diff --git a/.github/workflows/ci-trivy.yml b/.github/workflows/ci-trivy.yml index ce06e55f..95075db7 100644 --- a/.github/workflows/ci-trivy.yml +++ b/.github/workflows/ci-trivy.yml @@ -33,4 +33,5 @@ jobs: image-ref: 'pulsarctl:latest' format: 'table' exit-code: '1' - severity: "MEDIUM,HIGH,CRITICAL" \ No newline at end of file + severity: "MEDIUM,HIGH,CRITICAL" + vuln-type: "library" \ No newline at end of file diff --git a/pkg/ctl/context/create_context.go b/pkg/ctl/context/create_context.go index 3eab825a..f6b0fec4 100644 --- a/pkg/ctl/context/create_context.go +++ b/pkg/ctl/context/create_context.go @@ -18,12 +18,15 @@ package context import ( + "encoding/json" + "github.com/apache/pulsar-client-go/pulsaradmin/pkg/admin" "github.com/spf13/pflag" "github.com/streamnative/pulsarctl/pkg/bookkeeper" "github.com/streamnative/pulsarctl/pkg/cmdutils" "github.com/streamnative/pulsarctl/pkg/ctl/context/internal" + "github.com/streamnative/pulsarctl/pkg/oauth2" ) func setContextCmd(vc *cmdutils.VerbCmd) { @@ -158,6 +161,20 @@ func (o *createContextOptions) modifyContextConf(existingContext cmdutils.Contex if f.Changed("tls-allow-insecure") { modifiedAuth.TLSAllowInsecureConnection = o.flags.TLSAllowInsecureConnection } + // try to parse the OAuth2 params and ignore the error + if f.Changed("auth-params") { + var paramsJSON oauth2.ClientCredentials + err := json.Unmarshal([]byte(o.flags.AuthParams), ¶msJSON) + // ignore the parse error + if err != nil { + return modifiedContext, modifiedAuth + } + modifiedAuth.IssuerEndpoint = paramsJSON.IssuerURL + modifiedAuth.Audience = paramsJSON.Audience + modifiedAuth.Scope = paramsJSON.Scope + modifiedAuth.KeyFile = paramsJSON.PrivateKey + modifiedAuth.ClientID = paramsJSON.ClientID + } if f.Changed("issuer-endpoint") { modifiedAuth.IssuerEndpoint = o.flags.IssuerEndpoint } diff --git a/pkg/ctl/context/create_context_test.go b/pkg/ctl/context/create_context_test.go index 8c40e436..f248f29e 100644 --- a/pkg/ctl/context/create_context_test.go +++ b/pkg/ctl/context/create_context_test.go @@ -75,3 +75,49 @@ func TestOauthConfiguration(t *testing.T) { assert.Equal(t, "audience", config.Audience) assert.Equal(t, "profile api://test-endpoint", config.Scope) } + +func TestParseOauthConfiguration(t *testing.T) { + home := utils.HomeDir() + path := fmt.Sprintf("%s/.config/pulsar/config", home) + defer os.Remove(path) + + setOauthConfigArgs := []string{"set", "oauth", + "--auth-params", + "{\"audience\":\"audience\",\"issuerUrl\":\"https://test-endpoint\",\"privateKey\":\"/tmp/auth.json\"," + + "\"scope\":\"profile api://test-endpoint\",\"clientId\":\"clientid\"}", + } + _, execErr, err := TestConfigCommands(setContextCmd, setOauthConfigArgs) + if err != nil { + t.Fatal(err.Error()) + } + assert.Nil(t, execErr) + + config := cmdutils.LoadFromEnv() + assert.Equal(t, "https://test-endpoint", config.IssuerEndpoint) + assert.Equal(t, "clientid", config.ClientID) + assert.Equal(t, "audience", config.Audience) + assert.Equal(t, "profile api://test-endpoint", config.Scope) + assert.Equal(t, "/tmp/auth.json", config.KeyFile) +} + +func TestParseWrongFormatOauthConfiguration(t *testing.T) { + home := utils.HomeDir() + path := fmt.Sprintf("%s/.config/pulsar/config", home) + defer os.Remove(path) + + setOauthConfigArgs := []string{"set", "oauth", + "--auth-params", "wrong_format", + } + _, execErr, err := TestConfigCommands(setContextCmd, setOauthConfigArgs) + if err != nil { + t.Fatal(err.Error()) + } + assert.Nil(t, execErr) + + config := cmdutils.LoadFromEnv() + assert.Equal(t, "", config.IssuerEndpoint) + assert.Equal(t, "", config.ClientID) + assert.Equal(t, "", config.Audience) + assert.Equal(t, "", config.Scope) + assert.Equal(t, "", config.KeyFile) +}