/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
@Override public void validate(ConfigProblemSetBuilder p, OAuth2 n) { if (!n.isEnabled()) { return; } if (n.getClient().getClientId() == null) { p.addProblem(Problem.Severity.ERROR, "No OAuth2 client id was supplied"); } if (n.getClient().getClientSecret() == null) { p.addProblem(Problem.Severity.ERROR, "No OAuth2 client secret was supplied"); } if (n.getProvider() == OAuth2.Provider.GOOGLE && (n.getUserInfoRequirements() == null || !n.getUserInfoRequirements().containsKey("hd"))) { p.addProblem(Problem.Severity.WARNING, "Missing 'hd' field within " + "userInfoRequirements of Google OAuth provider. This could expose your Spinnaker " + "instance to anyone with a Gmail account.", "userInfoRequirements"); } } }
@Override public void validate(ConfigProblemSetBuilder p, OAuth2 n) { if (!n.isEnabled()) { return; } if (n.getClient().getClientId() == null) { p.addProblem(Problem.Severity.ERROR, "No OAuth2 client id was supplied"); } if (n.getClient().getClientSecret() == null) { p.addProblem(Problem.Severity.ERROR, "No OAuth2 client secret was supplied"); } if (n.getProvider() == OAuth2.Provider.GOOGLE && (n.getUserInfoRequirements() == null || !n.getUserInfoRequirements().containsKey("hd"))) { p.addProblem(Problem.Severity.WARNING, "Missing 'hd' field within " + "userInfoRequirements of Google OAuth provider. This could expose your Spinnaker " + "instance to anyone with a Gmail account.", "userInfoRequirements"); } } }
@Override protected AuthnMethod editAuthnMethod(OAuth2 authnMethod) { OAuth2.Client client = authnMethod.getClient(); OAuth2.Resource resource = authnMethod.getResource(); OAuth2.UserInfoMapping userInfoMapping = authnMethod.getUserInfoMapping();
@Override protected AuthnMethod editAuthnMethod(OAuth2 authnMethod) { OAuth2.Client client = authnMethod.getClient(); OAuth2.Resource resource = authnMethod.getResource(); OAuth2.UserInfoMapping userInfoMapping = authnMethod.getUserInfoMapping();