From eb77ce4d3a7117de1a4d1668452967838709b161 Mon Sep 17 00:00:00 2001
From: Valentin Knabel <dev@vknabel.com>
Date: Mon, 3 Feb 2025 14:48:39 +0100
Subject: [PATCH] feat: add support for non-Admin HMACs

---
 README.md          | 1 +
 cmd/root.go        | 7 ++++++-
 pkg/api/context.go | 6 ++++--
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7125501f..c680c66e 100644
--- a/README.md
+++ b/README.md
@@ -87,6 +87,7 @@ contexts:
     client_id: metal_client
     client_secret: 456
     hmac: YOUR_HMAC
+    hmacAuthType: THE_AUTH_TYPE_OF_YOUR_HMAC # Metal-Admin, Metal-Edit or Metal-View
 ```
 
 Optional you can specify `issuer_type: generic` if you use other issuers as Dex, e.g. Keycloak (this will request scopes `openid,profile,email`):
diff --git a/cmd/root.go b/cmd/root.go
index 6a64bbd7..e151b1c9 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -203,6 +203,11 @@ func initConfigWithViperCtx(c *config) error {
 	if hmacKey == "" && ctx.HMAC != nil {
 		hmacKey = *ctx.HMAC
 	}
+	hmacAuthType := viper.GetString("hmac-auth-type")
+	if hmacAuthType == "" && ctx.HMACAuthType != "" {
+		hmacAuthType = ctx.HMACAuthType
+	}
+
 	apiToken := viper.GetString("api-token")
 
 	// if there is no api token explicitly specified we try to pull it out of the kubeconfig context
@@ -215,7 +220,7 @@ func initConfigWithViperCtx(c *config) error {
 		}
 	}
 
-	client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey)
+	client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey, metalgo.AuthType(hmacAuthType))
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/context.go b/pkg/api/context.go
index 87bf1d7f..8107742d 100644
--- a/pkg/api/context.go
+++ b/pkg/api/context.go
@@ -25,11 +25,13 @@ type Context struct {
 	ClientID     string  `yaml:"client_id"`
 	ClientSecret string  `yaml:"client_secret"`
 	HMAC         *string `yaml:"hmac"`
+	HMACAuthType string  `yaml:"hmac_auth_type,omitempty"`
 }
 
 var defaultCtx = Context{
-	ApiURL:    "http://localhost:8080/cloud",
-	IssuerURL: "http://localhost:8080/",
+	ApiURL:       "http://localhost:8080/cloud",
+	IssuerURL:    "http://localhost:8080/",
+	HMACAuthType: "Metal-Admin",
 }
 
 func GetContexts() (*Contexts, error) {