From 46a7bcf563dbde561b1021bf6c1701882baed346 Mon Sep 17 00:00:00 2001 From: florindragos Date: Thu, 28 Mar 2024 12:52:20 +0200 Subject: [PATCH 1/4] serve tls --- README.md | 3 + cmd/aserto-scim/main.go | 3 +- config.sample.yaml | 3 + go.mod | 5 +- go.sum | 8 +++ pkg/app/handlers/groups/handler.go | 6 +- pkg/app/handlers/groups/patch.go | 5 +- pkg/app/handlers/users/create.go | 3 +- pkg/app/handlers/users/delete.go | 3 +- pkg/app/handlers/users/get.go | 5 +- pkg/app/handlers/users/handler.go | 6 +- pkg/app/handlers/users/patch.go | 5 +- pkg/app/handlers/users/replace.go | 3 +- pkg/app/run.go | 22 ++++++-- pkg/config/config.go | 90 +++++++++++++++++++++++++++++- 15 files changed, 143 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index f256bc3..6589354 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ The Aserto SCIM service uses the SCIM 2.0 protocol to import data into the Asert ### sample config.yaml ```yaml --- +logging: + prod: true + log_level: info server: listen_address: ":8080" auth: diff --git a/cmd/aserto-scim/main.go b/cmd/aserto-scim/main.go index 692546d..b63c3c6 100644 --- a/cmd/aserto-scim/main.go +++ b/cmd/aserto-scim/main.go @@ -3,6 +3,7 @@ package main import ( "fmt" "log" + "os" "github.com/aserto-dev/scim/pkg/app" "github.com/aserto-dev/scim/pkg/version" @@ -31,7 +32,7 @@ var cmdRun = &cobra.Command{ Use: "run [args]", Short: "Start SCIM service", RunE: func(cmd *cobra.Command, args []string) error { - return app.Run(flagConfigPath) + return app.Run(flagConfigPath, os.Stdout, os.Stderr) }, } diff --git a/config.sample.yaml b/config.sample.yaml index 1452204..dd2b3a9 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -1,4 +1,7 @@ --- +logging: + prod: true + log_level: trace server: listen_address: ":8081" auth: diff --git a/go.mod b/go.mod index 7ec8617..f3eae1c 100644 --- a/go.mod +++ b/go.mod @@ -3,13 +3,16 @@ module github.com/aserto-dev/scim go 1.20 require ( + github.com/aserto-dev/certs v0.0.5 github.com/aserto-dev/errors v0.0.6 github.com/aserto-dev/go-aserto v0.30.0 github.com/aserto-dev/go-directory v0.30.5 + github.com/aserto-dev/logger v0.0.4 github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3 github.com/magefile/mage v1.15.0 github.com/mitchellh/mapstructure v1.5.0 github.com/pkg/errors v0.9.1 + github.com/rs/zerolog v1.31.0 github.com/scim2/filter-parser/v2 v2.2.0 github.com/spf13/cobra v1.8.0 github.com/spf13/viper v1.18.0 @@ -32,9 +35,9 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect - github.com/rs/zerolog v1.31.0 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sirupsen/logrus v1.9.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect diff --git a/go.sum b/go.sum index a4533df..0dc75fe 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/aserto-dev/certs v0.0.5 h1:URZEN3DMUIqob3pf78NtTpe7sYPrR2oJYV5MbJ91YKA= +github.com/aserto-dev/certs v0.0.5/go.mod h1:BGRgkJ4GB7XoETzDtnMxQySk5IVpJIa18aWuylvAsac= github.com/aserto-dev/errors v0.0.6 h1:iH5fkJwBGFPbcdS4B8mwvNdwODlhDEXXPduZtjLh6vo= github.com/aserto-dev/errors v0.0.6/go.mod h1:kenI1gamsemaR2wS+M2un0kXIJ9exTrmeRT/fCFwlWc= github.com/aserto-dev/go-aserto v0.30.0 h1:RZMM8ojXp4O15+qPKsFjQ+6/+KV3pXAwqCJrQjJRD5I= @@ -12,6 +14,8 @@ github.com/aserto-dev/go-directory v0.30.5 h1:wOF1dtiqlNbfvb7iBH9qvgQ4e2jrIfMlRJ github.com/aserto-dev/go-directory