auth-templating

Summary:

- Support for `account_id` `auth` DTO attribute.
- Naive, structure-internal `golang` templating supported for `token_url` field **only** in `auth` DTO.
- Amended test materials for robot test `Oauth2 CLient Credentials Auth Should Succeed with Valid Config`, in order to cover off new functionality.

Author: general-kroll-4-life

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.10.1
-	github.com/stackql/any-sdk v0.0.3-beta21
+	github.com/stackql/any-sdk v0.0.3-beta26
 	github.com/stackql/go-suffix-map v0.0.1-alpha01
 	github.com/stackql/psql-wire v0.1.1-alpha07
 	github.com/stackql/stackql-parser v0.0.14-alpha04

go.sum

@@ -471,8 +471,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU=
-github.com/stackql/any-sdk v0.0.3-beta21 h1:1x76S9scXukHKcBUmzSVYpwWG8TnZXMhlgU0HHcTO2g=
-github.com/stackql/any-sdk v0.0.3-beta21/go.mod h1:CIMFo3fC2ScpqzkzeCkzUQQuzYA1VuqpG0p1EZXN+wY=
+github.com/stackql/any-sdk v0.0.3-beta26 h1:pl8UwijDcg/87QsGZP+Odc/zCSBt4WCaEN/EiCrzarc=
+github.com/stackql/any-sdk v0.0.3-beta26/go.mod h1:CIMFo3fC2ScpqzkzeCkzUQQuzYA1VuqpG0p1EZXN+wY=
 github.com/stackql/go-suffix-map v0.0.1-alpha01 h1:TDUDS8bySu41Oo9p0eniUeCm43mnRM6zFEd6j6VUaz8=
 github.com/stackql/go-suffix-map v0.0.1-alpha01/go.mod h1:QAi+SKukOyf4dBtWy8UMy+hsXXV+yyEE4vmBkji2V7g=
 github.com/stackql/psql-wire v0.1.1-alpha07 h1:LQWVUlx4Bougk6dztDNG5tmXxpIVeeTSsInTj801xCs=

internal/stackql/dto/auth_ctx.go

@@ -51,6 +51,8 @@ type AuthCtx struct {
 	ClientSecretEnvVar      string         `json:"client_secret_env_var" yaml:"client_secret_env_var"`
 	Values                  url.Values     `json:"values" yaml:"values"`
 	AuthStyle               int            `json:"auth_style" yaml:"auth_style"`
+	AccountID               string         `json:"account_id" yaml:"account_id"`
+	AccoountIDEnvVar        string         `json:"account_id_env_var" yaml:"account_id_var"`
 }
 
 func (ac *AuthCtx) GetSQLCfg() (SQLBackendCfg, bool) {
@@ -96,6 +98,8 @@ func (ac *AuthCtx) Clone() *AuthCtx {
 		ClientSecretEnvVar:      ac.ClientSecretEnvVar,
 		Values:                  ac.Values,
 		AuthStyle:               ac.AuthStyle,
+		AccountID:               ac.AccountID,
+		AccoountIDEnvVar:        ac.AccoountIDEnvVar,
 	}
 	return rv
 }

internal/stackql/handler/handler.go

@@ -583,6 +583,8 @@ func transformOpenapiStackqlAuthToLocal(authDTO anysdk.AuthDTO) *dto.AuthCtx {
 		ClientSecretEnvVar:      authDTO.GetClientSecretEnvVar(),
 		Values:                  authDTO.GetValues(),
 		AuthStyle:               authDTO.GetAuthStyle(),
+		AccountID:               authDTO.GetAccountID(),
+		AccoountIDEnvVar:        authDTO.GetAccountIDEnvVar(),
 	}
 	successor, successorExists := authDTO.GetSuccessor()
 	currentParent := rv

internal/stackql/provider/auth_util.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/stackql/any-sdk/pkg/litetemplate"
 	"github.com/stackql/stackql/internal/stackql/constants"
 	"github.com/stackql/stackql/internal/stackql/dto"
 	"github.com/stackql/stackql/internal/stackql/netutils"
@@ -199,11 +200,15 @@ func getGenericClientCredentialsConfig(authCtx *dto.AuthCtx, scopes []string) (*
 	if secretErr != nil {
 		return nil, secretErr
 	}
+	templatedTokenURL, templateErr := litetemplate.RenderTemplateFromSerializable(authCtx.GetTokenURL(), authCtx)
+	if templateErr != nil {
+		return nil, fmt.Errorf("incorrect token url templating %w", templateErr)
+	}
 	rv := &clientcredentials.Config{
 		ClientID:     clientID,
 		ClientSecret: clientSecret,
 		Scopes:       scopes,
-		TokenURL:     authCtx.GetTokenURL(),
+		TokenURL:     templatedTokenURL,
 	}
 	if len(authCtx.GetValues()) > 0 {
 		rv.EndpointParams = authCtx.GetValues()

test/registry/src/stackql_oauth2_testing/v0.1.0/provider.yaml

@@ -25,9 +25,10 @@ config:
   auth:
     client_id_env_var: 'YOUR_OAUTH2_CLIENT_ID_ENV_VAR'
     client_secret_env_var: 'YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR'
+    account_id: 'contrived'
     type: "oauth2"
     grant_type: "client_credentials"
-    token_url: 'http://localhost:2091/contrived/simple/token'
+    token_url: 'http://localhost:2091/{{ .account_id }}/simple/token'
     scopes:
       - 'scope-01'
       - 'scope-02'