Skip to content

Commit 9b4ca8e

Browse files
dervoetidervoeti
committed
feat: support setting clientAuthenticationMethod for OIDC
1 parent c335c38 commit 9b4ca8e

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

rust/operator-binary/src/config.rs

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,14 @@ fn append_oidc_config(
235235
.well_known_config_url()
236236
.context(InvalidWellKnownConfigUrlSnafu)?;
237237

238+
let client_auth_method = serde_json::to_value(
239+
client_options.client_authentication_method,
240+
)
241+
.expect("ClientAuthenticationMethod should serialize to JSON");
242+
let client_auth_method = client_auth_method
243+
.as_str()
244+
.expect("ClientAuthenticationMethod should serialize to a string");
245+
238246
formatdoc!(
239247
"
240248
{{ 'name': 'keycloak',
@@ -248,6 +256,7 @@ fn append_oidc_config(
248256
}},
249257
'api_base_url': '{api_base_url}',
250258
'server_metadata_url': '{well_known_config_url}',
259+
'token_endpoint_auth_method': '{client_auth_method}',
251260
}},
252261
}}",
253262
scopes = scopes.join(" "),
@@ -460,6 +469,7 @@ mod tests {
460469
oidc: oidc::v1alpha1::ClientAuthenticationOptions {
461470
client_credentials_secret_ref: "test-client-secret1".to_string(),
462471
extra_scopes: vec!["roles".to_string()],
472+
client_authentication_method: Default::default(),
463473
product_specific_fields: (),
464474
},
465475
},
@@ -468,6 +478,7 @@ mod tests {
468478
oidc: oidc::v1alpha1::ClientAuthenticationOptions {
469479
client_credentials_secret_ref: "test-client-secret2".to_string(),
470480
extra_scopes: vec![],
481+
client_authentication_method: Default::default(),
471482
product_specific_fields: (),
472483
},
473484
},
@@ -509,6 +520,7 @@ mod tests {
509520
}},
510521
'api_base_url': 'https://my.keycloak1.server:12345/realms/sdp/protocol/',
511522
'server_metadata_url': 'https://my.keycloak1.server:12345/realms/sdp/.well-known/openid-configuration',
523+
'token_endpoint_auth_method': 'client_secret_basic',
512524
}},
513525
}},
514526
{{ 'name': 'keycloak',
@@ -522,6 +534,7 @@ mod tests {
522534
}},
523535
'api_base_url': 'http://my.keycloak2.server/protocol/',
524536
'server_metadata_url': 'http://my.keycloak2.server/.well-known/openid-configuration',
537+
'token_endpoint_auth_method': 'client_secret_basic',
525538
}},
526539
}}
527540
]

rust/operator-binary/src/crd/authentication.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -472,6 +472,7 @@ mod tests {
472472
oidc: oidc::v1alpha1::ClientAuthenticationOptions {
473473
client_credentials_secret_ref: "airflow-oidc-client1".into(),
474474
extra_scopes: vec!["groups".into()],
475+
client_authentication_method: Default::default(),
475476
product_specific_fields: ()
476477
}
477478
},
@@ -488,6 +489,7 @@ mod tests {
488489
oidc: oidc::v1alpha1::ClientAuthenticationOptions {
489490
client_credentials_secret_ref: "airflow-oidc-client2".into(),
490491
extra_scopes: Vec::new(),
492+
client_authentication_method: Default::default(),
491493
product_specific_fields: ()
492494
}
493495
}

0 commit comments

Comments
 (0)