v0.30.5/go.mod h1:qd/+uHrKvskPSN48FLGeZ/FoiORxjRmikCKRIp3pnYY= github.com/aserto-dev/header v0.0.4 h1:Bb58n1m2X/qRV3N2PS0avuFOyRcG8Iri7/qq0Wsunq8= github.com/aserto-dev/header v0.0.4/go.mod h1:LNgRo3gStS71lO1d9Oue9e9kfVvirvUHvdZClzDmNwo= +github.com/aserto-dev/logger v0.0.4 h1:GF+17mhn03ZnE5KHCszrzGRcZULgczsql+y+PCHjgpI= +github.com/aserto-dev/logger v0.0.4/go.mod h1:awdS/W0VnLNyP+aT5mmLx9PjOcT5IrXsYMxqwHglSLU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -91,6 +95,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/scim2/filter-parser/v2 v2.2.0 h1:QGadEcsmypxg8gYChRSM2j1edLyE/2j72j+hdmI4BJM= github.com/scim2/filter-parser/v2 v2.2.0/go.mod h1:jWnkDToqX/Y0ugz0P5VvpVEUKcWcyHHj+X+je9ce5JA= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= @@ -107,6 +113,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -144,6 +151,7 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pkg/app/handlers/groups/handler.go b/pkg/app/handlers/groups/handler.go index c58dc80..75699dc 100644 --- a/pkg/app/handlers/groups/handler.go +++ b/pkg/app/handlers/groups/handler.go @@ -3,6 +3,7 @@ package groups import ( "github.com/aserto-dev/scim/pkg/config" "github.com/aserto-dev/scim/pkg/directory" + "github.com/rs/zerolog" ) const ( @@ -12,9 +13,11 @@ const ( type GroupResourceHandler struct { dirClient *directory.DirectoryClient cfg *config.Config + logger *zerolog.Logger } -func NewGroupResourceHandler(cfg *config.Config) (*GroupResourceHandler, error) { +func NewGroupResourceHandler(cfg *config.Config, logger *zerolog.Logger) (*GroupResourceHandler, error) { + groupLogger := logger.With().Str("component", "groups").Logger() dirClient, err := directory.GetDirectoryClient(&cfg.Directory) if err != nil { return nil, err @@ -22,5 +25,6 @@ func NewGroupResourceHandler(cfg *config.Config) (*GroupResourceHandler, error) return &GroupResourceHandler{ dirClient: dirClient, cfg: cfg, + logger: &groupLogger, }, nil } diff --git a/pkg/app/handlers/groups/patch.go b/pkg/app/handlers/groups/patch.go index 550532d..37f12dd 100644 --- a/pkg/app/handlers/groups/patch.go +++ b/pkg/app/handlers/groups/patch.go @@ -2,7 +2,6 @@ package groups import ( "context" - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -19,7 +18,7 @@ import ( ) func (u GroupResourceHandler) Patch(r *http.Request, id string, operations []scim.PatchOperation) (scim.Resource, error) { - log.Println("PATCH", id, operations) + u.logger.Trace().Str("group_id", id).Any("operations", operations).Msg("patching group") getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{ ObjectType: "group", ObjectId: id, @@ -62,7 +61,7 @@ func (u GroupResourceHandler) Patch(r *http.Request, id string, operations []sci Object: object, }) if err != nil { - log.Println(err) + u.logger.Err(err).Msg("error setting object") return scim.Resource{}, err } diff --git a/pkg/app/handlers/users/create.go b/pkg/app/handlers/users/create.go index 6420221..78a35af 100644 --- a/pkg/app/handlers/users/create.go +++ b/pkg/app/handlers/users/create.go @@ -1,7 +1,6 @@ package users import ( - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -16,7 +15,7 @@ import ( ) func (u UsersResourceHandler) Create(r *http.Request, attributes scim.ResourceAttributes) (scim.Resource, error) { - log.Println("CREATE", attributes) + u.logger.Trace().Any("attributes", attributes).Msg("creating user") object, err := common.ResourceAttributesToObject(attributes, "user", attributes["userName"].