feat: add hydra admin url to config + add comment for env var expecta…

…tion
canonical · Jul 4, 2024 · b36e498 · b36e498
1 parent d73584a
commit b36e498
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 16 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -71,8 +71,9 @@ func serve() {
 		logger.Fatalf("issue with ui files %s", err)
 	}
 
+	hydraAdminClient := ih.NewClient(specs.HydraAdminURL, specs.Debug)
 	externalConfig := web.NewExternalClientsConfig(
-		ih.NewClient(specs.HydraAdminURL, specs.Debug),
+		hydraAdminClient,
 		ik.NewClient(specs.KratosAdminURL, specs.Debug),
 		ik.NewClient(specs.KratosPublicURL, specs.Debug),
 		io.NewClient(specs.OathkeeperPublicURL, specs.Debug),
@@ -149,6 +150,8 @@ func serve() {
 		specs.OAuth2UserSessionTTLSeconds,
 		specs.OAuth2AuthCookiesEncryptionKey,
 		specs.OAuth2CodeGrantScopes,
+		ih.NewClient(specs.OIDCIssuer, specs.Debug),
+		hydraAdminClient,
 	)
 
 	ollyConfig := web.NewO11yConfig(tracer, monitor, logger)

diff --git a/internal/config/specs.go b/internal/config/specs.go
@@ -19,8 +19,9 @@ type EnvSpec struct {
 
 	KubeconfigFile string `envconfig:"kubeconfig_file"`
 
-	KratosPublicURL     string `envconfig:"kratos_public_url" required:"true"`
-	KratosAdminURL      string `envconfig:"kratos_admin_url" required:"true"`
+	KratosPublicURL string `envconfig:"kratos_public_url" required:"true"`
+	KratosAdminURL  string `envconfig:"kratos_admin_url" required:"true"`
+	// with no slash suffix
 	HydraAdminURL       string `envconfig:"hydra_admin_url" required:"true"`
 	OathkeeperPublicURL string `envconfig:"oathkeeper_public_url" required:"true"`
 

diff --git a/pkg/authentication/handlers.go b/pkg/authentication/handlers.go
@@ -12,8 +12,10 @@ import (
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/canonical/identity-platform-admin-ui/internal/http/types"
+	"github.com/canonical/identity-platform-admin-ui/internal/hydra"
 	"github.com/canonical/identity-platform-admin-ui/internal/logging"
 	"github.com/canonical/identity-platform-admin-ui/internal/validation"
+	"github.com/canonical/identity-platform-admin-ui/pkg/clients"
 	"github.com/canonical/identity-platform-admin-ui/pkg/ui"
 )
 
@@ -23,19 +25,28 @@ const (
 )
 
 type Config struct {
-	Enabled                     bool     `validate:"required,boolean"`
-	AuthCookieTTLSeconds        int      `validate:"required"`
-	UserSessionCookieTTLSeconds int      `validate:"required"`
-	CookiesEncryptionKey        string   `validate:"required,min=32,max=32"`
-	issuer                      string   `validate:"required"`
-	clientID                    string   `validate:"required"`
-	clientSecret                string   `validate:"required"`
-	redirectURL                 string   `validate:"required"`
-	verificationStrategy        string   `validate:"required,oneof=jwks userinfo"`
-	scopes                      []string `validate:"required,dive,required"`
+	Enabled                     bool                         `validate:"required,boolean"`
+	AuthCookieTTLSeconds        int                          `validate:"required"`
+	UserSessionCookieTTLSeconds int                          `validate:"required"`
+	CookiesEncryptionKey        string                       `validate:"required,min=32,max=32"`
+	issuer                      string                       `validate:"required"`
+	clientID                    string                       `validate:"required"`
+	clientSecret                string                       `validate:"required"`
+	redirectURL                 string                       `validate:"required"`
+	verificationStrategy        string                       `validate:"required,oneof=jwks userinfo"`
+	scopes                      []string                     `validate:"required,dive,required"`
+	hydraPublicAPIClient        clients.HydraClientInterface `validate:"required"`
+	hydraAdminAPIClient         clients.HydraClientInterface `validate:"required"`
 }
 
-func NewAuthenticationConfig(enabled bool, issuer, clientID, clientSecret, redirectURL, verificationStrategy string, authCookiesTTLSeconds, userSessionCookieTTLSeconds int, cookiesEncryptionKey string, scopes []string) *Config {
+func NewAuthenticationConfig(
+	enabled bool,
+	issuer, clientID, clientSecret, redirectURL, verificationStrategy string,
+	authCookiesTTLSeconds, userSessionCookieTTLSeconds int,
+	cookiesEncryptionKey string,
+	scopes []string,
+	hydraPublicAPIClient, hydraAdminAPIClient *hydra.Client,
+) *Config {
 	c := new(Config)
 	c.Enabled = enabled
 	c.CookiesEncryptionKey = cookiesEncryptionKey
@@ -49,6 +60,8 @@ func NewAuthenticationConfig(enabled bool, issuer, clientID, clientSecret, redir
 	c.AuthCookieTTLSeconds = authCookiesTTLSeconds
 	c.UserSessionCookieTTLSeconds = userSessionCookieTTLSeconds
 
+	c.hydraPublicAPIClient = hydraPublicAPIClient
+	c.hydraAdminAPIClient = hydraAdminAPIClient
 	return c
 }
 

diff --git a/pkg/authentication/oidc.go b/pkg/authentication/oidc.go
@@ -72,8 +72,9 @@ func OtelHTTPClientContext(ctx context.Context) context.Context {
 type OIDCProviderSupplier = func(ctx context.Context, issuer string) (*oidc.Provider, error)
 
 type OAuth2Context struct {
-	client   *oauth2.Config
-	verifier TokenVerifier
+	hydraAdminURL string
+	client        *oauth2.Config
+	verifier      TokenVerifier
 
 	tracer  trace.Tracer
 	logger  logging.LoggerInterface
@@ -141,5 +142,7 @@ func NewOAuth2Context(config *Config, getProvider OIDCProviderSupplier, tracer t
 		Scopes:   config.scopes,
 	}
 
+	o.hydraAdminURL = config.hydraAdminURL
+
 	return o
 }