Merge pull request #273 from metal-stack/edit-hmacs

vknabel · web-flow · commit 9a5e2211a9f3 · 2025-02-03T15:57:13.000+01:00
feat: add support for non-Admin HMACs
diff --git a/README.md b/README.md
@@ -87,6 +87,7 @@ contexts:
     client_id: metal_client
     client_secret: 456
     hmac: YOUR_HMAC
+    hmacAuthType: THE_AUTH_TYPE_OF_YOUR_HMAC # Metal-Admin, Metal-Edit or Metal-View
 ```
 
 Optional you can specify `issuer_type: generic` if you use other issuers as Dex, e.g. Keycloak (this will request scopes `openid,profile,email`):
diff --git a/cmd/root.go b/cmd/root.go
@@ -203,6 +203,11 @@ func initConfigWithViperCtx(c *config) error {
 	if hmacKey == "" && ctx.HMAC != nil {
 		hmacKey = *ctx.HMAC
 	}
+	hmacAuthType := viper.GetString("hmac-auth-type")
+	if hmacAuthType == "" && ctx.HMACAuthType != "" {
+		hmacAuthType = ctx.HMACAuthType
+	}
+
 	apiToken := viper.GetString("api-token")
 
 	// if there is no api token explicitly specified we try to pull it out of the kubeconfig context
@@ -215,7 +220,7 @@ func initConfigWithViperCtx(c *config) error {
 		}
 	}
 
-	client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey)
+	client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey, metalgo.AuthType(hmacAuthType))
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/context.go b/pkg/api/context.go
@@ -25,11 +25,13 @@ type Context struct {
 	ClientID     string  `yaml:"client_id"`
 	ClientSecret string  `yaml:"client_secret"`
 	HMAC         *string `yaml:"hmac"`
+	HMACAuthType string  `yaml:"hmac_auth_type,omitempty"`
 }
 
 var defaultCtx = Context{
-	ApiURL:    "http://localhost:8080/cloud",
-	IssuerURL: "http://localhost:8080/",
+	ApiURL:       "http://localhost:8080/cloud",
+	IssuerURL:    "http://localhost:8080/",
+	HMACAuthType: "Metal-Admin",
 }
 
 func GetContexts() (*Contexts, error) {

Original file line number	Diff line number	Diff line change
`@@ -203,6 +203,11 @@ func initConfigWithViperCtx(c *config) error {`
`203`	`203`	`if hmacKey == "" && ctx.HMAC != nil {`
`204`	`204`	`hmacKey = *ctx.HMAC`
`205`	`205`	`}`
	`206`	`+ hmacAuthType := viper.GetString("hmac-auth-type")`
	`207`	`+ if hmacAuthType == "" && ctx.HMACAuthType != "" {`
	`208`	`+ hmacAuthType = ctx.HMACAuthType`
	`209`	`+ }`
	`210`	`+`
`206`	`211`	`apiToken := viper.GetString("api-token")`
`207`	`212`
`208`	`213`	`// if there is no api token explicitly specified we try to pull it out of the kubeconfig context`
`@@ -215,7 +220,7 @@ func initConfigWithViperCtx(c *config) error {`
`215`	`220`	`}`
`216`	`221`	`}`
`217`	`222`
`218`		`- client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey)`
	`223`	`+ client, err := metalgo.NewDriver(driverURL, apiToken, hmacKey, metalgo.AuthType(hmacAuthType))`
`219`	`224`	`if err != nil {`
`220`	`225`	`return err`
`221`	`226`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,11 +25,13 @@ type Context struct {`
`25`	`25`	ClientID string `yaml:"client_id"`
`26`	`26`	ClientSecret string `yaml:"client_secret"`
`27`	`27`	HMAC *string `yaml:"hmac"`
	`28`	+ HMACAuthType string `yaml:"hmac_auth_type,omitempty"`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`var defaultCtx = Context{`
`31`		`- ApiURL: "http://localhost:8080/cloud",`
`32`		`- IssuerURL: "http://localhost:8080/",`
	`32`	`+ ApiURL: "http://localhost:8080/cloud",`
	`33`	`+ IssuerURL: "http://localhost:8080/",`
	`34`	`+ HMACAuthType: "Metal-Admin",`
`33`	`35`	`}`
`34`	`36`
`35`	`37`	`func GetContexts() (*Contexts, error) {`