auth-templating (#483)

general-kroll-4-life · web-flow · commit 6f6d522d5b20 · 2024-12-17T19:03:00.000+11:00
Summary:

- Support for `account_id` `auth` DTO attribute.
- `golang` templating supported for `token_url` field **only** in `auth` DTO.
    - Inline templating to be used by data transfer objects. Eg `{{ .my_attribute  }}` will dereference vallue serialized at `my_attribute` in given structure.
    - Reading from environment using the prefix `__env__`; eg: `{{ .__env__MY_VAR }}` will dereference the env var `MY_VAR`.
- Auth DTO now supports `account_id` and `account_id_env_var` attributes.  These are not standards-aligned, semantics can vary.
- Amended test materials for robot test `Oauth2 CLient Credentials Auth Should Succeed with Valid Config`, in order to cover off new functionality.
diff --git a/go.mod b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.10.1
-	github.com/stackql/any-sdk v0.0.3-beta21
+	github.com/stackql/any-sdk v0.0.3-beta27
 	github.com/stackql/go-suffix-map v0.0.1-alpha01
 	github.com/stackql/psql-wire v0.1.1-alpha07
 	github.com/stackql/stackql-parser v0.0.14-alpha04
diff --git a/go.sum b/go.sum
@@ -471,8 +471,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU=
-github.com/stackql/any-sdk v0.0.3-beta21 h1:1x76S9scXukHKcBUmzSVYpwWG8TnZXMhlgU0HHcTO2g=
-github.com/stackql/any-sdk v0.0.3-beta21/go.mod h1:CIMFo3fC2ScpqzkzeCkzUQQuzYA1VuqpG0p1EZXN+wY=
+github.com/stackql/any-sdk v0.0.3-beta27 h1:WRfGfseXdHcQUD+dXNH2+W7HjzhHzX/JPstmh31JW+0=
+github.com/stackql/any-sdk v0.0.3-beta27/go.mod h1:CIMFo3fC2ScpqzkzeCkzUQQuzYA1VuqpG0p1EZXN+wY=
 github.com/stackql/go-suffix-map v0.0.1-alpha01 h1:TDUDS8bySu41Oo9p0eniUeCm43mnRM6zFEd6j6VUaz8=
 github.com/stackql/go-suffix-map v0.0.1-alpha01/go.mod h1:QAi+SKukOyf4dBtWy8UMy+hsXXV+yyEE4vmBkji2V7g=
 github.com/stackql/psql-wire v0.1.1-alpha07 h1:LQWVUlx4Bougk6dztDNG5tmXxpIVeeTSsInTj801xCs=
diff --git a/internal/stackql/dto/auth_ctx.go b/internal/stackql/dto/auth_ctx.go
@@ -51,6 +51,8 @@ type AuthCtx struct {
 	ClientSecretEnvVar      string         `json:"client_secret_env_var" yaml:"client_secret_env_var"`
 	Values                  url.Values     `json:"values" yaml:"values"`
 	AuthStyle               int            `json:"auth_style" yaml:"auth_style"`
+	AccountID               string         `json:"account_id" yaml:"account_id"`
+	AccoountIDEnvVar        string         `json:"account_id_env_var" yaml:"account_id_var"`
 }
 
