From c0d01c314972a8a7e7b1f1db805afac3ef52664a Mon Sep 17 00:00:00 2001 From: t-katsumura Date: Thu, 1 Dec 2022 01:52:29 +0900 Subject: [PATCH] refactor method --- pkg/apis/options/legacy_options.go | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/pkg/apis/options/legacy_options.go b/pkg/apis/options/legacy_options.go index c4dcdc3806..9f36eaa39e 100644 --- a/pkg/apis/options/legacy_options.go +++ b/pkg/apis/options/legacy_options.go @@ -543,6 +543,9 @@ type LegacyProvider struct { func legacyProviderFlagSet() *pflag.FlagSet { flagSet := pflag.NewFlagSet("provider", pflag.ExitOnError) + addCredentialsFlag(flagSet) + addEndpointsFlag(flagSet) + flagSet.StringSlice("keycloak-group", []string{}, "restrict logins to members of these groups (may be given multiple times)") flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.") flagSet.String("azure-graph-group-field", "", "configures the group field to be used when building the groups list(`id` or `displayName`. Default is `id`) from Microsoft Graph(available only for v2.0 oidc url). Based on this value, the `allowed-group` config values should be adjusted accordingly. If using `id` as group field, `allowed-group` should contains groups IDs, if using `displayName` as group field, `allowed-group` should contains groups name") @@ -555,9 +558,6 @@ func legacyProviderFlagSet() *pflag.FlagSet { flagSet.StringSlice("github-user", []string{}, "allow users with these usernames to login even if they do not belong to the specified org and team or collaborators (may be given multiple times)") flagSet.StringSlice("gitlab-group", []string{}, "restrict logins to members of this group (may be given multiple times)") flagSet.StringSlice("gitlab-project", []string{}, "restrict logins to members of this project (may be given multiple times) (eg `group/project=accesslevel`). Access level should be a value matching Gitlab access levels (see https://docs.gitlab.com/ee/api/members.html#valid-access-levels), defaulted to 20 if absent") - flagSet.String("client-id", "", "the OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"") - flagSet.String("client-secret", "", "the OAuth Client Secret") - flagSet.String("client-secret-file", "", "the file with OAuth Client Secret") flagSet.String("provider", "google", "OAuth provider") flagSet.String("provider-display-name", "", "Provider display name") @@ -572,12 +572,7 @@ func legacyProviderFlagSet() *pflag.FlagSet { flagSet.String("oidc-email-claim", OIDCEmailClaim, "which OIDC claim contains the user's email") flagSet.StringSlice("oidc-audience-claim", OIDCAudienceClaims, "which OIDC claims are used as audience to verify against client id") flagSet.StringSlice("oidc-extra-audience", []string{}, "additional audiences allowed to pass audience verification") - flagSet.String("login-url", "", "Authentication endpoint") - flagSet.String("redeem-url", "", "Token redemption endpoint") - flagSet.String("profile-url", "", "Profile access endpoint") flagSet.String("resource", "", "The resource that is protected (Azure AD only)") - flagSet.String("validate-url", "", "Access token validation endpoint") - flagSet.String("introspect-url", "", "Access token introspection endpoint") flagSet.Bool("introspect-token", false, "Validate token with token introspection endpoint") flagSet.String("scope", "", "OAuth scope specification") flagSet.String("prompt", "", "OIDC prompt") @@ -608,6 +603,20 @@ func legacyGoogleFlagSet() *pflag.FlagSet { return flagSet } +func addCredentialsFlag(flagSet *pflag.FlagSet) { + flagSet.String("client-id", "", "the OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"") + flagSet.String("client-secret", "", "the OAuth Client Secret") + flagSet.String("client-secret-file", "", "the file with OAuth Client Secret") +} + +func addEndpointsFlag(flagSet *pflag.FlagSet) { + flagSet.String("login-url", "", "Authentication endpoint") + flagSet.String("redeem-url", "", "Token redemption endpoint") + flagSet.String("profile-url", "", "Profile access endpoint") + flagSet.String("validate-url", "", "Access token validation endpoint") + flagSet.String("introspect-url", "", "Access token introspection endpoint") +} + func (l LegacyServer) convert() (Server, Server) { appServer := Server{ BindAddress: l.HTTPAddress,