forked from pachyderm/pachyderm
/
idp.go
68 lines (60 loc) · 1.71 KB
/
idp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main
import (
"crypto/x509"
"encoding/pem"
"fmt"
"log"
"net/http"
"net/url"
"github.com/crewjam/saml"
"github.com/pachyderm/pachyderm/src/server/pkg/cmdutil"
)
type appEnv struct {
// cert
PublicCert string `env:"PUBLIC_CERT,default="`
Port int `env:"METADATA_PORT,default=80"`
}
func main() {
cmdutil.Main(serveIDPMetadata, &appEnv{})
}
func serveIDPMetadata(appEnvObj interface{}) error {
appEnv := appEnvObj.(*appEnv)
log.Printf("appEnv: %v", appEnv)
if appEnv.PublicCert == "" {
return fmt.Errorf("IdP metadata server cannot start if PUBLIC_CERT env var is empty")
}
if appEnv.Port == 0 {
return fmt.Errorf("IdP metadata server cannot serve on port 0")
}
// Create saml.IdentityProvider struct, which generates the metadata bytes
// we'll need to serve
// TODO(msteffen): get name of the k8s service in front of this server from
// environment variables and use that in the address here
idpHost := fmt.Sprintf("0.0.0.0:%d", appEnv.Port)
block, _ := pem.Decode([]byte(appEnv.PublicCert))
if block == nil {
// no error message, unfortunately
return fmt.Errorf("could not parse public cert")
}
idpCert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return fmt.Errorf("could not parse public cert: %v", err)
}
idp := &saml.IdentityProvider{
MetadataURL: url.URL{
Scheme: "http",
Host: idpHost,
},
Certificate: idpCert,
}
// Start listener & metadata http server
log.Printf("Listening on port %d", appEnv.Port)
server := &http.Server{
Addr: fmt.Sprintf(":%d", appEnv.Port),
Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
log.Print("serving metadata...")
idp.ServeMetadata(w, req)
}),
}
return server.ListenAndServe()
}