Skip to content

Commit

Permalink
fix: Tolerate nil secret when tokenEndpointAuthMethod: none
Browse files Browse the repository at this point in the history 
Signed-off-by: Clément BUCHART <[email protected]>
  • Loading branch information
@clement-buchart
clement-buchart committed Mar 25, 2020
1 parent 38907c2 commit daa49e6
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
13 changes: 8 additions & 5 deletions controllers/oauth2client_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func (r *OAuth2ClientReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error
return ctrl.Result{}, err
}

credentials, err := parseSecret(secret)
credentials, err := parseSecret(secret, oauth2client.Spec.TokenEndpointAuthMethod)
if err != nil {
r.Log.Error(err, fmt.Sprintf("secret %s/%s is invalid", secret.Name, secret.Namespace))
if updateErr := r.updateReconciliationStatusError(ctx, &oauth2client, hydrav1alpha1.StatusInvalidSecret, err); updateErr != nil {
Expand Down Expand Up @@ -229,11 +229,14 @@ func (r *OAuth2ClientReconciler) registerOAuth2Client(ctx context.Context, c *hy
}},
},
Data: map[string][]byte{
ClientIDKey: []byte(*created.ClientID),
ClientSecretKey: []byte(*created.Secret),
ClientIDKey: []byte(*created.ClientID),
},
}

if created.Secret != nil {
clientSecret.Data[ClientSecretKey] = []byte(*created.Secret)
}

if err := r.Create(ctx, &clientSecret); err != nil {
if updateErr := r.updateReconciliationStatusError(ctx, c, hydrav1alpha1.StatusCreateSecretFailed, err); updateErr != nil {
return updateErr
Expand Down Expand Up @@ -310,15 +313,15 @@ func (r *OAuth2ClientReconciler) updateClientStatus(ctx context.Context, c *hydr
return nil
}

func parseSecret(secret apiv1.Secret) (*hydra.Oauth2ClientCredentials, error) {
func parseSecret(secret apiv1.Secret, authMethod hydrav1alpha1.TokenEndpointAuthMethod) (*hydra.Oauth2ClientCredentials, error) {

id, found := secret.Data[ClientIDKey]
if !found {
return nil, errors.New(`"client_id property missing"`)
}

psw, found := secret.Data[ClientSecretKey]
if !found {
if !found && authMethod != "none" {
return nil, errors.New(`"client_secret property missing"`)
}

Expand Down
4 changes: 3 additions & 1 deletion hydra/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ type Oauth2ClientCredentials struct {

func (oj *OAuth2ClientJSON) WithCredentials(credentials *Oauth2ClientCredentials) *OAuth2ClientJSON {
oj.ClientID = pointer.StringPtr(string(credentials.ID))
oj.Secret = pointer.StringPtr(string(credentials.Password))
if credentials.Password != nil {
oj.Secret = pointer.StringPtr(string(credentials.Password))
}
return oj
}

0 comments on commit daa49e6

Please sign in to comment.