pomerium/config/identity.go
Caleb Doxsey 5373e25ac4
core/config: add support for stripping the port for matching routes (#5085)
* core/config: add support for stripping the port for matching routes

* fix test

* rename option, improve port detection

* add more test cases
2024-04-26 08:24:46 -06:00

67 lines
1.9 KiB
Go

package config
import (
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/grpc/identity"
)
// GetIdentityProviderForID returns the identity provider associated with the given IDP id.
// If none is found the default provider is returned.
func (o *Options) GetIdentityProviderForID(idpID string) (*identity.Provider, error) {
for _, p := range o.GetAllPolicies() {
p := p
idp, err := o.GetIdentityProviderForPolicy(&p)
if err != nil {
return nil, err
}
if idp.GetId() == idpID {
return idp, nil
}
}
return o.GetIdentityProviderForPolicy(nil)
}
// GetIdentityProviderForPolicy gets the identity provider associated with the given policy.
// If policy is nil, or changes none of the default settings, the default provider is returned.
func (o *Options) GetIdentityProviderForPolicy(policy *Policy) (*identity.Provider, error) {
clientSecret, err := o.GetClientSecret()
if err != nil {
return nil, err
}
idp := &identity.Provider{
ClientId: o.ClientID,
ClientSecret: clientSecret,
Type: o.Provider,
Scopes: o.Scopes,
Url: o.ProviderURL,
RequestParams: o.RequestParams,
}
if policy != nil {
if policy.IDPClientID != "" {
idp.ClientId = policy.IDPClientID
}
if policy.IDPClientSecret != "" {
idp.ClientSecret = policy.IDPClientSecret
}
}
idp.Id = idp.Hash()
return idp, nil
}
// GetIdentityProviderForRequestURL gets the identity provider associated with the given request URL.
func (o *Options) GetIdentityProviderForRequestURL(requestURL string) (*identity.Provider, error) {
u, err := urlutil.ParseAndValidateURL(requestURL)
if err != nil {
return nil, err
}
for _, p := range o.GetAllPolicies() {
p := p
if p.Matches(*u, o.IsRuntimeFlagSet(RuntimeFlagMatchAnyIncomingPort)) {
return o.GetIdentityProviderForPolicy(&p)
}
}
return o.GetIdentityProviderForPolicy(nil)
}