Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use idtoken for auth with basic as fallback #49

Merged
merged 4 commits into from
Dec 8, 2021
Merged

Use idtoken for auth with basic as fallback #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2e8ccaa
Use idtoken for auth with basic as fallback
rxbchen Dec 3, 2021
8db0dc6
Use flags to configure auth type
rxbchen Dec 7, 2021
5e7f47c
fix typo
rxbchen Dec 8, 2021
91c46f0
Add error default case + add toLower
rxbchen Dec 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions v2/cmd/voucher_client/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ Below are the configuration options for Voucher Client:
| :---------- | :----------------------------------------------------------------------------------------- |
| `server` | The Voucher server to connect to. |
| `timeout` | The number of seconds to wait before failing (defaults to 240). |
| `username` | Username to authenticate against Voucher with. |
| `password` | Password to authenticate against Voucher with. |
| `username` | Username to authenticate against Voucher with. (When auth = basic) |
| `password` | Password to authenticate against Voucher with. (When auth = basic) |
| `auth` | The method to authenticate against Voucher with. (defaults to basic) |

Configuration options can be overridden at runtime by setting the appropriate flag. For example, if you set the "port" flag when running `voucher_server`, that value will override whatever is in the configuration.

Expand All @@ -50,6 +51,7 @@ $ voucher_client [--voucher <server> --verify --check <check to run>] <image pat

| Flag | Short Flag | Description |
| :-------- | :--------------- | :---------------------------------------------------------------------------- |
| `--auth` | `-a` | The method to authenticate against Voucher with.
| `--config` | | The path to your configuration file, (default is $HOME/.voucher.yaml) |
| `--check` | `-c` | The Check to run on the image ("all" for all checks). |
| `--voucher` | `-v` | The Voucher server to connect to. |
Expand Down
19 changes: 15 additions & 4 deletions v2/cmd/voucher_client/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package main

import (
"context"
"fmt"
"strings"
"time"

voucher "github.com/grafeas/voucher/v2"
Expand All @@ -14,6 +16,7 @@ type config struct {
Password string
Timeout int
Check string
Auth string
}

var defaultConfig = &config{}
Expand All @@ -23,11 +26,19 @@ func getCheck() string {
}

func getVoucherClient() (voucher.Interface, error) {
newClient, err := client.NewClient(defaultConfig.Server)
if nil == err {
newClient.SetBasicAuth(defaultConfig.Username, defaultConfig.Password)
switch strings.ToLower(defaultConfig.Auth) {
case "idtoken":
newClient, err := client.NewAuthClient(defaultConfig.Server)
return newClient, err
case "basic":
newClient, err := client.NewClient(defaultConfig.Server)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

neat! 👏

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the check manually (check if basic auth works) + will be testing it with cloudbuild later!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idea: be more explicit about how the basic option flows here (it's the same as the "default" case).

case "basic":
     fallthrough

Idea: maybe strings.ToLower(defaultConfig.Auth) ? The user can probably be trusted, but --auth IDTOKEN using basic auth is certainly unexpected.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point! I definitely like the idea of having default return an error! Will implement the changes you suggested

if err == nil {
newClient.SetBasicAuth(defaultConfig.Username, defaultConfig.Password)
}
return newClient, err
default:
return nil, fmt.Errorf("invalid auth value: %q", defaultConfig.Auth)
}
return newClient, err
}

func newContext() (context.Context, context.CancelFunc) {
Expand Down
2 changes: 2 additions & 0 deletions v2/cmd/voucher_client/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ func init() {
viper.BindPFlag("timeout", rootCmd.Flags().Lookup("timeout"))
rootCmd.Flags().StringVarP(&defaultConfig.Check, "check", "c", "all", "the name of the checks to run against Voucher with")
viper.BindPFlag("check", rootCmd.Flags().Lookup("check"))
rootCmd.Flags().StringVarP(&defaultConfig.Auth, "auth", "a", "basic", "the method to authenticate against Voucher with. Supported types: basic, idtoken")
lynnsh marked this conversation as resolved.
Show resolved Hide resolved
viper.BindPFlag("auth", rootCmd.Flags().Lookup("auth"))
}

// initConfig reads in config file and ENV variables if set.
Expand Down