Skip to content

Feat: allow csv for enterprise in GitHubActionProvider #2981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mlajkim wants to merge 3 commits into from
Closed

Feat: allow csv for enterprise in GitHubActionProvider #2981

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2c4c991
feat
mlajkim May 30, 2025
ee65bae
fix: null problem
mlajkim Jun 5, 2025
7690eb2
feat
mlajkim Jun 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions .../src/main/java/com/yahoo/athenz/instance/provider/impl/InstanceGithubActionsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@ public class InstanceGithubActionsProvider implements InstanceProvider {
static final String GITHUB_ACTIONS_PROP_BOOT_TIME_OFFSET = "athenz.zts.github_actions.boot_time_offset";
static final String GITHUB_ACTIONS_PROP_CERT_EXPIRY_TIME = "athenz.zts.github_actions.cert_expiry_time";
static final String GITHUB_ACTIONS_PROP_ENTERPRISE = "athenz.zts.github_actions.enterprise";
static final String GITHUB_ACTIONS_PROP_AUDIENCE = "athenz.zts.github_actions.audience";
static final String GITHUB_ACTIONS_PROP_ISSUER = "athenz.zts.github_actions.issuer";
static final String GITHUB_ACTIONS_PROP_AUDIENCE = "athenz.zts.github_actions.audience"; // TODO: Make this as a list too
static final String GITHUB_ACTIONS_PROP_ISSUER = "athenz.zts.github_actions.issuer";; // TODO: Make this as a list too
static final String GITHUB_ACTIONS_PROP_JWKS_URI = "athenz.zts.github_actions.jwks_uri";

static final String GITHUB_ACTIONS_ISSUER = "https://token.actions.githubusercontent.com";
Expand All @@ -62,6 +62,7 @@ public class InstanceGithubActionsProvider implements InstanceProvider {
public static final String CLAIM_REPOSITORY = "repository";

Set<String> dnsSuffixes = null;
Set<String> enterprises = null;
String githubIssuer = null;
String provider = null;
String audience = null;
Expand Down Expand Up @@ -102,7 +103,11 @@ public void initialize(String provider, String providerEndpoint, SSLContext sslC

// determine if we're running in enterprise mode

enterprise = System.getProperty(GITHUB_ACTIONS_PROP_ENTERPRISE);
enterprises = new HashSet<>();
enterprise = System.getProperty(GITHUB_ACTIONS_PROP_ENTERPRISE, "");
if (!StringUtil.isEmpty(enterprise)) {
enterprises.addAll(Arrays.asList(enterprise.split(",")));
}

// get default/max expiry time for any generated tokens - 6 hours

Expand Down Expand Up @@ -277,9 +282,9 @@ boolean validateOIDCToken(final String jwToken, final String domainName, final S

// verify that token issuer is set for our enterprise if one is configured

if (!StringUtil.isEmpty(enterprise)) {
if (enterprises.size() != 0) {
final String tokenEnterprise = JwtsHelper.getStringClaim(claimsSet, CLAIM_ENTERPRISE);
if (!enterprise.equals(tokenEnterprise)) {
if (!enterprises.contains(tokenEnterprise)) {
errMsg.append("token enterprise is not the configured enterprise: ").append(tokenEnterprise);
return false;
}
Expand Down
Loading