Merge branch 'main' into authz

.all-contributorsrc

@@ -411,6 +411,15 @@
  "contributions": [
  "code"
  ]
+ },
+ {
+ "login": "tvcsantos",
+ "name": "Tiago Santos",
+ "avatar_url": "https://avatars.githubusercontent.com/u/112688?v=4",
+ "profile": "https://github.com/tvcsantos",
+ "contributions": [
+ "code"
+ ]
  }
  ],
  "contributorsPerLine": 7,

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.21
+ARG GO_VERSION=1.22
 
 FROM golang:${GO_VERSION}
 
@@ -31,6 +31,7 @@ WORKDIR /flipt
 
 COPY go.mod go.mod
 COPY go.sum go.sum
+COPY ./core ./core
 COPY ./errors ./errors
 COPY ./rpc/flipt ./rpc/flipt
 COPY ./sdk ./sdk

.github/workflows/devcontainer.yml

@@ -27,6 +27,6 @@ jobs:
  - name: Build and run Dev Container task
  uses: devcontainers/[email protected]
  with:
- imageName: ghcr.io/flipt-io/flipt/flipt-devcontainer
+ imageName: ghcr.io/${{ github.repository_owner }}/flipt/flipt-devcontainer
  runCmd: |
  mage bootstrap

README.md

@@ -392,6 +392,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
   <td align="center" valign="top" width="14.28%"><a href="https://github.com/tegorov"><img src="https://avatars.githubusercontent.com/u/42921436?v=4?s=100" width="100px;" alt="Taras Egorov"/><br /><sub><b>Taras Egorov</b></sub></a><br /><a href="https://github.com/flipt-io/flipt/commits?author=tegorov" title="Code">💻</a></td>
   <td align="center" valign="top" width="14.28%"><a href="https://about.me/elliotpahl"><img src="https://avatars.githubusercontent.com/u/113981?v=4?s=100" width="100px;" alt="Elliot Pahl"/><br /><sub><b>Elliot Pahl</b></sub></a><br /><a href="https://github.com/flipt-io/flipt/commits?author=halcyonCorsair" title="Code">💻</a></td>
   <td align="center" valign="top" width="14.28%"><a href="https://github.com/vk-rv"><img src="https://avatars.githubusercontent.com/u/77097900?v=4?s=100" width="100px;" alt="Oleg"/><br /><sub><b>Oleg</b></sub></a><br /><a href="https://github.com/flipt-io/flipt/commits?author=vk-rv" title="Code">💻</a></td>
+  <td align="center" valign="top" width="14.28%"><a href="https://github.com/tvcsantos"><img src="https://avatars.githubusercontent.com/u/112688?v=4?s=100" width="100px;" alt="Tiago Santos"/><br /><sub><b>Tiago Santos</b></sub></a><br /><a href="https://github.com/flipt-io/flipt/commits?author=tvcsantos" title="Code">💻</a></td>
  </tr>
  </tbody>
 </table>

config/flipt.schema.cue

@@ -77,6 +77,8 @@ import "strings"
 
  github?: {
  enabled?: bool | *false
+ server_url?: string
+ api_url?: string
  client_secret?: string
  client_id?: string
  redirect_address?: string

config/flipt.schema.json

@@ -202,6 +202,14 @@
  "type": "boolean",
  "default": false
  },
+ "server_url": {
+ "type": "string",
+ "default": "https://github.com"
+ },
+ "api_url": {
+ "type": "string",
+ "default": "https://api.github.com"
+ },
  "client_secret": {
  "type": "string"
  },

internal/config/authentication.go

@@ -533,6 +533,8 @@ func (a AuthenticationMethodKubernetesConfig) validate() error { return nil }
 // AuthenticationMethodGithubConfig contains configuration and information for completing an OAuth
 // 2.0 flow with GitHub as a provider.
 type AuthenticationMethodGithubConfig struct {
+ ServerURL string `json:"serverUrl,omitempty" mapstructure:"server_url" yaml:"server_url,omitempty"`
+ ApiURL string `json:"apiUrl,omitempty" mapstructure:"api_url" yaml:"api_url,omitempty"`
  ClientId string `json:"-" mapstructure:"client_id" yaml:"-"`
  ClientSecret string `json:"-" mapstructure:"client_secret" yaml:"-"`
  RedirectAddress string `json:"redirectAddress,omitempty" mapstructure:"redirect_address" yaml:"redirect_address,omitempty"`

internal/server/authn/method/github/server.go

@@ -17,14 +17,14 @@ import (
  "go.flipt.io/flipt/rpc/flipt/auth"
  "go.uber.org/zap"
  "golang.org/x/oauth2"
- oauth2GitHub "golang.org/x/oauth2/github"
  "google.golang.org/grpc"
  "google.golang.org/protobuf/types/known/timestamppb"
 )
 
