-
Notifications
You must be signed in to change notification settings - Fork 0
/
secret.go
85 lines (77 loc) · 2.24 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package azure
import (
"strings"
"time"
"github.com/giantswarm/dex-operator/pkg/idp/provider"
"github.com/dexidp/dex/connector/microsoft"
"github.com/giantswarm/microerror"
"github.com/microsoftgraph/msgraph-sdk-go/models"
"gopkg.in/yaml.v2"
)
func getAzureSecret(secret models.PasswordCredentialable, app models.Applicationable, oldSecret string) (provider.ProviderSecret, error) {
var clientSecret, clientId string
{
//Get connector data
if secret.GetSecretText() == nil || *secret.GetSecretText() == "" {
clientSecret = oldSecret
} else {
clientSecret = *secret.GetSecretText()
}
if app.GetAppId() == nil || *app.GetAppId() == "" {
return provider.ProviderSecret{}, microerror.Maskf(notFoundError, "Could not find client ID for secret.")
}
clientId = *app.GetAppId()
}
var endDateTime *time.Time
{
if endDateTime = secret.GetEndDateTime(); endDateTime == nil {
return provider.ProviderSecret{}, microerror.Maskf(notFoundError, "Could not find expiry time for secret.")
}
}
return provider.ProviderSecret{
ClientSecret: clientSecret,
ClientId: clientId,
EndDateTime: *endDateTime,
}, nil
}
func secretExpired(secret models.PasswordCredentialable) bool {
bestBefore := secret.GetEndDateTime()
if bestBefore == nil {
return true
}
if bestBefore.Before(time.Now().Add(10 * 24 * time.Hour)) {
return true
}
return false
}
func secretChanged(secret models.PasswordCredentialable, oldSecret string) bool {
hint := secret.GetHint()
if hint == nil {
return true
}
if !strings.HasPrefix(oldSecret, *hint) {
return true
}
return false
}
func GetSecret(app models.Applicationable, name string) (models.PasswordCredentialable, error) {
for _, c := range app.GetPasswordCredentials() {
if credentialName := c.GetDisplayName(); credentialName != nil {
if *credentialName == name {
return c, nil
}
}
}
return nil, microerror.Maskf(notFoundError, "Did not find credential %s.", name)
}
func getSecretFromConfig(config string) (string, error) {
if config == "" {
return "", nil
}
configData := []byte(config)
connectorConfig := µsoft.Config{}
if err := yaml.Unmarshal(configData, connectorConfig); err != nil {
return "", microerror.Mask(err)
}
return connectorConfig.ClientSecret, nil
}