Skip to content

Commit

Permalink
Allow passing in authentication client secret as an environment varia…
Browse files Browse the repository at this point in the history
…ble (#311)

Signed-off-by: Eduardo Apolinario <[email protected]>
  • Loading branch information
katrogan authored and eapolinario committed Sep 13, 2023
1 parent eb9c749 commit 6a63327
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 6 deletions.
1 change: 1 addition & 0 deletions flyteidl/clients/go/admin/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ type Config struct {
DeprecatedUseAuth bool `json:"useAuth" pflag:",Deprecated: Auth will be enabled/disabled based on admin's dynamically discovered information."`
ClientID string `json:"clientId" pflag:",Client ID"`
ClientSecretLocation string `json:"clientSecretLocation" pflag:",File containing the client secret"`
ClientSecretEnvVar string `json:"clientSecretEnvVar" pflag:",Environment variable containing the client secret"`
Scopes []string `json:"scopes" pflag:",List of scopes to request"`

// There are two ways to get the token URL. If the authorization server url is provided, the client will try to use RFC 8414 to
Expand Down
1 change: 1 addition & 0 deletions flyteidl/clients/go/admin/config_flags.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 14 additions & 0 deletions flyteidl/clients/go/admin/config_flags_test.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 12 additions & 6 deletions flyteidl/clients/go/admin/token_source_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"io/ioutil"
"os"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -134,14 +135,19 @@ type ClientCredentialsTokenSourceProvider struct {

func NewClientCredentialsTokenSourceProvider(ctx context.Context, cfg *Config,
clientMetadata *service.PublicClientAuthConfigResponse, tokenURL string) (TokenSourceProvider, error) {

secretBytes, err := ioutil.ReadFile(cfg.ClientSecretLocation)
if err != nil {
logger.Errorf(ctx, "Error reading secret from location %s", cfg.ClientSecretLocation)
return nil, err
var secret string
if len(cfg.ClientSecretLocation) > 0 {
secretBytes, err := ioutil.ReadFile(cfg.ClientSecretLocation)
if err != nil {
logger.Errorf(ctx, "Error reading secret from location %s", cfg.ClientSecretLocation)
return nil, err
}
secret = string(secretBytes)
} else if len(cfg.ClientSecretEnvVar) > 0 {
secret = os.Getenv(cfg.ClientSecretEnvVar)
}
secret = strings.TrimSpace(secret)

secret := strings.TrimSpace(string(secretBytes))
scopes := cfg.Scopes
if len(scopes) == 0 {
scopes = clientMetadata.Scopes
Expand Down

0 comments on commit 6a63327

Please sign in to comment.