Skip to content

Commit

Permalink
Merge pull request #18 from thestormforge/alternate-issuer
Browse files Browse the repository at this point in the history 
Rename environment variables and issuer
  • Loading branch information
@jgustie
jgustie authored Apr 26, 2021
2 parents e85ab17 + 3e031e2 commit cc14647
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 12 deletions.
10 changes: 8 additions & 2 deletions pkg/config/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,11 @@ func defaultServerRoots(env string, srv *Server) error {
switch env {
case "production":
defaultString(&srv.Identifier, "https://api.stormforge.io/v1/")
defaultString(&srv.Authorization.Issuer, "https://auth.carbonrelay.io/")
defaultString(&srv.Authorization.Issuer, "https://auth.stormforge.io/")
defaultString(&srv.Application.BaseURL, "https://app.stormforge.io/")
case "development":
defaultString(&srv.Identifier, "https://api.stormforge.dev/v1/")
defaultString(&srv.Authorization.Issuer, "https://auth.carbonrelay.dev/")
defaultString(&srv.Authorization.Issuer, "https://auth.stormforge.dev/")
defaultString(&srv.Application.BaseURL, "https://app.stormforge.dev/")
default:
return fmt.Errorf("unknown environment: '%s'", env)
Expand All @@ -107,6 +107,12 @@ func defaultServerRoots(env string, srv *Server) error {
}

func defaultServerEndpoints(srv *Server) error {
// NOTE: The `EnvironmentMapping` function used to create the env for the
// controller will set the issuer to scheme and host of the registration
// endpoint. This is done so the controller can obtain tokens from an
// alternate token endpoint, however it will render most of the remaining
// default URLs meaningless as the other endpoints are not supported.

// Determine the default base URLs
api, err := discovery.IssuerURL(srv.Identifier)
if err != nil {
Expand Down
29 changes: 19 additions & 10 deletions pkg/config/env.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,18 @@ limitations under the License.

package config

import "os"
import (
"net/url"
"os"
)

// envLoader adds environment variable overrides to the configuration
func envLoader(cfg *RedSkyConfig) error {
defaultString(&cfg.Overrides.Environment, os.Getenv("REDSKY_ENV"))
defaultString(&cfg.Overrides.ServerIdentifier, os.Getenv("REDSKY_SERVER_IDENTIFIER"))
defaultString(&cfg.Overrides.ServerIssuer, os.Getenv("REDSKY_SERVER_ISSUER"))
defaultString(&cfg.Overrides.Credential.ClientID, os.Getenv("REDSKY_AUTHORIZATION_CLIENT_ID"))
defaultString(&cfg.Overrides.Credential.ClientSecret, os.Getenv("REDSKY_AUTHORIZATION_CLIENT_SECRET"))
defaultString(&cfg.Overrides.Environment, os.Getenv("STORMFORGE_ENV"))
defaultString(&cfg.Overrides.ServerIdentifier, os.Getenv("STORMFORGE_SERVER_IDENTIFIER"))
defaultString(&cfg.Overrides.ServerIssuer, os.Getenv("STORMFORGE_SERVER_ISSUER"))
defaultString(&cfg.Overrides.Credential.ClientID, os.Getenv("STORMFORGE_AUTHORIZATION_CLIENT_ID"))
defaultString(&cfg.Overrides.Credential.ClientSecret, os.Getenv("STORMFORGE_AUTHORIZATION_CLIENT_SECRET"))
return nil
}

Expand All @@ -37,17 +40,17 @@ func EnvironmentMapping(r Reader, includeController bool) (map[string][]byte, er
if err != nil {
return nil, err
}
env["REDSKY_SERVER_IDENTIFIER"] = []byte(srv.Identifier)
env["REDSKY_SERVER_ISSUER"] = []byte(srv.Authorization.Issuer)
env["STORMFORGE_SERVER_IDENTIFIER"] = []byte(srv.Identifier)
env["STORMFORGE_SERVER_ISSUER"] = []byte(srv.Authorization.Issuer)

// Record the authorization information
az, err := CurrentAuthorization(r)
if err != nil {
return nil, err
}
if az.Credential.ClientCredential != nil {
env["REDSKY_AUTHORIZATION_CLIENT_ID"] = []byte(az.Credential.ClientID)
env["REDSKY_AUTHORIZATION_CLIENT_SECRET"] = []byte(az.Credential.ClientSecret)
env["STORMFORGE_AUTHORIZATION_CLIENT_ID"] = []byte(az.Credential.ClientID)
env["STORMFORGE_AUTHORIZATION_CLIENT_SECRET"] = []byte(az.Credential.ClientSecret)
}

// Optionally record environment variables from the controller configuration
Expand All @@ -60,6 +63,12 @@ func EnvironmentMapping(r Reader, includeController bool) (map[string][]byte, er
for i := range ctrl.Env {
env[ctrl.Env[i].Name] = []byte(ctrl.Env[i].Value)
}

// The controller needs it's issuer to match the registration host
if u, err := url.Parse(srv.Authorization.RegistrationEndpoint); err == nil {
u.Path = "/"
env["STORMFORGE_SERVER_ISSUER"] = []byte(u.String())
}
}

// Strip out blanks
Expand Down
17 changes: 17 additions & 0 deletions pkg/config/migration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ func migrationLoader(cfg *RedSkyConfig) error {
return err
}

// Migrate the old environment variables
if err := migrateRedSkyEnv(cfg); err != nil {
return err
}

return nil
}

Expand Down Expand Up @@ -137,3 +142,15 @@ func migrateXDGRedSky(cfg *RedSkyConfig) error {

return nil
}

// migrateRedSkyEnv migrates the old environment variables.
func migrateRedSkyEnv(cfg *RedSkyConfig) error {
// This should be consistent with the expected behavior because migrations
// run after environment loading and we are only applying defaults to overrides
defaultString(&cfg.Overrides.Environment, os.Getenv("REDSKY_ENV"))
defaultString(&cfg.Overrides.ServerIdentifier, os.Getenv("REDSKY_SERVER_IDENTIFIER"))
defaultString(&cfg.Overrides.ServerIssuer, os.Getenv("REDSKY_SERVER_ISSUER"))
defaultString(&cfg.Overrides.Credential.ClientID, os.Getenv("REDSKY_AUTHORIZATION_CLIENT_ID"))
defaultString(&cfg.Overrides.Credential.ClientSecret, os.Getenv("REDSKY_AUTHORIZATION_CLIENT_SECRET"))
return nil
}

0 comments on commit cc14647

Please sign in to comment.