4.5.2
This commit is contained in:
@@ -21,7 +21,6 @@ limitations under the License.
|
||||
package controller
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"io"
|
||||
@@ -38,8 +37,6 @@ import (
|
||||
"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi"
|
||||
"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudbroker"
|
||||
|
||||
jwt "github.com/golang-jwt/jwt/v4"
|
||||
|
||||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
|
||||
)
|
||||
|
||||
@@ -204,27 +201,27 @@ func ControllerConfigure(d *schema.ResourceData) (*ControllerCfg, error) {
|
||||
case MODE_DECS3O:
|
||||
// on success getDECS3OJWT will set config.jwt to the obtained JWT, so there is no
|
||||
// need to set it once again here
|
||||
_, err := ret_config.getDECS3OJWT()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// _, err := ret_config.getDECS3OJWT()
|
||||
// if err != nil {
|
||||
// return nil, err
|
||||
// }
|
||||
// we are not verifying the JWT when parsing because actual verification is done on the
|
||||
// OVC controller side. Here we do parsing solely to extract Oauth2 user name (claim "user")
|
||||
// and JWT issuer name (claim "iss")
|
||||
parser := jwt.Parser{}
|
||||
token, _, err := parser.ParseUnverified(ret_config.jwt, jwt.MapClaims{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
||||
var tbuf bytes.Buffer
|
||||
tbuf.WriteString(claims["username"].(string))
|
||||
tbuf.WriteString("@")
|
||||
tbuf.WriteString(claims["iss"].(string))
|
||||
ret_config.decort_username = tbuf.String()
|
||||
} else {
|
||||
return nil, fmt.Errorf("failed to extract user and iss fields from JWT token in oauth2 mode")
|
||||
}
|
||||
// parser := jwt.Parser{}
|
||||
// token, _, err := parser.ParseUnverified(ret_config.jwt, jwt.MapClaims{})
|
||||
// if err != nil {
|
||||
// return nil, err
|
||||
// }
|
||||
// if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
||||
// var tbuf bytes.Buffer
|
||||
// tbuf.WriteString(claims["username"].(string))
|
||||
// tbuf.WriteString("@")
|
||||
// tbuf.WriteString(claims["iss"].(string))
|
||||
// ret_config.decort_username = tbuf.String()
|
||||
// } else {
|
||||
// return nil, fmt.Errorf("failed to extract user and iss fields from JWT token in oauth2 mode")
|
||||
// }
|
||||
|
||||
sdkConf := config.Config{
|
||||
AppID: ret_config.app_id,
|
||||
@@ -263,57 +260,57 @@ func ControllerConfigure(d *schema.ResourceData) (*ControllerCfg, error) {
|
||||
return ret_config, nil
|
||||
}
|
||||
|
||||
func (config *ControllerCfg) GetDecortUsername() string {
|
||||
return config.decort_username
|
||||
}
|
||||
// func (config *ControllerCfg) GetDecortUsername() string {
|
||||
// return config.decort_username
|
||||
// }
|
||||
|
||||
func (config *ControllerCfg) getDECS3OJWT() (string, error) {
|
||||
// Obtain JWT from the Oauth2 provider using application ID and application secret provided in config.
|
||||
if config.auth_mode_code == MODE_UNDEF {
|
||||
return "", fmt.Errorf("getOAuth2JWT method called for undefined authorization mode")
|
||||
}
|
||||
if config.auth_mode_code != MODE_DECS3O {
|
||||
return "", fmt.Errorf("getOAuth2JWT method called for incompatible authorization mode %q", config.auth_mode_txt)
|
||||
}
|
||||
// func (config *ControllerCfg) getDECS3OJWT() (string, error) {
|
||||
// // Obtain JWT from the Oauth2 provider using application ID and application secret provided in config.
|
||||
// if config.auth_mode_code == MODE_UNDEF {
|
||||
// return "", fmt.Errorf("getOAuth2JWT method called for undefined authorization mode")
|
||||
// }
|
||||
// if config.auth_mode_code != MODE_DECS3O {
|
||||
// return "", fmt.Errorf("getOAuth2JWT method called for incompatible authorization mode %q", config.auth_mode_txt)
|
||||
// }
|
||||
|
||||
params := url.Values{}
|
||||
params.Add("grant_type", "client_credentials")
|
||||
params.Add("client_id", config.app_id)
|
||||
params.Add("client_secret", config.app_secret)
|
||||
params.Add("response_type", "id_token")
|
||||
params.Add("validity", "3600")
|
||||
params_str := params.Encode()
|
||||
// params := url.Values{}
|
||||
// params.Add("grant_type", "client_credentials")
|
||||
// params.Add("client_id", config.app_id)
|
||||
// params.Add("client_secret", config.app_secret)
|
||||
// params.Add("response_type", "id_token")
|
||||
// params.Add("validity", "3600")
|
||||
// params_str := params.Encode()
|
||||
|
||||
req, err := http.NewRequest("POST", config.oauth2_url+"/v1/oauth/access_token", strings.NewReader(params_str))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("Content-Length", strconv.Itoa(len(params_str)))
|
||||
// req, err := http.NewRequest("POST", config.oauth2_url+"/v1/oauth/access_token", strings.NewReader(params_str))
|
||||
// if err != nil {
|
||||
// return "", err
|
||||
// }
|
||||
// req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
// req.Header.Set("Content-Length", strconv.Itoa(len(params_str)))
|
||||
|
||||
resp, err := config.cc_client.Do(req)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
// fmt.Println("response Status:", resp.Status)
|
||||
// fmt.Println("response Headers:", resp.Header)
|
||||
// fmt.Println("response Headers:", req.URL)
|
||||
return "", fmt.Errorf("getOauth2JWT: unexpected status code %d when obtaining JWT from %q for APP_ID %q, request Body %q",
|
||||
resp.StatusCode, req.URL, config.app_id, params_str)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// resp, err := config.cc_client.Do(req)
|
||||
// if err != nil {
|
||||
// return "", err
|
||||
// }
|
||||
// if resp.StatusCode != http.StatusOK {
|
||||
// // fmt.Println("response Status:", resp.Status)
|
||||
// // fmt.Println("response Headers:", resp.Header)
|
||||
// // fmt.Println("response Headers:", req.URL)
|
||||
// return "", fmt.Errorf("getOauth2JWT: unexpected status code %d when obtaining JWT from %q for APP_ID %q, request Body %q",
|
||||
// resp.StatusCode, req.URL, config.app_id, params_str)
|
||||
// }
|
||||
// defer resp.Body.Close()
|
||||
|
||||
responseData, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
// responseData, err := io.ReadAll(resp.Body)
|
||||
// if err != nil {
|
||||
// return "", err
|
||||
// }
|
||||
|
||||
// validation successful - store JWT in the corresponding field of the ControllerCfg structure
|
||||
config.jwt = strings.TrimSpace(string(responseData))
|
||||
// // validation successful - store JWT in the corresponding field of the ControllerCfg structure
|
||||
// config.jwt = strings.TrimSpace(string(responseData))
|
||||
|
||||
return config.jwt, nil
|
||||
}
|
||||
// return config.jwt, nil
|
||||
// }
|
||||
|
||||
func (config *ControllerCfg) validateJWT(jwt string) (bool, error) {
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user