 func (ac *AuthCtx) GetSQLCfg() (SQLBackendCfg, bool) {
@@ -96,6 +98,8 @@ func (ac *AuthCtx) Clone() *AuthCtx {
 		ClientSecretEnvVar:      ac.ClientSecretEnvVar,
 		Values:                  ac.Values,
 		AuthStyle:               ac.AuthStyle,
+		AccountID:               ac.AccountID,
+		AccoountIDEnvVar:        ac.AccoountIDEnvVar,
 	}
 	return rv
 }
diff --git a/internal/stackql/handler/handler.go b/internal/stackql/handler/handler.go
@@ -583,6 +583,8 @@ func transformOpenapiStackqlAuthToLocal(authDTO anysdk.AuthDTO) *dto.AuthCtx {
 		ClientSecretEnvVar:      authDTO.GetClientSecretEnvVar(),
 		Values:                  authDTO.GetValues(),
 		AuthStyle:               authDTO.GetAuthStyle(),
+		AccountID:               authDTO.GetAccountID(),
+		AccoountIDEnvVar:        authDTO.GetAccountIDEnvVar(),
 	}
 	successor, successorExists := authDTO.GetSuccessor()
 	currentParent := rv
diff --git a/internal/stackql/provider/auth_util.go b/internal/stackql/provider/auth_util.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/stackql/any-sdk/pkg/litetemplate"
 	"github.com/stackql/stackql/internal/stackql/constants"
 	"github.com/stackql/stackql/internal/stackql/dto"
 	"github.com/stackql/stackql/internal/stackql/netutils"
@@ -199,11 +200,15 @@ func getGenericClientCredentialsConfig(authCtx *dto.AuthCtx, scopes []string) (*
 	if secretErr != nil {
 		return nil, secretErr
 	}
+	templatedTokenURL, templateErr := litetemplate.RenderTemplateFromSerializable(authCtx.GetTokenURL(), authCtx)
+	if templateErr != nil {
+		return nil, fmt.Errorf("incorrect token url templating %w", templateErr)
+	}
 	rv := &clientcredentials.Config{
 		ClientID:     clientID,
 		ClientSecret: clientSecret,
 		Scopes:       scopes,
-		TokenURL:     authCtx.GetTokenURL(),
+		TokenURL:     templatedTokenURL,
 	}
 	if len(authCtx.GetValues()) > 0 {
 		rv.EndpointParams = authCtx.GetValues()
diff --git a/test/registry/src/stackql_oauth2_testing/v0.1.0/provider.yaml b/test/registry/src/stackql_oauth2_testing/v0.1.0/provider.yaml
@@ -27,7 +27,7 @@ config:
     client_secret_env_var: 'YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR'
     type: "oauth2"
     grant_type: "client_credentials"
-    token_url: 'http://localhost:2091/contrived/simple/token'
+    token_url: 'http://localhost:2091/{{ .__env__YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID }}/simple/token'
     scopes:
       - 'scope-01'
       - 'scope-02'
diff --git a/test/robot/functional/stackql_mocked_from_cmd_line.robot b/test/robot/functional/stackql_mocked_from_cmd_line.robot
@@ -4192,6 +4192,7 @@ Custom Auth Linear Should Send Appropriate Credentials
 Oauth2 CLient Credentials Auth Should Succeed with Valid Config
     Set Environment Variable    YOUR_OAUTH2_CLIENT_ID_ENV_VAR    dummy-client-id
     Set Environment Variable    YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR    dummy-client-secret
+    Set Environment Variable    YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID    contrived
     ${outputStr} =    Catenate    SEPARATOR=\n
     ...    |-----------|---------|
     ...    |${SPACE}${SPACE}${SPACE}${SPACE}id${SPACE}${SPACE}${SPACE}${SPACE}${SPACE}|${SPACE}${SPACE}name${SPACE}${SPACE}${SPACE}|
diff --git a/test/robot/lib/StackQLInterfaces.py b/test/robot/lib/StackQLInterfaces.py
@@ -324,6 +324,8 @@ def _get_default_env(self) -> dict:
       rv["YOUR_OAUTH2_CLIENT_ID_ENV_VAR"] = os.environ.get('YOUR_OAUTH2_CLIENT_ID_ENV_VAR')
     if os.environ.get('YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR') is not None:
       rv["YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR"] = os.environ.get('YOUR_OAUTH2_CLIENT_SECRET_ENV_VAR')
+    if os.environ.get('YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID') is not None:
+      rv["YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID"] = os.environ.get('YOUR_OAUTH2_SOME_SYSTEM_ACCOUNT_ID')
     return rv
 
 

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ type AuthCtx struct {`
`51`	`51`	ClientSecretEnvVar string `json:"client_secret_env_var" yaml:"client_secret_env_var"`
`52`	`52`	Values url.Values `json:"values" yaml:"values"`
`53`	`53`	AuthStyle int `json:"auth_style" yaml:"auth_style"`
	`54`	+ AccountID string `json:"account_id" yaml:"account_id"`
	`55`	+ AccoountIDEnvVar string `json:"account_id_env_var" yaml:"account_id_var"`
`54`	`56`	`}`
`55`	`57`
`56`	`58`	`func (ac *AuthCtx) GetSQLCfg() (SQLBackendCfg, bool) {`
`@@ -96,6 +98,8 @@ func (ac AuthCtx) Clone() AuthCtx {`
`96`	`98`	`ClientSecretEnvVar: ac.ClientSecretEnvVar,`
`97`	`99`	`Values: ac.Values,`
`98`	`100`	`AuthStyle: ac.AuthStyle,`
	`101`	`+ AccountID: ac.AccountID,`
	`102`	`+ AccoountIDEnvVar: ac.AccoountIDEnvVar,`
`99`	`103`	`}`
`100`	`104`	`return rv`
`101`	`105`	`}`
Original file line number	Diff line number	Diff line change
`@@ -583,6 +583,8 @@ func transformOpenapiStackqlAuthToLocal(authDTO anysdk.AuthDTO) *dto.AuthCtx {`
`583`	`583`	`ClientSecretEnvVar: authDTO.GetClientSecretEnvVar(),`
`584`	`584`	`Values: authDTO.GetValues(),`
`585`	`585`	`AuthStyle: authDTO.GetAuthStyle(),`
	`586`	`+ AccountID: authDTO.GetAccountID(),`
	`587`	`+ AccoountIDEnvVar: authDTO.GetAccountIDEnvVar(),`
`586`	`588`	`}`
`587`	`589`	`successor, successorExists := authDTO.GetSuccessor()`
`588`	`590`	`currentParent := rv`