forked from vmware-archive/atc
/
provider.go
152 lines (124 loc) · 3.92 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package gitlab
import (
"errors"
"net/http"
"golang.org/x/oauth2"
"fmt"
"encoding/json"
"github.com/concourse/atc"
"github.com/concourse/atc/auth/provider"
"github.com/concourse/atc/auth/routes"
"github.com/concourse/atc/auth/verifier"
"github.com/hashicorp/go-multierror"
flags "github.com/jessevdk/go-flags"
"github.com/tedsuo/rata"
)
const ProviderName = "gitlab"
const DisplayName = "GitLab"
var Scopes = []string{"read_user", "api"}
type GitLabAuthConfig struct {
ClientID string `json:"client_id" long:"client-id" description:"Application client ID for enabling GitLab OAuth."`
ClientSecret string `json:"client_secret" long:"client-secret" description:"Application client secret for enabling GitLab OAuth."`
Groups []string `json:"groups,omitempty" long:"group" description:"GitLab group whose members will have access." value-name:"GROUP"`
AuthURL string `json:"auth_url,omitempty" long:"auth-url" description:"Override default endpoint AuthURL for GitLab."`
TokenURL string `json:"token_url,omitempty" long:"token-url" description:"Override default endpoint TokenURL for GitLab."`
APIURL string `json:"api_url,omitempty" long:"api-url" description:"Override default API endpoint URL for GitLab."`
}
func (*GitLabAuthConfig) AuthMethod(oauthBaseURL string, teamName string) atc.AuthMethod {
path, err := routes.OAuthRoutes.CreatePathForRoute(
routes.OAuthBegin,
rata.Params{"provider": ProviderName},
)
if err != nil {
panic("failed to construct oauth begin handler route: " + err.Error())
}
path = path + fmt.Sprintf("?team_name=%s", teamName)
return atc.AuthMethod{
Type: atc.AuthTypeOAuth,
DisplayName: DisplayName,
AuthURL: oauthBaseURL + path,
}
}
func (auth *GitLabAuthConfig) IsConfigured() bool {
return auth.ClientID != "" ||
auth.ClientSecret != "" ||
len(auth.Groups) > 0
}
func (auth *GitLabAuthConfig) Validate() error {
var errs *multierror.Error
if auth.ClientID == "" || auth.ClientSecret == "" {
errs = multierror.Append(
errs,
errors.New("must specify --gitlab-auth-client-id and --gitlab-auth-client-secret to use GitLab OAuth."),
)
}
if len(auth.Groups) == 0 {
errs = multierror.Append(
errs,
errors.New("the following is required for gitlab-auth: groups"),
)
}
return errs.ErrorOrNil()
}
type GitLabGroupConfig struct {
GroupName string `json:"group_name,omitempty"`
}
type GitLabProvider struct {
*oauth2.Config
verifier.Verifier
}
func init() {
provider.Register(ProviderName, GitLabTeamProvider{})
}
type GitLabTeamProvider struct {
}
func (GitLabTeamProvider) AddAuthGroup(group *flags.Group) provider.AuthConfig {
flags := &GitLabAuthConfig{}
ghGroup, err := group.AddGroup("GitLab Authentication", "", flags)
if err != nil {
panic(err)
}
ghGroup.Namespace = "gitlab-auth"
return flags
}
func (GitLabTeamProvider) UnmarshalConfig(config *json.RawMessage) (provider.AuthConfig, error) {
flags := &GitLabAuthConfig{}
if config != nil {
err := json.Unmarshal(*config, &flags)
if err != nil {
return nil, err
}
}
return flags, nil
}
func (GitLabTeamProvider) ProviderConstructor(
config provider.AuthConfig,
redirectURL string,
) (provider.Provider, bool) {
gitlabAuth := config.(*GitLabAuthConfig)
client := NewClient(gitlabAuth.APIURL)
endpoint := oauth2.Endpoint{}
if gitlabAuth.AuthURL != "" && gitlabAuth.TokenURL != "" {
endpoint.AuthURL = gitlabAuth.AuthURL
endpoint.TokenURL = gitlabAuth.TokenURL
}
return GitLabProvider{
Verifier: verifier.NewVerifierBasket(
NewGroupVerifier(gitlabAuth.Groups, client),
),
Config: &oauth2.Config{
ClientID: gitlabAuth.ClientID,
ClientSecret: gitlabAuth.ClientSecret,
Endpoint: endpoint,
Scopes: Scopes,
RedirectURL: redirectURL,
},
}, true
}
func (GitLabProvider) PreTokenClient() (*http.Client, error) {
return &http.Client{
Transport: &http.Transport{
DisableKeepAlives: true,
},
}, nil
}