diff --git a/cmd/api-server/main.go b/cmd/api-server/main.go index edcc2dbb2a4..9fe93fa5129 100644 --- a/cmd/api-server/main.go +++ b/cmd/api-server/main.go @@ -15,7 +15,6 @@ import ( "github.com/kubeshop/testkube/cmd/api-server/commons" "github.com/kubeshop/testkube/cmd/api-server/services" "github.com/kubeshop/testkube/internal/app/api/debug" - "github.com/kubeshop/testkube/internal/app/api/oauth" cloudartifacts "github.com/kubeshop/testkube/pkg/cloud/data/artifact" cloudtestworkflow "github.com/kubeshop/testkube/pkg/cloud/data/testworkflow" "github.com/kubeshop/testkube/pkg/event/kind/cdevent" @@ -23,7 +22,6 @@ import ( "github.com/kubeshop/testkube/pkg/event/kind/webhook" ws "github.com/kubeshop/testkube/pkg/event/kind/websocket" "github.com/kubeshop/testkube/pkg/executor/output" - oauth2 "github.com/kubeshop/testkube/pkg/oauth" "github.com/kubeshop/testkube/pkg/secretmanager" "github.com/kubeshop/testkube/pkg/server" "github.com/kubeshop/testkube/pkg/tcl/checktcl" @@ -276,14 +274,6 @@ func main() { httpServer := server.NewServer(server.Config{Port: cfg.APIServerPort}) httpServer.Routes.Use(cors.New()) - // Handle OAuth TODO: deprecated? - httpServer.Routes.Use(oauth.CreateOAuthHandler(oauth.OauthParams{ - ClientID: cfg.TestkubeOAuthClientID, - ClientSecret: cfg.TestkubeOAuthClientSecret, - Provider: oauth2.ProviderType(cfg.TestkubeOAuthProvider), - Scopes: cfg.TestkubeOAuthScopes, - })) - if deprecatedSystem != nil && deprecatedSystem.API != nil { deprecatedSystem.API.Init(httpServer) } diff --git a/cmd/kubectl-testkube/commands/common/client.go b/cmd/kubectl-testkube/commands/common/client.go index 1382dba3975..06bf99ea3a7 100644 --- a/cmd/kubectl-testkube/commands/common/client.go +++ b/cmd/kubectl-testkube/commands/common/client.go @@ -2,14 +2,11 @@ package common import ( "context" - "errors" "fmt" - "os" "runtime" "strconv" "github.com/spf13/cobra" - "golang.org/x/oauth2" "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" "github.com/kubeshop/testkube/pkg/api/v1/client" @@ -23,10 +20,6 @@ func GetClient(cmd *cobra.Command) (client.Client, string, error) { clientType := cmd.Flag("client").Value.String() namespace := cmd.Flag("namespace").Value.String() apiURI := cmd.Flag("api-uri").Value.String() - oauthEnabled, err := strconv.ParseBool(cmd.Flag("oauth-enabled").Value.String()) - if err != nil { - return nil, "", fmt.Errorf("parsing flag value %w", err) - } insecure, err := strconv.ParseBool(cmd.Flag("insecure").Value.String()) if err != nil { @@ -71,30 +64,10 @@ func GetClient(cmd *cobra.Command) (client.Client, string, error) { options.APIServerName = cfg.APIServerName options.APIServerPort = cfg.APIServerPort - switch cfg.ContextType { - case config.ContextTypeKubeconfig: - if oauthEnabled { - options.Provider = cfg.OAuth2Data.Provider - options.ClientID = cfg.OAuth2Data.ClientID - options.ClientSecret = cfg.OAuth2Data.ClientSecret - options.Scopes = cfg.OAuth2Data.Scopes - options.Token = cfg.OAuth2Data.Token - - if os.Getenv("TESTKUBE_OAUTH_ACCESS_TOKEN") != "" { - options.Token = &oauth2.Token{ - AccessToken: os.Getenv("TESTKUBE_OAUTH_ACCESS_TOKEN"), - } - } - - if options.Token == nil { - return nil, "", errors.New("oauth token is empty, please configure your oauth settings first") - } - } - case config.ContextTypeCloud: - + if cfg.ContextType == config.ContextTypeCloud { token := cfg.CloudContext.ApiKey - if cfg.CloudContext.ApiKey != "" && cfg.CloudContext.RefreshToken != "" && cfg.OAuth2Data.Enabled { + if cfg.CloudContext.ApiKey != "" && cfg.CloudContext.RefreshToken != "" { var refreshToken string authURI := fmt.Sprintf("%s/idp", cfg.CloudContext.ApiUri) token, refreshToken, err = cloudlogin.CheckAndRefreshToken(context.Background(), authURI, cfg.CloudContext.ApiKey, cfg.CloudContext.RefreshToken) diff --git a/cmd/kubectl-testkube/commands/config.go b/cmd/kubectl-testkube/commands/config.go index d256f129537..04d58d07a6e 100644 --- a/cmd/kubectl-testkube/commands/config.go +++ b/cmd/kubectl-testkube/commands/config.go @@ -5,7 +5,6 @@ import ( "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/common" commands "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/config" - "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/oauth" "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" "github.com/kubeshop/testkube/pkg/ui" ) @@ -30,7 +29,6 @@ func NewConfigCmd() *cobra.Command { cmd.AddCommand(commands.NewConfigureNamespaceCmd()) cmd.AddCommand(commands.NewConfigureAPIURICmd()) cmd.AddCommand(commands.NewConfigureHeadersCmd()) - cmd.AddCommand(oauth.NewConfigureOAuthCmd()) cmd.AddCommand(commands.NewConfigureAPIServerNameCmd()) cmd.AddCommand(commands.NewConfigureAPIServerPortCmd()) diff --git a/cmd/kubectl-testkube/commands/disable.go b/cmd/kubectl-testkube/commands/disable.go index 260104faab2..549a6f845cc 100644 --- a/cmd/kubectl-testkube/commands/disable.go +++ b/cmd/kubectl-testkube/commands/disable.go @@ -3,7 +3,6 @@ package commands import ( "github.com/spf13/cobra" - "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/oauth" "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/telemetry" "github.com/kubeshop/testkube/pkg/ui" ) @@ -20,7 +19,6 @@ func NewDisableCmd() *cobra.Command { } cmd.AddCommand(telemetry.NewDisableTelemetryCmd()) - cmd.AddCommand(oauth.NewDisableOAuthCmd()) return cmd } diff --git a/cmd/kubectl-testkube/commands/enable.go b/cmd/kubectl-testkube/commands/enable.go index b7752ae35ce..32fc93a840b 100644 --- a/cmd/kubectl-testkube/commands/enable.go +++ b/cmd/kubectl-testkube/commands/enable.go @@ -3,7 +3,6 @@ package commands import ( "github.com/spf13/cobra" - "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/oauth" "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/telemetry" "github.com/kubeshop/testkube/pkg/ui" ) @@ -20,7 +19,6 @@ func NewEnableCmd() *cobra.Command { } cmd.AddCommand(telemetry.NewEnableTelemetryCmd()) - cmd.AddCommand(oauth.NewEnableOAuthCmd()) return cmd } diff --git a/cmd/kubectl-testkube/commands/oauth/config.go b/cmd/kubectl-testkube/commands/oauth/config.go deleted file mode 100644 index a994c19192a..00000000000 --- a/cmd/kubectl-testkube/commands/oauth/config.go +++ /dev/null @@ -1,78 +0,0 @@ -package oauth - -import ( - "fmt" - - "github.com/spf13/cobra" - - "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" - "github.com/kubeshop/testkube/pkg/oauth" - poauth "github.com/kubeshop/testkube/pkg/oauth" - "github.com/kubeshop/testkube/pkg/ui" -) - -// NewConfigureOAuthCmd is oauth config config cmd -func NewConfigureOAuthCmd() *cobra.Command { - var ( - providerType string - clientID string - clientSecret string - scopes []string - ) - - cmd := &cobra.Command{ - Use: "oauth ", - Short: "Set oauth credentials for api uri in testkube client", - Args: func(cmd *cobra.Command, args []string) error { - if len(args) < 1 { - return fmt.Errorf("please pass valid api uri value") - } - - values := map[string]string{ - "client id": clientID, - "client secret": clientSecret, - } - - for key, value := range values { - if value == "" { - return fmt.Errorf("please