From 7c286299d54ad7ca5e971cb2cb13bce98ac76503 Mon Sep 17 00:00:00 2001 From: tserakhau Date: Mon, 16 Dec 2024 11:19:19 +0100 Subject: [PATCH 1/3] Expose OAuth2 Config Fixes https://github.com/ydb-platform/ydb-go-sdk/issues/1592 --- credentials/options.go | 6 ++++++ internal/credentials/oauth2.go | 38 ++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/credentials/options.go b/credentials/options.go index 399612e1b..143ecd1a7 100644 --- a/credentials/options.go +++ b/credentials/options.go @@ -9,6 +9,12 @@ import ( "github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials" ) +type OAuth2Config = credentials.OAuth2Config + +type StringOrArrayConfig = credentials.StringOrArrayConfig + +type OAuth2TokenSourceConfig = credentials.OAuth2TokenSourceConfig + type Oauth2TokenExchangeCredentialsOption = credentials.Oauth2TokenExchangeCredentialsOption type TokenSource = credentials.TokenSource diff --git a/internal/credentials/oauth2.go b/internal/credentials/oauth2.go index b9e207a98..468abfd7b 100644 --- a/internal/credentials/oauth2.go +++ b/internal/credentials/oauth2.go @@ -451,11 +451,11 @@ func GetSupportedOauth2TokenExchangeJwtAlgorithms() []string { return algs } -type stringOrArrayConfig struct { +type StringOrArrayConfig struct { Values []string } -func (a *stringOrArrayConfig) UnmarshalJSON(data []byte) error { +func (a *StringOrArrayConfig) UnmarshalJSON(data []byte) error { // Case 1: string var s string err := json.Unmarshal(data, &s) @@ -497,7 +497,7 @@ func (d *prettyTTL) UnmarshalJSON(data []byte) error { } //nolint:tagliatelle -type oauth2TokenSourceConfig struct { +type OAuth2TokenSourceConfig struct { Type string `json:"type"` // Fixed @@ -510,7 +510,7 @@ type oauth2TokenSourceConfig struct { KeyID string `json:"kid"` Issuer string `json:"iss"` Subject string `json:"sub"` - Audience *stringOrArrayConfig `json:"aud"` + Audience *StringOrArrayConfig `json:"aud"` ID string `json:"jti"` TTL *prettyTTL `json:"ttl"` } @@ -529,7 +529,7 @@ func signingMethodNotSupportedError(method string) error { return fmt.Errorf("%w: %q. Supported signing methods are %s", errUnsupportedSigningMethod, method, supported) } -func (cfg *oauth2TokenSourceConfig) applyConfigFixed(tokenSrcType int) (*tokenSourceOption, error) { +func (cfg *OAuth2TokenSourceConfig) applyConfigFixed(tokenSrcType int) (*tokenSourceOption, error) { if cfg.Token == "" || cfg.TokenType == "" { return nil, xerrors.WithStackTrace(errTokenAndTokenTypeRequired) } @@ -542,7 +542,7 @@ func (cfg *oauth2TokenSourceConfig) applyConfigFixed(tokenSrcType int) (*tokenSo }, nil } -func (cfg *oauth2TokenSourceConfig) applyConfigFixedJWT(tokenSrcType int) (*tokenSourceOption, error) { +func (cfg *OAuth2TokenSourceConfig) applyConfigFixedJWT(tokenSrcType int) (*tokenSourceOption, error) { var opts []JWTTokenSourceOption if cfg.Algorithm == "" || cfg.PrivateKey == "" { @@ -591,7 +591,7 @@ func (cfg *oauth2TokenSourceConfig) applyConfigFixedJWT(tokenSrcType int) (*toke }, nil } -func (cfg *oauth2TokenSourceConfig) applyConfig(tokenSrcType int) (*tokenSourceOption, error) { +func (cfg *OAuth2TokenSourceConfig) applyConfig(tokenSrcType int) (*tokenSourceOption, error) { if strings.EqualFold(cfg.Type, "FIXED") { return cfg.applyConfigFixed(tokenSrcType) } @@ -604,19 +604,27 @@ func (cfg *oauth2TokenSourceConfig) applyConfig(tokenSrcType int) (*tokenSourceO } //nolint:tagliatelle -type oauth2Config struct { +type OAuth2Config struct { GrantType string `json:"grant-type"` - Resource *stringOrArrayConfig `json:"res"` - Audience *stringOrArrayConfig `json:"aud"` - Scope *stringOrArrayConfig `json:"scope"` + Resource *StringOrArrayConfig `json:"res"` + Audience *StringOrArrayConfig `json:"aud"` + Scope *StringOrArrayConfig `json:"scope"` RequestedTokenType string `json:"requested-token-type"` TokenEndpoint string `json:"token-endpoint"` - SubjectCreds *oauth2TokenSourceConfig `json:"subject-credentials"` - ActorCreds *oauth2TokenSourceConfig `json:"actor-credentials"` + SubjectCreds *OAuth2TokenSourceConfig `json:"subject-credentials"` + ActorCreds *OAuth2TokenSourceConfig `json:"actor-credentials"` } -func (cfg *oauth2Config) applyConfig(opts *[]Oauth2TokenExchangeCredentialsOption) error { +func (cfg *OAuth2Config) AsOptions() ([]Oauth2TokenExchangeCredentialsOption, error) { + var fullOptions []Oauth2TokenExchangeCredentialsOption + if err := cfg.applyConfig(&fullOptions); err != nil { + return nil, xerrors.WithStackTrace(err) + } + return fullOptions, nil +} + +func (cfg *OAuth2Config) applyConfig(opts *[]Oauth2TokenExchangeCredentialsOption) error { if cfg.GrantType != "" { *opts = append(*opts, WithGrantType(cfg.GrantType)) } @@ -669,7 +677,7 @@ func NewOauth2TokenExchangeCredentialsFile( return nil, xerrors.WithStackTrace(fmt.Errorf("%w: %w", errCouldNotReadConfigFile, err)) } - var cfg oauth2Config + var cfg OAuth2Config if err = json.Unmarshal(configFileData, &cfg); err != nil { return nil, xerrors.WithStackTrace(fmt.Errorf("%w: %w", errCouldNotUnmarshalJSON, err)) } From bdefeac65a6899892d01aa2c46361f7bb4ad2584 Mon Sep 17 00:00:00 2001 From: tserakhau Date: Mon, 16 Dec 2024 20:25:05 +0100 Subject: [PATCH 2/3] fix pr-comments --- CHANGELOG.md | 3 +++ credentials/options.go | 2 +- internal/credentials/oauth2.go | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73335521a..3d3ac15c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## v3.95.3 +* Exposed `credentials/credentials.OAuth2Config` OAuth2 config + ## v3.95.2 * Fixed panic on multiple closing driver diff --git a/credentials/options.go b/credentials/options.go index 143ecd1a7..49df3b857 100644 --- a/credentials/options.go +++ b/credentials/options.go @@ -11,7 +11,7 @@ import ( type OAuth2Config = credentials.OAuth2Config -type StringOrArrayConfig = credentials.StringOrArrayConfig +type OAuth2StringOrArrayConfig = credentials.StringOrArrayConfig type OAuth2TokenSourceConfig = credentials.OAuth2TokenSourceConfig diff --git a/internal/credentials/oauth2.go b/internal/credentials/oauth2.go index 468abfd7b..fafb96633 100644 --- a/internal/credentials/oauth2.go +++ b/internal/credentials/oauth2.go @@ -621,6 +621,7 @@ func (cfg *OAuth2Config) AsOptions() ([]Oauth2TokenExchangeCredentialsOption, er if err := cfg.applyConfig(&fullOptions); err != nil { return nil, xerrors.WithStackTrace(err) } + return fullOptions, nil } From df5958f642dfdaa6f734cf62b0c19a731ae07e08 Mon Sep 17 00:00:00 2001 From: Aleksey Myasnikov Date: Mon, 16 Dec 2024 23:11:55 +0300 Subject: [PATCH 3/3] Apply suggestions from code review --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d3ac15c6..3cf14162e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,3 @@ -## v3.95.3 * Exposed `credentials/credentials.OAuth2Config` OAuth2 config ## v3.95.2