Last active
December 6, 2023 18:39
-
-
Save sneal/cc34488cc5144e5e6a3adea5fc17ee14 to your computer and use it in GitHub Desktop.
go-cfclient config.New
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| func (c *Config) OAuth2HTTPClient(ctx context.Context) (*http.Client, error) { | |
| // if explicitly configured with an oauth2 transport then use as-is | |
| if _, ok := c.httpClient.Transport.(*oauth2.Transport); ok { | |
| return c.httpClient, nil | |
| } | |
| // use our http.Client instance for token acquisition | |
| oauthCtx := context.WithValue(ctx, oauth2.HTTPClient, c.httpClient) | |
| var tokenSource oauth2.TokenSource | |
| switch c.grantType { | |
| case internalhttp.GrantTypeClientCredentials: | |
| authConfig := &clientcredentials.Config{ | |
| ClientID: c.clientID, | |
| ClientSecret: c.clientSecret, | |
| TokenURL: c.uaaEndpointURL, | |
| } | |
| tokenSource = authConfig.TokenSource(oauthCtx) | |
| case internalhttp.GrantTypePassword: | |
| authConfig := &oauth2.Config{ | |
| ClientID: c.clientID, | |
| ClientSecret: c.clientSecret, | |
| Scopes: c.scopes, | |
| Endpoint: oauth2.Endpoint{ | |
| AuthURL: c.loginEndpointURL + "/oauth/auth", | |
| TokenURL: c.uaaEndpointURL + "/oauth/token", | |
| }, | |
| } | |
| // Add optional login hint to the token URL | |
| if c.origin != "" { | |
| authConfig.Endpoint.TokenURL = addLoginHintToURL(authConfig.Endpoint.TokenURL, c.origin) | |
| } | |
| // Login using user/pass | |
| token, err := authConfig.PasswordCredentialsToken(oauthCtx, c.username, c.password) | |
| if err != nil { | |
| return nil, err | |
| } | |
| tokenSource = authConfig.TokenSource(oauthCtx, token) | |
| case internalhttp.GrantTypeNone: | |
| authConfig := &oauth2.Config{ | |
| ClientID: c.clientID, | |
| ClientSecret: c.clientSecret, | |
| Scopes: c.scopes, | |
| Endpoint: oauth2.Endpoint{ // TODO is Endpoint needed? | |
| AuthURL: c.loginEndpointURL + "/oauth/auth", | |
| TokenURL: c.uaaEndpointURL + "/oauth/token", | |
| }, | |
| } | |
| tokenSource = authConfig.TokenSource(oauthCtx, c.oAuthToken) | |
| default: | |
| return nil, fmt.Errorf("unsupported OAuth2 grant type '%s'", c.grantType) | |
| } | |
| // oauth2.NewClient only copies the transport, so explicitly create our own http.Client | |
| // https://github.com/golang/oauth2/issues/368 | |
| return &http.Client{ | |
| Transport: &oauth2.Transport{ | |
| Base: c.httpClient.Transport, | |
| Source: tokenSource, | |
| }, | |
| Timeout: c.httpClient.Timeout, | |
| CheckRedirect: c.httpClient.CheckRedirect, | |
| Jar: c.httpClient.Jar, | |
| }, nil | |
| } | |
| func (c *Config) HTTPClient() *http.Client { | |
| // if explicitly configured with an oauth2 transport then create a new http client | |
| // using the oauth2 transport's base transport that shouldn't auth | |
| if tt, ok := c.httpClient.Transport.(*oauth2.Transport); ok { | |
| return &http.Client{ | |
| Transport: tt.Base, | |
| Timeout: c.httpClient.Timeout, | |
| CheckRedirect: c.httpClient.CheckRedirect, | |
| Jar: c.httpClient.Jar, | |
| } | |
| } | |
| // regular http client, use as-is | |
| return c.httpClient | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // use the CF CLI endpoints and oauth token | |
| // cannot renew refresh token (no credentials) | |
| cfg, err = config.New(config.FromCFCLI()) | |
| // use the CF CLI config but login using admin | |
| conf, err = config.New( | |
| config.FromCFCLI(), | |
| config.UserPassword("admin", "pass")) | |
| // use the CF CLI config but login using the cf-mgmt client and override the user agent | |
| conf, err = config.New( | |
| config.FromCFCLI(), | |
| config.UserAgent("cf-mgmt/v3"), | |
| config.ClientCredentials("cf-mgmt", "secret")) | |
| // query the root v3 api for login, uaa, app_ssh endpoints and use the admin user | |
| conf, err = config.New( | |
| config.FromRoot(ctx, "https://api.sys.example.com"), | |
| config.UserPassword("admin", "pass")) | |
| // query the root v3 api for login, uaa, app_ssh endpoints skipping TLS validation and use the cf-mgmt client | |
| conf, err = config.New( | |
| config.SkipTLSValidation(), | |
| config.FromRoot(ctx, "https://api.sys.example.com"), | |
| config.ClientCredentials("cf-mgmt", "secret")) | |
| // query the root v3 api for login, uaa, app_ssh endpoints skipping TLS validation and use the specified oauth token | |
| // cannot renew refresh token (no credentials) | |
| conf, err = config.New( | |
| config.SkipTLSValidation(), | |
| config.FromRoot(ctx, "https://api.sys.example.com"), | |
| config.Token(accessToken, refreshToken)) | |
| // Explicitly specify everything and use no defaults | |
| conf, err = config.New( | |
| config.SkipTLSValidation(), | |
| config.Endpoint("https://api.sys.example.com"), | |
| config.AuthTokenURL("https://login.sys.example.com", "https://uaa.sys.example.com"), | |
| config.UserPassword("admin", "pass"), | |
| config.UserAgent("myapp/v1"), | |
| config.HttpClient(httpClient), | |
| config.RequestTimeout(120*time.Second), | |
| config.Origin("ldap"), | |
| config.Scopes("cloud_controller.read", "cloud_controller_service_permissions.read")) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment