def main_add_oidc(args):
"""
Add a config entry for OIDC auth
"""
backend = args.backend
provider_id = args.provider_id
client_id = args.client_id
ask_client_secret = args.ask_client_secret
use_default_client = args.use_default_client
config = AuthConfig()
print("Will add OpenID Connect auth config for backend URL {b!r}".format(
b=backend))
print("to config file: {c!r}".format(c=str(config.path)))
con = connect(backend)
api_version = con.capabilities().api_version_check
if api_version < "1.0.0":
raise CliToolException(
"Backend API version is too low: {v} < 1.0.0".format(
v=api_version))
# Find provider ID
oidc_info = con.get("/credentials/oidc", expected_status=200).json()
providers = OrderedDict((p["id"], OidcProviderInfo.from_dict(p))
for p in oidc_info["providers"])
if not providers:
raise CliToolException(
"No OpenID Connect providers listed by backend {b!r}.".format(
b=backend))
if not provider_id:
if len(providers) == 1:
provider_id = list(providers.keys())[0]
else:
provider_id = _interactive_choice(
title="Backend {b!r} has multiple OpenID Connect providers.".
format(b=backend),
options=[(p.id, "{t} (issuer {s})".format(t=p.title,
s=p.issuer))
for p in providers.values()])
if provider_id not in providers:
raise CliToolException(
"Invalid provider ID {p!r}. Should be one of {o}.".format(
p=provider_id, o=list(providers.keys())))
provider = providers[provider_id]
print("Using provider ID {p!r} (issuer {i!r})".format(p=provider_id,
i=provider.issuer))
# Get client_id and client_secret (if necessary)
if use_default_client:
if not provider.default_clients:
show_warning(
"No default clients declared for provider {p!r}".format(
p=provider_id))
client_id, client_secret = None, None
else:
if not client_id:
if provider.default_clients:
client_prompt = "Enter client_id or leave empty to use default client, and press enter: "
else:
client_prompt = "Enter client_id and press enter: "
client_id = builtins.input(client_prompt).strip() or None
print("Using client ID {u!r}".format(u=client_id))
if not client_id and not provider.default_clients:
show_warning("Given client ID was empty.")
if client_id and ask_client_secret:
client_secret = getpass(
"Enter client_secret or leave empty to not use a secret, and press enter: "
) or None
else:
client_secret = None
config.set_oidc_client_config(backend=backend,
provider_id=provider_id,
client_id=client_id,
client_secret=client_secret,
issuer=provider.issuer)
print("Saved client information to {p!r}".format(p=str(config.path)))
def main_add_oidc(args):
"""
Add a config entry for OIDC auth
"""
backend = args.backend
provider_id = args.provider_id
client_id = args.client_id
config = AuthConfig()
print("Will add OpenID Connect auth config for backend URL {b!r}".format(
b=backend))
print("to config file: {c!r}".format(c=str(config.path)))
con = connect(backend)
api_version = con.capabilities().api_version_check
if api_version < "1.0.0":
raise CliToolException(
"Backend API version is too low: {v} < 1.0.0".format(
v=api_version))
# Find provider ID
oidc_info = con.get("/credentials/oidc", expected_status=200).json()
providers = OrderedDict([(p["id"], p) for p in oidc_info["providers"]])
if not providers:
raise CliToolException(
"No OpenID Connect providers listed by backend {b!r}.".format(
b=backend))
if not provider_id:
if len(providers) == 1:
provider_id = list(providers.keys())[0]
else:
provider_id = _interactive_choice(
title="Backend {b!r} has multiple OpenID Connect providers.".
format(b=backend),
options=[(p["id"], "{t} (issuer {s})".format(t=p["title"],
s=p["issuer"]))
for p in providers.values()])
if provider_id not in providers:
raise CliToolException(
"Invalid provider ID {p!r}. Should be one of {o}.".format(
p=provider_id, o=list(providers.keys())))
issuer = providers[provider_id]["issuer"]
print("Using provider ID {p!r} (issuer {i!r})".format(p=provider_id,
i=issuer))
# Get client_id and client_secret
# Find username and password
if not client_id:
client_id = builtins.input("Enter client_id and press enter: ")
print("Using client ID {u!r}".format(u=client_id))
if not client_id:
show_warning("Given client ID was empty.")
client_secret = getpass("Enter client_secret and press enter: ")
if not client_secret:
show_warning("Given client secret was empty.")
config.set_oidc_client_config(backend=backend,
provider_id=provider_id,
client_id=client_id,
client_secret=client_secret,
issuer=issuer)
print("Saved client information to {p!r}".format(p=str(config.path)))