(string)) if err != nil { return scim.Resource{}, serrors.ScimErrorInvalidSyntax diff --git a/pkg/app/handlers/users/delete.go b/pkg/app/handlers/users/delete.go index 5586a71..c411f2f 100644 --- a/pkg/app/handlers/users/delete.go +++ b/pkg/app/handlers/users/delete.go @@ -1,7 +1,6 @@ package users import ( - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -13,7 +12,7 @@ import ( ) func (u UsersResourceHandler) Delete(r *http.Request, id string) error { - log.Println("DELETE", id) + u.logger.Trace().Str("user_id", id).Msg("deleting user") relations, err := u.dirClient.Reader.GetRelations(r.Context(), &dsr.GetRelationsRequest{ SubjectType: "user", SubjectId: id, diff --git a/pkg/app/handlers/users/get.go b/pkg/app/handlers/users/get.go index 8bc343b..9f74246 100644 --- a/pkg/app/handlers/users/get.go +++ b/pkg/app/handlers/users/get.go @@ -2,7 +2,6 @@ package users import ( "context" - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -17,7 +16,7 @@ import ( ) func (u UsersResourceHandler) Get(r *http.Request, id string) (scim.Resource, error) { - log.Println("GET", id) + u.logger.Trace().Str("user_id", id).Msg("get user") resp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{ ObjectType: "user", ObjectId: id, @@ -42,7 +41,7 @@ func (u UsersResourceHandler) Get(r *http.Request, id string) (scim.Resource, er } func (u UsersResourceHandler) GetAll(r *http.Request, params scim.ListRequestParams) (scim.Page, error) { - log.Println("GETALL", params) + u.logger.Trace().Msg("getall users") var ( resources = make([]scim.Resource, 0) diff --git a/pkg/app/handlers/users/handler.go b/pkg/app/handlers/users/handler.go index 6b4b36d..e0746b9 100644 --- a/pkg/app/handlers/users/handler.go +++ b/pkg/app/handlers/users/handler.go @@ -12,6 +12,7 @@ import ( "github.com/aserto-dev/scim/pkg/directory" serrors "github.com/elimity-com/scim/errors" "github.com/pkg/errors" + "github.com/rs/zerolog" structpb "google.golang.org/protobuf/types/known/structpb" ) @@ -23,9 +24,11 @@ const ( type UsersResourceHandler struct { dirClient *directory.DirectoryClient cfg *config.Config + logger *zerolog.Logger } -func NewUsersResourceHandler(cfg *config.Config) (*UsersResourceHandler, error) { +func NewUsersResourceHandler(cfg *config.Config, logger *zerolog.Logger) (*UsersResourceHandler, error) { + usersLogger := logger.With().Str("component", "users").Logger() dirClient, err := directory.GetDirectoryClient(&cfg.Directory) if err != nil { return nil, err @@ -33,6 +36,7 @@ func NewUsersResourceHandler(cfg *config.Config) (*UsersResourceHandler, error) return &UsersResourceHandler{ dirClient: dirClient, cfg: cfg, + logger: &usersLogger, }, nil } diff --git a/pkg/app/handlers/users/patch.go b/pkg/app/handlers/users/patch.go index c1efcc5..4cb6e93 100644 --- a/pkg/app/handlers/users/patch.go +++ b/pkg/app/handlers/users/patch.go @@ -2,7 +2,6 @@ package users import ( "context" - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -19,7 +18,7 @@ import ( ) func (u UsersResourceHandler) Patch(r *http.Request, id string, operations []scim.PatchOperation) (scim.Resource, error) { - log.Println("PATCH", id, operations) + u.logger.Trace().Str("user_id", id).Any("operations", operations).Msg("patching user") getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{ ObjectType: "user", ObjectId: id, @@ -62,7 +61,7 @@ func (u UsersResourceHandler) Patch(r *http.Request, id string, operations []sci Object: object, }) if err != nil { - log.Println(err) + u.logger.Err(err).Msg("error setting object") return scim.Resource{}, err } diff --git a/pkg/app/handlers/users/replace.go b/pkg/app/handlers/users/replace.go index 23cc29c..0a97191 100644 --- a/pkg/app/handlers/users/replace.go +++ b/pkg/app/handlers/users/replace.go @@ -1,7 +1,6 @@ package users import ( - "log" "net/http" cerr "github.com/aserto-dev/errors" @@ -15,7 +14,7 @@ import ( ) func (u UsersResourceHandler) Replace(r *http.Request, id string, attributes scim.ResourceAttributes) (scim.Resource, error) { - log.Println("REPLACE", id, attributes) + u.logger.Trace().Str("user_id", id).Any("attributes", attributes).Msg("replacing user") getObjResp, err := u.dirClient.Reader.GetObject(r.Context(), &dsr.GetObjectRequest{ ObjectType: "user", ObjectId: id, diff --git a/pkg/app/run.go b/pkg/app/run.go index 1a7af67..e5fe829 100644 --- a/pkg/app/run.go +++ b/pkg/app/run.go @@ -7,6 +7,8 @@ import ( "strings" "time" + "github.com/aserto-dev/certs" + "github.com/aserto-dev/logger" "github.com/aserto-dev/scim/pkg/app/handlers/groups" "github.com/aserto-dev/scim/pkg/app/handlers/users" "github.com/aserto-dev/scim/pkg/config" @@ -15,13 +17,23 @@ import ( "github.com/elimity-com/scim/schema" ) -func Run(cfgPath string) error { - cfg, err := config.NewConfig(cfgPath) +func Run(cfgPath string, logWriter logger.Writer, errWriter logger.ErrWriter) error { + loggerConfig, err := config.NewLoggerConfig(cfgPath) + if err != nil { + return err + } + logger, err := logger.NewLogger(logWriter, errWriter, loggerConfig) + if err != nil { + return err + } + certGenerator := certs.NewGenerator(logger) + + cfg, err := config.NewConfig(cfgPath, logger, certGenerator) if err != nil { return err } - userHandler, err := users.NewUsersResourceHandler(cfg) + userHandler, err := users.NewUsersResourceHandler(cfg, logger) if err != nil { return err } @@ -38,7 +50,7 @@ func Run(cfgPath string) error { Handler: userHandler, } - groupHandler, err := groups.NewGroupResourceHandler(cfg) + groupHandler, err := groups.NewGroupResourceHandler(cfg, logger) if err != nil { return err } @@ -82,7 +94,7 @@ func Run(cfgPath string) error { WriteTimeout: 30 * time.Second, } - return srv.ListenAndServe() + return srv.ListenAndServeTLS(cfg.Server.Certs.TLSCertPath, cfg.Server.Certs.TLSKeyPath) } type application struct { diff --git a/pkg/config/config.go b/pkg/config/config.go index b6e9ef2..1ce4700 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1,20 +1,31 @@ package config import ( + "io" "os" + "path/filepath" "strings" + "github.com/aserto-dev/certs" "github.com/aserto-dev/go-aserto/client" + "github.com/aserto-dev/logger" "github.com/mitchellh/mapstructure" "github.com/pkg/errors" + "github.com/rs/zerolog" "github.com/spf13/viper" ) +var ( + DefaultTLSGenDir = os.ExpandEnv("$HOME/.config/aserto/scim/certs") +) + type Config struct { + Logging logger.Config `json:"logging"` Directory client.Config `json:"directory"` Server struct { - ListenAddress string `json:"listen_address"` - Auth AuthConfig `json:"auth"` + ListenAddress string `json:"listen_address"` + Certs certs.TLSCredsConfig `json:"certs"` + Auth AuthConfig `json:"auth"` } `json:"server"` SCIM struct { @@ -35,7 +46,10 @@ type AuthConfig struct { } `json:"bearer"` } -func NewConfig(configPath string) (*Config, error) { // nolint // function will contain repeating statements for defaults +func NewConfig(configPath string, log *zerolog.Logger, certsGenerator *certs.Generator) (*Config, error) { // nolint // function will contain repeating statements for defaults + configLogger := log.With().Str("component", "config").Logger() + log = &configLogger + file := "config.yaml" v := viper.New() @@ -62,6 +76,9 @@ func NewConfig(configPath string) (*Config, error) { // nolint // function will v.SetDefault("server.listen_address", ":8080") v.SetDefault("server.auth.basic.enabled", "false") v.SetDefault("server.auth.bearer.enabled", "false") + v.SetDefault("server.certs.tls_key_path", filepath.Join(DefaultTLSGenDir, "grpc.key")) + v.SetDefault("server.certs.tls_cert_path", filepath.Join(DefaultTLSGenDir, "grpc.crt")) + v.SetDefault("server.certs.tls_ca_cert_path", filepath.Join(DefaultTLSGenDir, "grpc-ca.crt")) configExists, err := fileExists(file) if err != nil { @@ -84,9 +101,35 @@ func NewConfig(configPath string) (*Config, error) { // nolint // function will return nil, errors.Wrap(err, "failed to unmarshal config file") } + if cfg.Logging.LogLevel == "" { + cfg.Logging.LogLevelParsed = zerolog.InfoLevel + } else { + cfg.Logging.LogLevelParsed, err = zerolog.ParseLevel(cfg.Logging.LogLevel) + if err != nil { + return nil, errors.Wrapf(err, "logging.log_level failed to parse") + } + } + + if certsGenerator != nil { + err = cfg.setupCerts(log, certsGenerator) + if err != nil { + return nil, errors.Wrap(err, "failed to setup certs") + } + } + return cfg, nil } +func NewLoggerConfig(configPath string) (*logger.Config, error) { + discardLogger := zerolog.New(io.Discard) + cfg, err := NewConfig(configPath, &discardLogger, nil) + if err != nil { + return nil, errors.Wrap(err, "failed to create new config") + } + + return &cfg.Logging, nil +} + func fileExists(path string) (bool, error) { if _, err := os.Stat(path); err == nil { return true, nil @@ -96,3 +139,44 @@ func fileExists(path string) (bool, error) { return false, errors.Wrapf(err, "failed to stat file '%s'", path) } } + +func (c *Config) setupCerts(log *zerolog.Logger, certsGenerator *certs.Generator) error { + existingFiles := []string{} + for _, file := range []string{ + c.Server.Certs.TLSCACertPath, + c.Server.Certs.TLSCertPath, + c.Server.Certs.TLSKeyPath, + } { + exists, err := fileExists(file) + if err != nil { + return errors.Wrapf(err, "failed to determine if file '%s' exists", file) + } + + if !exists { + continue + } + + existingFiles = append(existingFiles, file) + } + + if len(existingFiles) == 0 { + err := certsGenerator.MakeDevCert(&certs.CertGenConfig{ + CommonName: "aserto-scim", + CertKeyPath: c.Server.Certs.TLSKeyPath, + CertPath: c.Server.Certs.TLSCertPath, + CACertPath: c.Server.Certs.TLSCACertPath, + DefaultTLSGenDir: DefaultTLSGenDir, + }) + if err != nil { + return errors.Wrap(err, "failed to generate gateway certs") + } + } else { + msg := zerolog.Arr() + for _, f := range existingFiles { + msg.Str(f) + } + log.Info().Array("existing-files", msg).Msg("some cert files already exist, skipping generation") + } + + return nil +} From 5acadc1cef4468b350fdf213304f1fde81400c9b Mon Sep 17 00:00:00 2001 From: florindragos Date: Wed, 3 Apr 2024 12:57:10 +0300 Subject: [PATCH 2/4] make api key and tenant_id optional --- pkg/directory/client.go | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pkg/directory/client.go b/pkg/directory/client.go index 06e206b..5e2a9a9 100644 --- a/pkg/directory/client.go +++ b/pkg/directory/client.go @@ -16,12 +16,19 @@ type DirectoryClient struct { func connect(cfg *client.Config) (*client.Connection, error) { ctx := context.Background() - conn, err := client.NewConnection(ctx, + opts := []client.ConnectionOption{ client.WithAddr(cfg.Address), - client.WithAPIKeyAuth(cfg.APIKey), - client.WithTenantID(cfg.TenantID), client.WithInsecure(cfg.Insecure), - ) + } + + if cfg.APIKey != "" { + opts = append(opts, client.WithAPIKeyAuth(cfg.APIKey)) + } + if cfg.TenantID != "" { + opts = append(opts, client.WithTenantID(cfg.TenantID)) + } + + conn, err := client.NewConnection(ctx, opts...) if err != nil { return nil, err } From f38b3e479d2b5db28ed33527f2f591e28323a1e7 Mon Sep 17 00:00:00 2001 From: florindragos Date: Tue, 16 Apr 2024 14:32:34 +0300 Subject: [PATCH 3/4] create externalId identity --- pkg/app/handlers/users/create.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/app/handlers/users/create.go b/pkg/app/handlers/users/create.go index 78a35af..7edd962 100644 --- a/pkg/app/handlers/users/create.go +++ b/pkg/app/handlers/users/create.go @@ -87,6 +87,14 @@ func (u UsersResourceHandler) Create(r *http.Request, attributes scim.ResourceAt } } + if attributes["externalId"] != nil { + externalID := attributes["externalId"] + err = u.setIdentity(r.Context(), resp.Result.Id, externalID.(string), "IDENTITY_KIND_PID") + if err != nil { + return scim.Resource{}, err + } + } + if attributes["groups"] != nil { err = u.setUserGroups(r.Context(), resp.Result.Id, attributes["groups"].([]string)) if err != nil { From 0dd687a8412d687ff557f7bf1dcc8418475e5251 Mon Sep 17 00:00:00 2001 From: florindragos Date: Tue, 16 Apr 2024 14:32:42 +0300 Subject: [PATCH 4/4] fix lint --- pkg/app/run.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/app/run.go b/pkg/app/run.go index e5fe829..a0c5634 100644 --- a/pkg/app/run.go +++ b/pkg/app/run.go @@ -22,18 +22,18 @@ func Run(cfgPath string, logWriter logger.Writer, errWriter logger.ErrWriter) er if err != nil { return err } - logger, err := logger.NewLogger(logWriter, errWriter, loggerConfig) + scimLogger, err := logger.NewLogger(logWriter, errWriter, loggerConfig) if err != nil { return err } - certGenerator := certs.NewGenerator(logger) + certGenerator := certs.NewGenerator(scimLogger) - cfg, err := config.NewConfig(cfgPath, logger, certGenerator) + cfg, err := config.NewConfig(cfgPath, scimLogger, certGenerator) if err != nil { return err } - userHandler, err := users.NewUsersResourceHandler(cfg, logger) + userHandler, err := users.NewUsersResourceHandler(cfg, scimLogger) if err != nil { return err } @@ -50,7 +50,7 @@ func Run(cfgPath string, logWriter logger.Writer, errWriter logger.ErrWriter) er Handler: userHandler, } - groupHandler, err := groups.NewGroupResourceHandler(cfg, logger) + groupHandler, err := groups.NewGroupResourceHandler(cfg, scimLogger) if err != nil { return err }