Allow scope to be passed as array (#150)

* feat: Allow scope to be passed as array Scopes are currently passed as a scope string, separating scopes by spaces. Clients can grow to many scopes, resulting in a very long string. This change allows us to specify scopes using the property scopeArray. That way, we can separate scopes by newlines. Additionally, this allows us to comment a single scope temporarily or add a comment for a specific scope, e.g. as a reason why that client has this scope granted. * feat: Deprecate scope in favor of scopeArray * feat: Use kubebuilder:deprecatedversion
2024-10-14 10:06:41 +02:00
parent aa0bff206a
commit 44cd2371d9
7 changed files with 79 additions and 6 deletions
--- a/hydra/types.go
+++ b/hydra/types.go
@ -6,6 +6,7 @@ package hydra
 import (
 	"encoding/json"
 	"fmt"
+	"strings"

 	"k8s.io/utils/ptr"

@ -67,6 +68,15 @@ func FromOAuth2Client(c *hydrav1alpha1.OAuth2Client) (*OAuth2ClientJSON, error)
 		return nil, fmt.Errorf("unable to encode `metadata` property value to json: %w", err)
 	}

+	if c.Spec.Scope != "" {
+		fmt.Println("Property `scope` in client '" + c.Name + "' is deprecated. Rather use scopeArray.")
+	}
+
+	var scope = c.Spec.Scope
+	if c.Spec.ScopeArray != nil {
+		scope = strings.Trim(strings.Join(c.Spec.ScopeArray, " ")+" "+scope, " ")
+	}
+
 	return &OAuth2ClientJSON{
 		ClientName:                        c.Spec.ClientName,
 		GrantTypes:                        grantToStringSlice(c.Spec.GrantTypes),
@ -75,7 +85,7 @@ func FromOAuth2Client(c *hydrav1alpha1.OAuth2Client) (*OAuth2ClientJSON, error)
 		PostLogoutRedirectURIs:            redirectToStringSlice(c.Spec.PostLogoutRedirectURIs),
 		AllowedCorsOrigins:                redirectToStringSlice(c.Spec.AllowedCorsOrigins),
 		Audience:                          c.Spec.Audience,
-		Scope:                             c.Spec.Scope,
+		Scope:                             scope,
 		SkipConsent:                       c.Spec.SkipConsent,
 		Owner:                             fmt.Sprintf("%s/%s", c.Name, c.Namespace),
 		TokenEndpointAuthMethod:           string(c.Spec.TokenEndpointAuthMethod),
--- a/hydra/types_test.go
+++ b/hydra/types_test.go
@ -0,0 +1,45 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package hydra_test
+
+import (
+	"testing"
+
+	hydrav1alpha1 "github.com/ory/hydra-maester/api/v1alpha1"
+	"github.com/ory/hydra-maester/hydra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTypes(t *testing.T) {
+	t.Run("Test ScopeArray", func(t *testing.T) {
+		c := hydrav1alpha1.OAuth2Client{
+			Spec: hydrav1alpha1.OAuth2ClientSpec{
+				ScopeArray: []string{"scope1", "scope2"},
+			},
+		}
+
+		var parsedClient, err = hydra.FromOAuth2Client(&c)
+		if err != nil {
+			assert.Fail(t, "unexpected error: %s", err)
+		}
+
+		assert.Equal(t, parsedClient.Scope, "scope1 scope2")
+	})
+
+	t.Run("Test having both Scope and ScopeArray", func(t *testing.T) {
+		c := hydrav1alpha1.OAuth2Client{
+			Spec: hydrav1alpha1.OAuth2ClientSpec{
+				Scope:      "scope3",
+				ScopeArray: []string{"scope1", "scope2"},
+			},
+		}
+
+		var parsedClient, err = hydra.FromOAuth2Client(&c)
+		if err != nil {
+			assert.Fail(t, "unexpected error: %s", err)
+		}
+
+		assert.Equal(t, parsedClient.Scope, "scope1 scope2 scope3")
+	})
+}