lunarway · mahlunar · Dec 15, 2023 · Nov 5, 2023 · Nov 5, 2023 · Nov 5, 2023
@@ -64,6 +64,11 @@ else
 	RELEASE_MANAGER_INTEGRATION_RABBITMQ_HOST=localhost go test -count=1 ./...
 endif
 
+HAMCTL_OAUTH_IDP_URL=https://idpurl
+HAMCTL_OAUTH_CLIENT_ID=client-id
+JWKS_URLS=https://jwksurls/v1/keys
+JWT_AUDIENCE=audience
+JWT_ISSUER=issuer
 
 AUTH_TOKEN=test
 SSH_PRIVATE_KEY=~/.ssh/github
@@ -87,7 +92,10 @@ SERVER_START=./dist/server start \
 		--log.development t \
 		--config-repo ${CONFIG_REPO} \
 		--user-mappings '${USER_MAPPINGS}' \
-		--policy-branch-restrictions '${BRANCH_RESTRICTIONS}'
+		--policy-branch-restrictions '${BRANCH_RESTRICTIONS}' \
+		--jwks-urls '${JWKS_URLS}' \
+		--jwt-audience '${JWT_AUDIENCE}' \
+		--jwt-issuer '${JWT_ISSUER}'
 
 server-memory: build_server
 		$(SERVER_START) \
@@ -102,6 +110,20 @@ server-rabbitmq: build_server
 		--amqp-user ${AMQP_USER} \
 		--amqp-password ${AMQP_PASSWORD}
 
+SERVER_URL=http://localhost:8080
+DAEMON_OAUTH_IDP_URL=https://idpurl
+DAEMON_OAUTH_CLIENT_ID=client-id
+DAEMON_OAUTH_CLIENT_SECRET=secret
+
+daemon: build_daemon
+	./dist/daemon start \
+		--release-manager-url '${SERVER_URL}' \
+		--environment local \
+		--kubeconfig '${KUBECONFIG}' \
+		--idp-url '${DAEMON_OAUTH_IDP_URL}' \
+		--client-id '${DAEMON_OAUTH_CLIENT_ID}' \
+		--client-secret '${DAEMON_OAUTH_CLIENT_SECRET}'
+
 artifact-init:
 	USER_MAPPINGS="[email protected][email protected],[email protected][email protected]" ./dist/artifact init --slack-token ${SLACK_TOKEN} --artifact-id "master-deed62270f-854d930ecb" --name "lunar-way-product-service" --service "product" --git-author-name "Kasper Nissen" --git-author-email "[email protected]" --git-message "This is a test message" --git-committer-name "Bjørn Sørensen" --git-committer-email "[email protected]" --git-sha deed62270f24f1ca8cf2c19b505b2c88036e1b1c --git-branch master --url "https://bitbucket.org/LunarWay/lunar-way-product-service/commits/a05e314599a7c202724d46a009fcc0f493bce035" --ci-job-url "https://jenkins.corp.com/job/bitbucket/job/lunar-way-product-service/job/master/170/display/redirect"
 

@@ -103,10 +103,14 @@ example_resources:
 	echo "$$FLUX_KUSTOMIZATION" > examples/prod/kustomization.yaml
 
 RELEASE_MANAGER_URL=http://localhost:8080
-RELEASE_MANAGER_AUTH_TOKEN=test
+OAUTH_IDP_URL=https://idpurl
+OAUTH_CLIENT_ID=id
+OAUTH_CLIENT_SECRET=secret
 
 test_push: example example_resources
 	./artifact push \
 		--root examples \
 		--http-base-url ${RELEASE_MANAGER_URL} \
-		--http-auth-token ${RELEASE_MANAGER_AUTH_TOKEN}
+		--client-id ${OAUTH_CLIENT_ID} \
+		--client-secret ${OAUTH_CLIENT_SECRET} \
+		--idp-url ${OAUTH_IDP_URL}
@@ -15,21 +15,22 @@ import (
 
 func pushCommand(options *Options) *cobra.Command {
 	releaseManagerClient := httpinternal.Client{}
-
+	var idpURL, clientID, clientSecret string
 	command := &cobra.Command{
 		Use:   "push",
 		Short: "push artifact to artifact repository",
 		RunE: func(c *cobra.Command, args []string) error {
 			var artifactID string
 			var err error
 			ctx := context.Background()
+			authenticator := httpinternal.NewClientAuthenticator(clientID, clientSecret, idpURL)
+			releaseManagerClient.Auth = &authenticator
 