pass valid %s value", key) - } - } - - provider := poauth.NewProvider(clientID, clientSecret, scopes) - if _, err := provider.GetValidator(poauth.ProviderType(providerType)); err != nil { - return err - } - - return nil - }, - Run: func(cmd *cobra.Command, args []string) { - cfg, err := config.Load() - ui.ExitOnError("loading config file", err) - - cfg.APIURI = args[0] - cfg.OAuth2Data.Provider = poauth.ProviderType(providerType) - cfg.OAuth2Data.ClientID = clientID - cfg.OAuth2Data.ClientSecret = clientSecret - cfg.OAuth2Data.Scopes = scopes - - provider := poauth.NewProvider(clientID, clientSecret, scopes) - client, err := provider.AuthenticateUser(poauth.ProviderType(providerType)) - ui.ExitOnError("authenticating user", err) - - cfg.OAuth2Data.Token = client.Token - cfg.EnableOAuth() - err = config.Save(cfg) - ui.ExitOnError("saving config file", err) - ui.Success("New api uri set to", cfg.APIURI) - ui.Success("New oauth token", cfg.OAuth2Data.Token.AccessToken) - }, - } - - cmd.Flags().StringVar(&providerType, "provider", string(oauth.GithubProviderType), "authentication provider, currently available: github") - cmd.Flags().StringVar(&clientID, "client-id", "", "client id for authentication provider") - cmd.Flags().StringVar(&clientSecret, "client-secret", "", "client secret for authentication provider") - cmd.Flags().StringArrayVar(&scopes, "scope", nil, "scope for authentication provider") - - return cmd -} diff --git a/cmd/kubectl-testkube/commands/oauth/disable.go b/cmd/kubectl-testkube/commands/oauth/disable.go deleted file mode 100644 index af40e2ce1be..00000000000 --- a/cmd/kubectl-testkube/commands/oauth/disable.go +++ /dev/null @@ -1,35 +0,0 @@ -package oauth - -import ( - "github.com/spf13/cobra" - - "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" - "github.com/kubeshop/testkube/pkg/ui" -) - -// NewDisableOAuthCmd is oauth disable command -func NewDisableOAuthCmd() *cobra.Command { - cmd := &cobra.Command{ - Use: "oauth", - Short: "disable oauth authentication for direct api", - Run: func(cmd *cobra.Command, args []string) { - ui.NL() - ui.Print(ui.IconRocket + " Disabling OAuth authentication for direct api") - cfg, err := config.Load() - - if err == nil { - cfg.DisableOauth() - err = config.Save(cfg) - } - if err != nil { - ui.PrintDisabled("OAuth", "failed") - ui.PrintConfigError(err) - } else { - ui.PrintDisabled("OAuth", "disabled") - } - ui.NL() - }, - } - - return cmd -} diff --git a/cmd/kubectl-testkube/commands/oauth/enable.go b/cmd/kubectl-testkube/commands/oauth/enable.go deleted file mode 100644 index 8f9125a867d..00000000000 --- a/cmd/kubectl-testkube/commands/oauth/enable.go +++ /dev/null @@ -1,34 +0,0 @@ -package oauth - -import ( - "github.com/spf13/cobra" - - "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" - "github.com/kubeshop/testkube/pkg/ui" -) - -// NewEnableOAuthCmd is oauth enable command -func NewEnableOAuthCmd() *cobra.Command { - cmd := &cobra.Command{ - Use: "oauth", - Short: "enable oauth authentication for direct api", - Run: func(cmd *cobra.Command, args []string) { - ui.NL() - ui.Print(ui.IconRocket + " Enabling OAuth authentication for direct api") - cfg, err := config.Load() - if err == nil { - cfg.EnableOAuth() - err = config.Save(cfg) - } - if err != nil { - ui.PrintDisabled("OAuth", "failed") - ui.PrintConfigError(err) - } else { - ui.PrintEnabled("OAuth", "enabled") - } - ui.NL() - }, - } - - return cmd -} diff --git a/cmd/kubectl-testkube/commands/oauth/status.go b/cmd/kubectl-testkube/commands/oauth/status.go