 type endpoint string
 
 const (
+ githubServer = "https://github.com"
  githubAPI = "https://api.github.com"
  githubUser endpoint = "/user"
  githubUserOrganizations endpoint = "/user/orgs"
@@ -62,16 +62,24 @@ func NewServer(
  store storageauth.Store,
  config config.AuthenticationConfig,
 ) *Server {
+ serverURL := githubServer
+ if config.Methods.Github.Method.ServerURL != "" {
+ serverURL = config.Methods.Github.Method.ServerURL
+ }
+
  return &Server{
  logger: logger,
  store: store,
  config: config,
  oauth2Config: &oauth2.Config{
  ClientID: config.Methods.Github.Method.ClientId,
  ClientSecret: config.Methods.Github.Method.ClientSecret,
- Endpoint: oauth2GitHub.Endpoint,
- RedirectURL: callbackURL(config.Methods.Github.Method.RedirectAddress),
- Scopes: config.Methods.Github.Method.Scopes,
+ Endpoint: oauth2.Endpoint{
+ AuthURL: serverURL + "/login/oauth/authorize",
+ TokenURL: serverURL + "/login/oauth/access_token",
+ },
+ RedirectURL: callbackURL(config.Methods.Github.Method.RedirectAddress),
+ Scopes: config.Methods.Github.Method.Scopes,
  },
  }
 }
@@ -127,7 +135,12 @@ func (s *Server) Callback(ctx context.Context, r *auth.CallbackRequest) (*auth.C
  ID uint64 `json:"id,omitempty"`
  }
 
- if err = api(ctx, token, githubUser, &githubUserResponse); err != nil {
+ apiURL := githubAPI
+ if s.config.Methods.Github.Method.ApiURL != "" {
+ apiURL = s.config.Methods.Github.Method.ApiURL
+ }
+
+ if err = api(ctx, token, apiURL, githubUser, &githubUserResponse); err != nil {
  return nil, err
  }
 
@@ -153,14 +166,14 @@ func (s *Server) Callback(ctx context.Context, r *auth.CallbackRequest) (*auth.C
  set(method.StorageMetadataName, githubUserResponse.Name)
 
  if len(s.config.Methods.Github.Method.AllowedOrganizations) != 0 {
- userOrgs, err := getUserOrgs(ctx, token)
+ userOrgs, err := getUserOrgs(ctx, token, apiURL)
  if err != nil {
  return nil, err
  }
 
  var userTeamsByOrg map[string]map[string]bool
  if len(s.config.Methods.Github.Method.AllowedTeams) != 0 {
- userTeamsByOrg, err = getUserTeamsByOrg(ctx, token)
+ userTeamsByOrg, err = getUserTeamsByOrg(ctx, token, apiURL)
  if err != nil {
  return nil, err
  }
@@ -211,12 +224,12 @@ type githubSimpleTeam struct {
 }
 
 // api calls Github API, decodes and stores successful response in the value pointed to by v.
-func api(ctx context.Context, token *oauth2.Token, endpoint endpoint, v any) error {
+func api(ctx context.Context, token *oauth2.Token, apiURL string, endpoint endpoint, v any) error {
  c := &http.Client{
  Timeout: 5 * time.Second,
  }
 
- userReq, err := http.NewRequestWithContext(ctx, "GET", string(githubAPI+endpoint), nil)
+ userReq, err := http.NewRequestWithContext(ctx, "GET", apiURL+string(endpoint), nil)
  if err != nil {
  return err
  }
@@ -239,9 +252,9 @@ func api(ctx context.Context, token *oauth2.Token, endpoint endpoint, v any) err
  return json.NewDecoder(resp.Body).Decode(v)
 }
 
-func getUserOrgs(ctx context.Context, token *oauth2.Token) (map[string]bool, error) {
+func getUserOrgs(ctx context.Context, token *oauth2.Token, apiURL string) (map[string]bool, error) {
  var response []githubSimpleOrganization
- if err := api(ctx, token, githubUserOrganizations, &response); err != nil {
+ if err := api(ctx, token, apiURL, githubUserOrganizations, &response); err != nil {
  return nil, err
  }
 
@@ -253,9 +266,9 @@ func getUserOrgs(ctx context.Context, token *oauth2.Token) (map[string]bool, err
  return orgs, nil
 }
 
-func getUserTeamsByOrg(ctx context.Context, token *oauth2.Token) (map[string]map[string]bool, error) {
+func getUserTeamsByOrg(ctx context.Context, token *oauth2.Token, apiURL string) (map[string]map[string]bool, error) {
  var response []githubSimpleTeam
- if err := api(ctx, token, githubUserTeams, &response); err != nil {
+ if err := api(ctx, token, apiURL, githubUserTeams, &response); err != nil {
  return nil, err
  }