-			if releaseManagerClient.Metadata.AuthToken != "" {
-				artifactID, err = flow.PushArtifactToReleaseManager(ctx, &releaseManagerClient, options.FileName, options.RootPath)
-				if err != nil {
-					return err
-				}
+			artifactID, err = flow.PushArtifactToReleaseManager(ctx, &releaseManagerClient, options.FileName, options.RootPath)
+			if err != nil {
+				return err
 			}
+
 			client, err := intslack.NewClient(slack.New(options.SlackToken), options.UserMappings, options.EmailSuffix)
 			if err != nil {
 				fmt.Printf("Error, not able to create Slack client in successful command: %v", err)
@@ -47,13 +48,19 @@ func pushCommand(options *Options) *cobra.Command {
 		},
 	}
 	command.Flags().StringVar(&releaseManagerClient.BaseURL, "http-base-url", os.Getenv("ARTIFACT_URL"), "address of the http release manager server")
-	command.Flags().StringVar(&releaseManagerClient.Metadata.AuthToken, "http-auth-token", "", "auth token for the http service")
+	command.Flags().StringVar(&idpURL, "idp-url", "", "the url of the identity provider")
+	command.Flags().StringVar(&clientID, "client-id", "", "client id of this application issued by the identity provider")
+	command.Flags().StringVar(&clientSecret, "client-secret", "", "the client secret")
 
 	// errors are skipped here as the only case they can occour are if thee flag
 	// does not exist on the command.
 	//nolint:errcheck
 	command.MarkFlagRequired("http-base-url")
 	//nolint:errcheck
-	command.MarkFlagRequired("http-auth-token")
+	command.MarkFlagRequired("idp-url")
+	//nolint:errcheck
+	command.MarkFlagRequired("client-id")
+	//nolint:errcheck
+	command.MarkFlagRequired("client-secret")
 	return command
 }
@@ -21,6 +21,7 @@ import (
 // 3. Detects CreateContainerConfigError, and fetches the message about the wrong config.
 func StartDaemon() *cobra.Command {
 	var environment, kubeConfigPath string
+	var idpURL, clientID, clientSecret string
 	var moduloCrashReportNotif float64
 	var logConfiguration *log.Configuration
 
@@ -34,6 +35,9 @@ func StartDaemon() *cobra.Command {
 			logConfiguration.ParseFromEnvironmnet()
 			log.Init(logConfiguration)
 
+			authenticator := httpinternal.NewClientAuthenticator(clientID, clientSecret, idpURL)
+			client.Auth = &authenticator
+
 			exporter := &kubernetes.ReleaseManagerExporter{
 				Log:         log.With("type", "k8s-exporter"),
 				Client:      client,
@@ -98,15 +102,24 @@ func StartDaemon() *cobra.Command {
 		},
 	}
 	command.Flags().StringVar(&client.BaseURL, "release-manager-url", os.Getenv("RELEASE_MANAGER_ADDRESS"), "address of the release-manager, e.g. http://release-manager")
-	command.Flags().StringVar(&client.Metadata.AuthToken, "auth-token", os.Getenv("DAEMON_AUTH_TOKEN"), "token to be used to communicate with the release-manager")
 	command.Flags().DurationVar(&client.Timeout, "http-timeout", 20*time.Second, "HTTP request timeout")
 	command.Flags().StringVar(&environment, "environment", "", "environment where release-daemon is running")
 	command.Flags().StringVar(&kubeConfigPath, "kubeconfig", "", "path to kubeconfig file. If not specified, then daemon is expected to run inside kubernetes")
 	command.Flags().Float64Var(&moduloCrashReportNotif, "modulo-crash-report-notif", 5, "modulo for how often to report CrashLoopBackOff events")
+	command.Flags().StringVar(&idpURL, "idp-url", "", "the url of the identity provider")
+	command.Flags().StringVar(&clientID, "client-id", "", "client id of this application issued by the identity provider")
+	command.Flags().StringVar(&clientSecret, "client-secret", "", "the client secret")
+
 	// errors are skipped here as the only case they can occour are if thee flag
 	// does not exist on the command.
 	//nolint:errcheck
 	command.MarkFlagRequired("environment")
+	//nolint:errcheck
+	command.MarkFlagRequired("idp-url")
+	//nolint:errcheck
+	command.MarkFlagRequired("client-id")
+	//nolint:errcheck
+	command.MarkFlagRequired("client-secret")
 	logConfiguration = log.RegisterFlags(command)
 	return command
 }
@@ -3,31 +3,23 @@ package actions
 import (
 	"net/http"
 
