Use omitempty on UpstreamOIDCProvider spec.authorizationConfig field.

This allows you to omit the field in creation requests, which was annoying.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-11-18 14:29:13 -06:00
parent 8a4be431f6
commit 7520dadbdd
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
6 changed files with 8 additions and 14 deletions

View File

@ -41,7 +41,7 @@ type OIDCAuthorizationConfig struct {
// AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization // AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization
// request flow with an OIDC identity provider. By default only the "openid" scope will be requested. // request flow with an OIDC identity provider. By default only the "openid" scope will be requested.
// +optional // +optional
AdditionalScopes []string `json:"additionalScopes"` AdditionalScopes []string `json:"additionalScopes,omitempty"`
} }
// OIDCClaims provides a mapping from upstream claims into identities. // OIDCClaims provides a mapping from upstream claims into identities.
@ -82,7 +82,7 @@ type UpstreamOIDCProviderSpec struct {
// AuthorizationConfig holds information about how to form the OAuth2 authorization request // AuthorizationConfig holds information about how to form the OAuth2 authorization request
// parameters to be used with this OIDC identity provider. // parameters to be used with this OIDC identity provider.
// +optional // +optional
AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig"` AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
// Claims provides the names of token claims that will be used when inspecting an identity from // Claims provides the names of token claims that will be used when inspecting an identity from
// this OIDC identity provider. // this OIDC identity provider.

View File

@ -41,7 +41,7 @@ type OIDCAuthorizationConfig struct {
// AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization // AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization
// request flow with an OIDC identity provider. By default only the "openid" scope will be requested. // request flow with an OIDC identity provider. By default only the "openid" scope will be requested.
// +optional // +optional
AdditionalScopes []string `json:"additionalScopes"` AdditionalScopes []string `json:"additionalScopes,omitempty"`
} }
// OIDCClaims provides a mapping from upstream claims into identities. // OIDCClaims provides a mapping from upstream claims into identities.
@ -82,7 +82,7 @@ type UpstreamOIDCProviderSpec struct {
// AuthorizationConfig holds information about how to form the OAuth2 authorization request // AuthorizationConfig holds information about how to form the OAuth2 authorization request
// parameters to be used with this OIDC identity provider. // parameters to be used with this OIDC identity provider.
// +optional // +optional
AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig"` AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
// Claims provides the names of token claims that will be used when inspecting an identity from // Claims provides the names of token claims that will be used when inspecting an identity from
// this OIDC identity provider. // this OIDC identity provider.

View File

@ -41,7 +41,7 @@ type OIDCAuthorizationConfig struct {
// AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization // AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization
// request flow with an OIDC identity provider. By default only the "openid" scope will be requested. // request flow with an OIDC identity provider. By default only the "openid" scope will be requested.
// +optional // +optional
AdditionalScopes []string `json:"additionalScopes"` AdditionalScopes []string `json:"additionalScopes,omitempty"`
} }
// OIDCClaims provides a mapping from upstream claims into identities. // OIDCClaims provides a mapping from upstream claims into identities.
@ -82,7 +82,7 @@ type UpstreamOIDCProviderSpec struct {
// AuthorizationConfig holds information about how to form the OAuth2 authorization request // AuthorizationConfig holds information about how to form the OAuth2 authorization request
// parameters to be used with this OIDC identity provider. // parameters to be used with this OIDC identity provider.
// +optional // +optional
AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig"` AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
// Claims provides the names of token claims that will be used when inspecting an identity from // Claims provides the names of token claims that will be used when inspecting an identity from
// this OIDC identity provider. // this OIDC identity provider.

View File

@ -41,7 +41,7 @@ type OIDCAuthorizationConfig struct {
// AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization // AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization
// request flow with an OIDC identity provider. By default only the "openid" scope will be requested. // request flow with an OIDC identity provider. By default only the "openid" scope will be requested.
// +optional // +optional
AdditionalScopes []string `json:"additionalScopes"` AdditionalScopes []string `json:"additionalScopes,omitempty"`
} }
// OIDCClaims provides a mapping from upstream claims into identities. // OIDCClaims provides a mapping from upstream claims into identities.
@ -82,7 +82,7 @@ type UpstreamOIDCProviderSpec struct {
// AuthorizationConfig holds information about how to form the OAuth2 authorization request // AuthorizationConfig holds information about how to form the OAuth2 authorization request
// parameters to be used with this OIDC identity provider. // parameters to be used with this OIDC identity provider.
// +optional // +optional
AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig"` AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
// Claims provides the names of token claims that will be used when inspecting an identity from // Claims provides the names of token claims that will be used when inspecting an identity from
// this OIDC identity provider. // this OIDC identity provider.

View File

@ -75,9 +75,6 @@ func TestSupervisorLogin(t *testing.T) {
TLS: &idpv1alpha1.TLSSpec{ TLS: &idpv1alpha1.TLSSpec{
CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.OIDCUpstream.CABundle)), CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.OIDCUpstream.CABundle)),
}, },
AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
AdditionalScopes: []string{},
},
Client: idpv1alpha1.OIDCClient{ Client: idpv1alpha1.OIDCClient{
SecretName: makeTestClientCredsSecret(t, testClientID, testClientSecret).Name, SecretName: makeTestClientCredsSecret(t, testClientID, testClientSecret).Name,
}, },

View File

@ -24,9 +24,6 @@ func TestSupervisorUpstreamOIDCDiscovery(t *testing.T) {
t.Parallel() t.Parallel()
spec := v1alpha1.UpstreamOIDCProviderSpec{ spec := v1alpha1.UpstreamOIDCProviderSpec{
Issuer: "https://127.0.0.1:444444/issuer", Issuer: "https://127.0.0.1:444444/issuer",
AuthorizationConfig: v1alpha1.OIDCAuthorizationConfig{
AdditionalScopes: []string{"email", "profile"},
},
Client: v1alpha1.OIDCClient{ Client: v1alpha1.OIDCClient{
SecretName: "does-not-exist", SecretName: "does-not-exist",
}, },