Skip to content

Commit

Permalink
fix: update gateway schema with oidc config parameters (#3867)
Browse files Browse the repository at this point in the history
* update gateway schema with oidc config parameters

Signed-off-by: ac892247 <[email protected]>

* remove unused imports

Signed-off-by: ac892247 <[email protected]>

---------

Signed-off-by: ac892247 <[email protected]>
  • Loading branch information
achmelo authored Oct 23, 2024
1 parent b727bdd commit 19ece5e
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 33 deletions.
51 changes: 51 additions & 0 deletions schemas/gateway-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,57 @@
}
}
]
},
"oidc": {
"type": "object",
"description": "OIDC configuration.",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable authentication with OIDC token.",
"default": false
},
"registry": {
"type": "string",
"description": "Registry name."
},
"jwks": {
"type": "object",
"description": "JWKS configuration",
"properties": {
"uri": {
"type": "string",
"description": "JWK set URL for OIDC token validation."
},
"refreshInternalHours": {
"type": "integer",
"description": "How often are JWKs renewed.",
"default": 1
}
}
},
"userInfo": {
"type": "object",
"description": "OIDC user info endpoint configuration",
"properties": {
"uri": {
"type": "string",
"description": "OIDC user info endpoint URL."
}
}
},
"validationType": {
"type": "string",
"description": "How OIDC token is validated.",
"enum": ["JWK","endpoint"],
"default": "JWK"
}
}
},
"allowtokenrefresh": {
"type": "boolean",
"description": "Allow JWT to refresh.",
"default": false
}
}
},
Expand Down
2 changes: 0 additions & 2 deletions zaas-package/src/main/resources/bin/start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -344,8 +344,6 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${ZAAS_CODE} ${JAVA_BIN_DIR}java \
-Dapiml.security.authorization.resourceNamePrefix=${ZWE_configs_apiml_security_authorization_resourceNamePrefix:-${ZWE_components_gateway_apiml_security_authorization_resourceNamePrefix:-APIML.}} \
-Dapiml.security.zosmf.applid=${ZWE_configs_apiml_security_zosmf_applid:-${ZWE_components_gateway_apiml_security_zosmf_applid:-IZUDFLT}} \
-Dapiml.security.oidc.enabled=${ZWE_configs_apiml_security_oidc_enabled:-${ZWE_components_gateway_apiml_security_oidc_enabled:-false}} \
-Dapiml.security.oidc.clientId=${ZWE_configs_apiml_security_oidc_clientId:-${ZWE_components_gateway_apiml_security_oidc_clientId:-}} \
-Dapiml.security.oidc.clientSecret=${ZWE_configs_apiml_security_oidc_clientSecret:-${ZWE_components_gateway_apiml_security_oidc_clientSecret:-}} \
-Dapiml.security.oidc.registry=${ZWE_configs_apiml_security_oidc_registry:-${ZWE_components_gateway_apiml_security_oidc_registry:-}} \
-Dapiml.security.oidc.identityMapperUrl=${ZWE_configs_apiml_security_oidc_identityMapperUrl:-${ZWE_components_gateway_apiml_security_oidc_identityMapperUrl:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/certificate/dn"}} \
-Dapiml.security.oidc.identityMapperUser=${ZWE_configs_apiml_security_oidc_identityMapperUser:-${ZWE_components_gateway_apiml_security_oidc_identityMapperUser:-${ZWE_zowe_setup_security_users_zowe:-ZWESVUSR}}} \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,6 @@ public class OIDCTokenProviderJWK implements OIDCProvider {
@Value("${apiml.security.oidc.registry:}")
String registry;

@Value("${apiml.security.oidc.clientId:}")
String clientId;

@Value("${apiml.security.oidc.clientSecret:}")
String clientSecret;

@Value("${apiml.security.oidc.jwks.uri}")
private String jwksUri;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,6 @@
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EmptySource;
import org.junit.jupiter.params.provider.NullSource;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
Expand Down Expand Up @@ -59,8 +56,6 @@ void setup() throws CachingServiceClientException {
oidcTokenProviderJwk = new OIDCTokenProviderJWK(new DefaultClock());
ReflectionTestUtils.setField(oidcTokenProviderJwk, "jwkRefreshInterval", 1);
ReflectionTestUtils.setField(oidcTokenProviderJwk, "jwksUri", "https://jwksurl");
oidcTokenProviderJwk.clientId = "client_id";
oidcTokenProviderJwk.clientSecret = "client_secret";
}

@Nested
Expand Down Expand Up @@ -164,26 +159,6 @@ void whenTokenIsEmpty_thenReturnInvalid() {
}
}

@Nested
class GivenInvalidConfiguration {

@ParameterizedTest
@NullSource
@EmptySource
void whenInvalidClientId_thenReturnInvalid(String id) {
oidcTokenProviderJwk.clientId = id;
assertFalse(oidcTokenProviderJwk.isValid(TOKEN));
}

@ParameterizedTest
@NullSource
@EmptySource
void whenInvalidClientSecret_thenReturnInvalid(String secret) {
oidcTokenProviderJwk.clientSecret = secret;
assertFalse(oidcTokenProviderJwk.isValid(TOKEN));
}
}

@Nested
class JwksUriLoad {

Expand Down

0 comments on commit 19ece5e

Please sign in to comment.