Skip to content

Commit

Permalink
Rename ExtraScopes to Scopes
Browse files Browse the repository at this point in the history
  • Loading branch information
negz committed Apr 28, 2018
1 parent 618b3b1 commit 1828594
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 23 deletions.
14 changes: 7 additions & 7 deletions cmd/kuberos/kuberos.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,11 @@ func logRequests(h http.Handler, log *zap.Logger) http.Handler {

func main() {
var (
app = kingpin.New(filepath.Base(os.Args[0]), "Provides OIDC authentication configuration for kubectl.").DefaultEnvars()
listen = app.Flag("listen", "Address at which to expose HTTP webhook.").Default(":10003").String()
debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
extraScopes = app.Flag("scopes", "List of additional scopes to provide in token.").Default("profile", "email").Strings()
grace = app.Flag("shutdown-grace-period", "Wait this long for sessions to end before shutting down.").Default("1m").Duration()
app = kingpin.New(filepath.Base(os.Args[0]), "Provides OIDC authentication configuration for kubectl.").DefaultEnvars()
listen = app.Flag("listen", "Address at which to expose HTTP webhook.").Default(":10003").String()
debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
scopes = app.Flag("scopes", "List of additional scopes to provide in token.").Default("profile", "email").Strings()
grace = app.Flag("shutdown-grace-period", "Wait this long for sessions to end before shutting down.").Default("1m").Duration()

issuerURL = app.Arg("oidc-issuer-url", "OpenID Connect issuer URL.").URL()
clientID = app.Arg("client-id", "OAuth2 client ID.").String()
Expand All @@ -72,12 +72,12 @@ func main() {
kingpin.FatalIfError(err, "cannot create OIDC provider from issuer %v", *issuerURL)
log.Debug("established OIDC provider", zap.String("url", provider.Endpoint().TokenURL))

scopes := kuberos.ScopeRequests{OfflineAsScope: kuberos.OfflineAsScope(provider), ExtraScopes: *extraScopes}
sr := kuberos.ScopeRequests{OfflineAsScope: kuberos.OfflineAsScope(provider), Scopes: *scopes}
cfg := &oauth2.Config{
ClientID: *clientID,
ClientSecret: strings.TrimSpace(string(clientSecret)),
Endpoint: provider.Endpoint(),
Scopes: scopes.Get(),
Scopes: sr.Get(),
}
e, err := extractor.NewOIDC(provider.Verifier(&oidc.Config{ClientID: *clientID}), extractor.Logger(log))
kingpin.FatalIfError(err, "cannot setup OIDC extractor")
Expand Down
32 changes: 16 additions & 16 deletions kuberos.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ const (
schemeHTTP = "http"
schemeHTTPS = "https"

headerForwardedProto = "X-Forwarded-Proto"
headerForwardedFor = "X-Forwarded-For"
headerForwardedPrefix = "X-Forwarded-Prefix"
headerForwardedProto = "X-Forwarded-Proto"
headerForwardedFor = "X-Forwarded-For"
headerForwardedPrefix = "X-Forwarded-Prefix"

urlParamState = "state"
urlParamCode = "code"
Expand Down Expand Up @@ -124,7 +124,7 @@ func OfflineAsScope(p *oidc.Provider) bool {
// ScopeRequests configures the oauth2 scopes to request during authentication.
type ScopeRequests struct {
OfflineAsScope bool
ExtraScopes []string
Scopes []string
}

// Get the scopes to request during authentication.
Expand All @@ -133,7 +133,7 @@ func (r *ScopeRequests) Get() []string {
if r.OfflineAsScope {
scopes = append(scopes, oidc.ScopeOfflineAccess)
}
return append(scopes, r.ExtraScopes...)
return append(scopes, r.Scopes...)
}

// Handlers provides HTTP handlers for the Kubernary service.
Expand Down Expand Up @@ -293,18 +293,18 @@ func redirectURL(r *http.Request, endpoint *url.URL) string {

for h, v := range r.Header {
switch h {
case headerForwardedProto:
// Redirect to HTTPS if we're listening on HTTP behind an HTTPS ELB.
for _, proto := range v {
if proto == schemeHTTPS {
u.Scheme = schemeHTTPS
}
}
case headerForwardedPrefix:
// Redirect includes X-Forwarded-Prefix if exists
for _, prefix := range v {
u.Path = prefix
case headerForwardedProto:
// Redirect to HTTPS if we're listening on HTTP behind an HTTPS ELB.
for _, proto := range v {
if proto == schemeHTTPS {
u.Scheme = schemeHTTPS
}
}
case headerForwardedPrefix:
// Redirect includes X-Forwarded-Prefix if exists
for _, prefix := range v {
u.Path = prefix
}
}
}
// TODO(negz): Set port if X-Forwarded-Port exists?
Expand Down

0 comments on commit 1828594

Please sign in to comment.