-	"github.com/lunarway/release-manager/internal/git"
 	httpinternal "github.com/lunarway/release-manager/internal/http"
 	"github.com/lunarway/release-manager/internal/intent"
 )
 
-//go:generate moq -rm -out config_mock.go . GitConfigAPI
-type GitConfigAPI interface {
-	CommitterDetails() (*git.CommitterDetails, error)
-}
-
 type ReleaseResult struct {
 	Response    httpinternal.ReleaseResponse
 	Environment string
 	Error       error
 }
 
 type ReleaseHttpClient struct {
-	gitConfigAPI GitConfigAPI
-	client       *httpinternal.Client
+	client *httpinternal.Client
 }
 
-func NewReleaseHttpClient(gitConfigAPI GitConfigAPI, client *httpinternal.Client) *ReleaseHttpClient {
+func NewReleaseHttpClient(client *httpinternal.Client) *ReleaseHttpClient {
 	return &ReleaseHttpClient{
-		gitConfigAPI: gitConfigAPI,
-		client:       client,
+		client: client,
 	}
 }
 
@@ -44,23 +36,17 @@ func (hc *ReleaseHttpClient) ReleaseArtifactID(service, environment string, arti
 // environments.
 func (hc *ReleaseHttpClient) ReleaseArtifactIDMultipleEnvironments(service string, environments []string, artifactID string, intent intent.Intent) ([]ReleaseResult, error) {
 	var results []ReleaseResult
-	committer, err := hc.gitConfigAPI.CommitterDetails()
-	if err != nil {
-		return nil, err
-	}
 	path, err := hc.client.URL("release")
 	if err != nil {
 		return nil, err
 	}
 	for _, environment := range environments {
 		var resp httpinternal.ReleaseResponse
 		err = hc.client.Do(http.MethodPost, path, httpinternal.ReleaseRequest{
-			Service:        service,
-			Environment:    environment,
-			ArtifactID:     artifactID,
-			CommitterName:  committer.Name,
-			CommitterEmail: committer.Email,
-			Intent:         intent,
+			Service:     service,
+			Environment: environment,
+			ArtifactID:  artifactID,
+			Intent:      intent,
 		}, &resp)
 
 		results = append(results, ReleaseResult{

@@ -0,0 +1,17 @@
+package command
+
+import (
+	"github.com/lunarway/release-manager/internal/http"
+	"github.com/spf13/cobra"
+)
+
+func Login(authenticator http.UserAuthenticator) *cobra.Command {
+	return &cobra.Command{
+		Use:   "login",
+		Short: `Log into the configured IdP`,
+		Args:  cobra.ExactArgs(0),
+		RunE: func(c *cobra.Command, args []string) error {
+			return authenticator.Login(c.Context())
+		},
+	}
+}
@@ -7,7 +7,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func NewPolicy(client *http.Client, service *string, gitConfigAPI GitConfigAPI) *cobra.Command {
+func NewPolicy(client *http.Client, service *string) *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "policy",
 		Short: "Manage release policies for services.",
@@ -28,8 +28,8 @@ func NewPolicy(client *http.Client, service *string, gitConfigAPI GitConfigAPI)
 			c.HelpFunc()(c, args)
 		},
 	}
-	command.AddCommand(policy.NewApply(client, service, gitConfigAPI))
+	command.AddCommand(policy.NewApply(client, service))
 	command.AddCommand(policy.NewList(client, service))
-	command.AddCommand(policy.NewDelete(client, service, gitConfigAPI))
+	command.AddCommand(policy.NewDelete(client, service))
 	return command
 }