enhance: change claims actor_id to actor_scm_id

go-vela · Jun 4, 2024 · 4d69c9b · 4d69c9b
1 parent 4ad8f5a
commit 4d69c9b
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 12 deletions.
diff --git a/api/oi_config.go b/api/oi_config.go
@@ -46,7 +46,7 @@ func GetOpenIDConfig(c *gin.Context) {
 			"repo",
 			"token_type",
 			"actor",
-			"actor_id",
+			"actor_scm_id",
 			"commands",
 			"image",
 			"request",

diff --git a/api/types/oidc.go b/api/types/oidc.go
@@ -23,7 +23,7 @@ type OpenIDClaims struct {
 	BuildNumber int    `json:"build_number,omitempty"`
 	BuildID     int64  `json:"build_id,omitempty"`
 	Actor       string `json:"actor,omitempty"`
-	ActorID     string `json:"actor_id,omitempty"`
+	ActorSCMID  string `json:"actor_scm_id,omitempty"`
 	Repo        string `json:"repo,omitempty"`
 	TokenType   string `json:"token_type,omitempty"`
 	Image       string `json:"image,omitempty"`

diff --git a/internal/token/mint.go b/internal/token/mint.go
@@ -6,7 +6,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"strconv"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -151,15 +150,9 @@ func (tm *Manager) MintIDToken(ctx context.Context, mto *MintTokenOpts, db datab
 		return "", errors.New("missing build sender for ID token")
 	}
 
-	// retrieve the user id for the actor
-	u, err := db.GetUserForName(ctx, mto.Build.GetSender())
-	if err != nil {
-		return "", errors.New("unable to retrieve build sender user ID for ID token")
-	}
-
 	// set claims based on input
 	claims.Actor = mto.Build.GetSender()
-	claims.ActorID = strconv.Itoa(int(u.GetID()))
+	claims.ActorSCMID = mto.Build.GetSenderSCMID()
 	claims.BuildNumber = mto.Build.GetNumber()
 	claims.BuildID = mto.Build.GetID()
 	claims.Repo = mto.Repo
@@ -181,7 +174,7 @@ func (tm *Manager) MintIDToken(ctx context.Context, mto *MintTokenOpts, db datab
 	tk := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 
 	// verify key is active in the database before signing
-	_, err = db.GetActiveJWK(ctx, tm.RSAKeySet.KID)
+	_, err := db.GetActiveJWK(ctx, tm.RSAKeySet.KID)
 	if err != nil {
 		if !errors.Is(err, gorm.ErrRecordNotFound) {
 			return "", fmt.Errorf("unable to get active public key: %w", err)

diff --git a/mock/server/authentication.go b/mock/server/authentication.go
@@ -37,7 +37,7 @@ const (
     "repo",
     "token_type",
     "actor",
-    "actor_id",
+    "actor_scm_id",
     "commands",
     "image",
     "request"