deleted file mode 100644 index 21bdc8059c4..00000000000 --- a/cmd/kubectl-testkube/commands/oauth/status.go +++ /dev/null @@ -1,31 +0,0 @@ -package oauth - -import ( - "github.com/spf13/cobra" - - "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" - "github.com/kubeshop/testkube/pkg/ui" -) - -// NewStatusOAuthCmd is oauth status command -func NewStatusOAuthCmd() *cobra.Command { - cmd := &cobra.Command{ - Use: "oauth", - Short: "Get oauth status", - Run: func(cmd *cobra.Command, args []string) { - ui.NL() - ui.Print(ui.IconRocket + " Getting OAuth status") - - cfg, err := config.Load() - ui.ExitOnError(" Loading config file failed", err) - if cfg.OAuth2Data.Enabled { - ui.PrintEnabled("OAuth", "enabled") - } else { - ui.PrintDisabled("OAuth", "disabled") - } - ui.NL() - }, - } - - return cmd -} diff --git a/cmd/kubectl-testkube/commands/root.go b/cmd/kubectl-testkube/commands/root.go index 17464b48dea..a489786f29f 100644 --- a/cmd/kubectl-testkube/commands/root.go +++ b/cmd/kubectl-testkube/commands/root.go @@ -197,7 +197,6 @@ func Execute() { RootCmd.PersistentFlags().StringVarP(&namespace, "namespace", "", defaultNamespace, "Kubernetes namespace, default value read from config if set") RootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "", false, "show additional debug messages") RootCmd.PersistentFlags().StringVarP(&apiURI, "api-uri", "a", apiURI, "api uri, default value read from config if set") - RootCmd.PersistentFlags().BoolVarP(&oauthEnabled, "oauth-enabled", "", cfg.OAuth2Data.Enabled, "enable oauth") RootCmd.PersistentFlags().BoolVarP(&insecure, "insecure", "", false, "insecure connection for direct client") RootCmd.PersistentFlags().StringToStringVarP(&headers, "header", "", cfg.Headers, "headers for direct client key value pair: --header name=value") diff --git a/cmd/kubectl-testkube/commands/status.go b/cmd/kubectl-testkube/commands/status.go index 3063fb4d487..9fa61fc6ae8 100644 --- a/cmd/kubectl-testkube/commands/status.go +++ b/cmd/kubectl-testkube/commands/status.go @@ -4,7 +4,6 @@ import ( "github.com/spf13/cobra" "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/common" - "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/oauth" "github.com/kubeshop/testkube/cmd/kubectl-testkube/commands/telemetry" "github.com/kubeshop/testkube/cmd/kubectl-testkube/config" "github.com/kubeshop/testkube/pkg/ui" @@ -39,17 +38,11 @@ func NewStatusCmd() *cobra.Command { ui.PrintDisabled("Telemetry on API", "disabled") } - if cfg.OAuth2Data.Enabled { - ui.PrintEnabled("OAuth", "enabled") - } else { - ui.PrintDisabled("Oauth", "disabled") - } ui.NL() }, } cmd.AddCommand(telemetry.NewStatusTelemetryCmd()) - cmd.AddCommand(oauth.NewStatusOAuthCmd()) return cmd } diff --git a/cmd/kubectl-testkube/config/data.go b/cmd/kubectl-testkube/config/data.go index 76554b0b8cc..7f58b7e9087 100644 --- a/cmd/kubectl-testkube/config/data.go +++ b/cmd/kubectl-testkube/config/data.go @@ -1,11 +1,5 @@ package config -import ( - "golang.org/x/oauth2" - - "github.com/kubeshop/testkube/pkg/oauth" -) - type ContextType string const ( @@ -43,7 +37,6 @@ type Data struct { APIServerPort int `json:"apiServerPort,omitempty"` DashboardName string `json:"dashboardName,omitempty"` DashboardPort int `json:"dashboardPort,omitempty"` - OAuth2Data OAuth2Data `json:"oauth2Data"` ContextType ContextType `json:"contextType,omitempty"` CloudContext CloudContext `json:"cloudContext,omitempty"` @@ -65,23 +58,3 @@ func (c *Data) SetNamespace(ns string) { func (c *Data) SetInitialized() { c.Initialized = true } - -// OAuth2Data contains oauth credentials -type OAuth2Data struct { - Enabled bool `json:"enabled,omitempty"` - Token *oauth2.Token `json:"token,omitempty"` - ClientID string `json:"clientID,omitempty"` - ClientSecret string `json:"clientSecret,omitempty"` - Provider oauth.ProviderType `json:"providerType,omitempty"` - Scopes []string `json:"scopes"` -} - -// EnableOAuth is oauth enable method -func (c *Data) EnableOAuth() { - c.OAuth2Data.Enabled = true -} - -// DisableOauth is oauth disable method -func (c *Data) DisableOauth() { - c.OAuth2Data.Enabled = false -} diff --git a/cmd/kubectl-testkube/config/storage.go b/cmd/kubectl-testkube/config/storage.go index 236ba86a6e8..048cbc6e8c7 100644 --- a/cmd/kubectl-testkube/config/storage.go +++ b/cmd/kubectl-testkube/config/storage.go @@ -4,8 +4,6 @@ import ( "encoding/json" "os" "path" - - "github.com/kubeshop/testkube/pkg/oauth" ) const ( @@ -37,9 +35,6 @@ var DefaultConfig = Data{ APIServerPort: APIServerPort, DashboardName: DashboardName, DashboardPort: DashboardPort, - OAuth2Data: OAuth2Data{ - Provider: oauth.GithubProviderType, - }, } func GetStorage(dir string) (Storage, error) { diff --git a/internal/app/api/oauth/oauth.go b/internal/app/api/oauth/oauth.go deleted file mode 100644 index d70c2103438..00000000000 --- a/internal/app/api/oauth/oauth.go +++ /dev/null @@ -1,45 +0,0 @@ -package oauth - -import ( - "net/http" - "strings" - - "github.com/gofiber/fiber/v2" - - "github.com/kubeshop/testkube/internal/app/api/apiutils" - "github.com/kubeshop/testkube/pkg/log" - "github.com/kubeshop/testkube/pkg/oauth" -) - -const ( - // cliIngressHeader is cli ingress header - cliIngressHeader = "X-CLI-Ingress" -) - -type OauthParams struct { - ClientID string - ClientSecret string - Provider oauth.ProviderType - Scopes string -} - -// CreateOAuthHandler is auth middleware -func CreateOAuthHandler(oauthParams OauthParams) fiber.Handler { - return func(c *fiber.Ctx) error { - if c.Get(cliIngressHeader, "") != "" { - token := strings.TrimSpace(strings.TrimPrefix(c.Get("Authorization", ""), oauth.AuthorizationPrefix)) - var scopes []string - if oauthParams.Scopes != "" { - scopes = strings.Split(oauthParams.Scopes, ",") - } - - provider := oauth.NewProvider(oauthParams.ClientID, oauthParams.ClientSecret, scopes) - if err := provider.ValidateAccessToken(oauthParams.Provider, token); err != nil { - log.DefaultLogger.Errorw("error validating token", "error", err) - return apiutils.SendError(c, http.StatusUnauthorized, err) - } - } - - return c.Next() - } -} diff --git a/internal/config/config.go b/internal/config/config.go index a4b1fd15975..9c2d6fc83f0 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -64,10 +64,6 @@ type Config struct { TestkubeAnalyticsEnabled bool `envconfig:"TESTKUBE_ANALYTICS_ENABLED" default:"false"` TestkubeReadonlyExecutors bool `envconfig:"TESTKUBE_READONLY_EXECUTORS" default:"false"` TestkubeNamespace string `envconfig:"TESTKUBE_NAMESPACE" default:"testkube"` - TestkubeOAuthClientID string `envconfig:"TESTKUBE_OAUTH_CLIENTID" default:""` - TestkubeOAuthClientSecret string `envconfig:"TESTKUBE_OAUTH_CLIENTSECRET" default:""` - TestkubeOAuthProvider string `envconfig:"TESTKUBE_OAUTH_PROVIDER" default:""` - TestkubeOAuthScopes string `envconfig:"TESTKUBE_OAUTH_SCOPES" default:""` TestkubeProAPIKey string `envconfig:"TESTKUBE_PRO_API_KEY" default:""` TestkubeProURL string `envconfig:"TESTKUBE_PRO_URL" default:""` TestkubeProTLSInsecure bool `envconfig:"TESTKUBE_PRO_TLS_INSECURE" default:"false"`