testing.T) {
 			}
 		})
 	})
+	t.Run("Test_thirdPartyConfig.flyteClient.audience", func(t *testing.T) {
+
+		t.Run("Override", func(t *testing.T) {
+			testValue := "1"
+
+			cmdFlags.Set("thirdPartyConfig.flyteClient.audience", testValue)
+			if vString, err := cmdFlags.GetString("thirdPartyConfig.flyteClient.audience"); err == nil {
+				testDecodeJson_ServerConfig(t, fmt.Sprintf("%v", vString), &actual.DeprecatedThirdPartyConfig.FlyteClientConfig.Audience)
+
+			} else {
+				assert.FailNow(t, err.Error())
+			}
+		})
+	})
 	t.Run("Test_dataProxy.upload.maxSize", func(t *testing.T) {
 
 		t.Run("Override", func(t *testing.T) {