Skip to content

Commit 671973b

Browse files
sbernauersbernauer
committed
fix URL calculation
1 parent a6cd6ae commit 671973b

File tree

1 file changed

+48
-11
lines changed

1 file changed

+48
-11
lines changed

rust/operator-binary/src/config.rs

Lines changed: 48 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,11 @@ pub enum Error {
1717
source: stackable_operator::commons::authentication::ldap::Error,
1818
},
1919

20+
#[snafu(display("invalid OIDC endpoint"))]
21+
InvalidOidcEndpoint {
22+
source: stackable_operator::commons::authentication::oidc::Error,
23+
},
24+
2025
#[snafu(display("invalid OIDC well known URL"))]
2126
InvalidOidcWellKnownUrl {
2227
source: stackable_operator::commons::authentication::oidc::Error,
@@ -219,6 +224,12 @@ fn append_oidc_config(
219224

220225
let oauth_providers_config_entry = match oidc_provider {
221226
oidc::IdentityProviderHint::Keycloak => {
227+
let endpoint_url = oidc.endpoint_url().context(InvalidOidcEndpointSnafu)?;
228+
let api_base_url = endpoint_url.as_str().trim_end_matches('/');
229+
let api_base_url = format!("{api_base_url}/protocol/");
230+
let known_config_url = oidc
231+
.well_known_config_url()
232+
.context(InvalidOidcWellKnownUrlSnafu)?;
222233
formatdoc!(
223234
"
224235
{{ 'name': 'keycloak',
@@ -230,11 +241,10 @@ fn append_oidc_config(
230241
'client_kwargs': {{
231242
'scope': '{scopes}'
232243
}},
233-
'api_base_url': '{url}/protocol/',
234-
'server_metadata_url': '{url}/.well-known/openid-configuration',
244+
'api_base_url': '{api_base_url}',
245+
'server_metadata_url': '{known_config_url}',
235246
}},
236247
}}",
237-
url = oidc.endpoint_url().context(InvalidOidcWellKnownUrlSnafu)?,
238248
scopes = scopes.join(" "),
239249
)
240250
}
@@ -265,10 +275,36 @@ mod tests {
265275
use super::*;
266276

267277
#[rstest]
268-
#[case("/realms/sdp")]
269-
#[case("/realms/sdp/")]
270-
#[case("/realms/sdp/////")]
271-
fn test_append_oidc_config(#[case] root_path: String) {
278+
#[case(
279+
"/",
280+
"https://keycloak.mycorp.org/protocol/",
281+
"https://keycloak.mycorp.org/.well-known/openid-configuration"
282+
)]
283+
#[case(
284+
"",
285+
"https://keycloak.mycorp.org/protocol/",
286+
"https://keycloak.mycorp.org/.well-known/openid-configuration"
287+
)]
288+
#[case(
289+
"/realms/sdp",
290+
"https://keycloak.mycorp.org/realms/sdp/protocol/",
291+
"https://keycloak.mycorp.org/realms/sdp/.well-known/openid-configuration"
292+
)]
293+
#[case(
294+
"/realms/sdp/",
295+
"https://keycloak.mycorp.org/realms/sdp/protocol/",
296+
"https://keycloak.mycorp.org/realms/sdp/.well-known/openid-configuration"
297+
)]
298+
#[case(
299+
"/realms/sdp/////",
300+
"https://keycloak.mycorp.org/realms/sdp/protocol/",
301+
"https://keycloak.mycorp.org/realms/sdp/.well-known/openid-configuration"
302+
)]
303+
fn test_append_oidc_config(
304+
#[case] root_path: String,
305+
#[case] expected_api_base_url: &str,
306+
#[case] expected_server_metadata_url: &str,
307+
) {
272308
use stackable_operator::commons::tls_verification::{CaCert, Tls, TlsServerVerification};
273309

274310
let mut properties = BTreeMap::new();
@@ -300,15 +336,16 @@ mod tests {
300336
let oauth_providers = properties
301337
.get("OAUTH_PROVIDERS")
302338
.expect("OAUTH_PROVIDERS missing");
339+
303340
// This is neither valid yaml or json (it's Python code), so we can not easily parse it and have nice assertions.
304341
// As we don't want to have a Python runtime just for this test, let's grep a bit...
305342
assert!(oauth_providers.contains("'name': 'keycloak'"));
306343
assert!(oauth_providers.contains("client_id': os.environ.get("));
307344
assert!(oauth_providers.contains("client_secret': os.environ.get("));
308345
assert!(oauth_providers.contains("'scope': 'openid'"));
309-
assert!(oauth_providers
310-
.contains("'api_base_url': 'https://keycloak.mycorp.org/realms/sdp/protocol/'"));
311-
assert!(oauth_providers
312-
.contains("'server_metadata_url': 'https://keycloak.mycorp.org/realms/sdp/.well-known/openid-configuration'"));
346+
assert!(oauth_providers.contains(&format!("'api_base_url': '{expected_api_base_url}'")));
347+
assert!(oauth_providers.contains(&format!(
348+
"'server_metadata_url': '{expected_server_metadata_url}'"
349+
)));
313350
}
314351
}

0 commit comments

Comments
 (0)