Skip to content

Commit 19b13ea

Browse files
authored
Add Client Token Validation with CEL (#740)
1 parent c55b6d9 commit 19b13ea

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+853
-30
lines changed

.github/workflows/ci.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,9 @@ jobs:
132132
MULTI_STATUS: false
133133
LINTER_RULES_PATH: .
134134
GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: ./.github/zizmor.yml
135+
ENABLE_GITHUB_ACTIONS_STEP_SUMMARY: true
136+
ENABLE_GITHUB_PULL_REQUEST_SUMMARY_COMMENT: false
137+
SAVE_SUPER_LINTER_SUMMARY: true
135138
VALIDATE_ALL_CODEBASE: true
136139
VALIDATE_BASH: true
137140
VALIDATE_BASH_EXEC: true

.idea/go.imports.xml

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cmd/openvpn-auth-oauth2/root.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -239,9 +239,38 @@ func initializeConfigAndLogger(args []string, stdout io.Writer) (config.Config,
239239
return config.Config{}, nil, ReturnCodeError
240240
}
241241

242+
logWarnings(logger, conf)
243+
242244
return conf, logger, ReturnCodeNoError
243245
}
244246

247+
func logWarnings(logger *slog.Logger, conf config.Config) {
248+
if conf.OAuth2.Validate.CEL != "" {
249+
logger.Warn("Using CEL validation is experimental and may not be suitable for production use.")
250+
}
251+
/*
252+
if conf.OAuth2.Validate.CommonName != "" {
253+
logger.Info("using Common Name validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
254+
}
255+
256+
if conf.OAuth2.Validate.IPAddr {
257+
logger.Info("using IP Address validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
258+
}
259+
260+
if len(conf.OAuth2.Validate.Acr) > 0 {
261+
logger.Info("using ACR validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
262+
}
263+
264+
if len(conf.OAuth2.Validate.Groups) > 0 {
265+
logger.Info("using Groups validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
266+
}
267+
268+
if len(conf.OAuth2.Validate.Roles) > 0 {
269+
logger.Info("using Roles validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
270+
}
271+
*/
272+
}
273+
245274
// startServices starts all the background services (HTTP server, OpenVPN client, debug listener).
246275
func startServices(
247276
ctx context.Context,

0 commit comments

Comments
 (0)