CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: disable oauth2 client deletion (#149)

Browse Source
This commit is contained in:
David Wobrock
2024-11-15 16:38:17 +01:00
committed by GitHub
parent de407f4b9a
commit 34c92d26ce
5 changed files with 205 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/v1alpha1/oauth2client_types.go
View File

@ -176,7 +176,7 @@ type OAuth2ClientSpec struct {
// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
//
// Indication which authentication method shoud be used for the token endpoint
// Indication which authentication method should be used for the token endpoint
TokenEndpointAuthMethod TokenEndpointAuthMethod `json:"tokenEndpointAuthMethod,omitempty"`
// TokenLifespans is the configuration to use for managing different token lifespans
@ -219,6 +219,12 @@ type OAuth2ClientSpec struct {
//
// BackChannelLogoutURI RP URL that will cause the RP to log itself out when sent a Logout Token by the OP
BackChannelLogoutURI string `json:"backChannelLogoutURI,omitempty"`
// +kubebuilder:validation:Enum=1;2
//
// Indicates if a deleted OAuth2Client custom resource should delete the database row or not.
// Value 1 means deletion of the OAuth2 client, value 2 means keep an orphan oauth2 client.
DeletionPolicy OAuth2ClientDeletionPolicy `json:"deletionPolicy,omitempty"`
}
// GrantType represents an OAuth 2.0 grant type
@ -265,6 +271,14 @@ const (
OAuth2ClientConditionReady = "Ready"
)
// OAuth2ClientDeletionPolicy represents if a deleted oauth2 client object should delete the database row or not.
type OAuth2ClientDeletionPolicy int
const (
OAuth2ClientDeletionPolicyDelete = iota + 1
OAuth2ClientDeletionPolicyOrphan
)
// +kubebuilder:validation:Enum=True;False;Unknown
type ConditionStatus string

1
api/v1alpha1/oauth2client_types_test.go
View File

@ -109,6 +109,7 @@ func TestCreateAPI(t *testing.T) {
"invalid lifespan refresh token access token": func() { created.Spec.TokenLifespans.RefreshTokenGrantAccessTokenLifespan = "invalid" },
"invalid lifespan refresh token id token": func() { created.Spec.TokenLifespans.RefreshTokenGrantIdTokenLifespan = "invalid" },
"invalid lifespan refresh token refresh token": func() { created.Spec.TokenLifespans.RefreshTokenGrantRefreshTokenLifespan = "invalid" },
"invalid deletion policy": func() { created.Spec.DeletionPolicy = -1 },
} {
t.Run(fmt.Sprintf("case=%s", desc), func(t *testing.T) {
resetTestClient()