chore: remove dex

go.mod

@@ -14,7 +14,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.27.23
 	github.com/aws/aws-sdk-go-v2/service/kms v1.35.1
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/go-gota/gota v0.12.0
 	github.com/go-jose/go-jose/v4 v4.0.2
 	github.com/go-redis/redis v6.15.9+incompatible
@@ -110,7 +109,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.18 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
@@ -129,7 +127,6 @@ require (
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 

go.sum

@@ -368,8 +368,6 @@ github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmeka
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
-github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -1033,8 +1031,6 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
-github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
 github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
 github.com/prometheus/alertmanager v0.24.0/go.mod h1:r6fy/D7FRuZh5YbnX6J3MBY0eI4Pb5yPYS7/bPSXXqI=
 github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -1975,7 +1971,6 @@ gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/telebot.v3 v3.0.0/go.mod h1:7rExV8/0mDDNu9epSrDm/8j22KLaActH1Tbee6YjzWg=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=

hack/generate-service-token/README.md

@@ -2,9 +2,8 @@
 
 ```
 go run ./hack/generate-service-token generate \
-  --issuer=dex-issuer \
-  --sub=sub \
-  --audience=client-id-set-in-dex-config \
+  --issuer=issuer \
+  --audience=audience \
   --email=email \
   --role=role \
   --key=full-path-to-private-key \

hack/generate-service-token/command.go

@@ -31,7 +31,6 @@ type command struct {
 	*kingpin.CmdClause
 	keyPath  *string
 	issuer   *string
-	sub      *string
 	audience *string
 	email    *string
 	role     *string
@@ -44,7 +43,6 @@ func registerCommand(r cli.CommandRegistry, p cli.ParentCommand) *command {
 		CmdClause: cmd,
 		keyPath:   cmd.Flag("key", "Path to the private keys.").Required().String(),
 		issuer:    cmd.Flag("issuer", "Issuer url set in dex config.").Required().String(),
-		sub:       cmd.Flag("sub", "Subject id.").Required().String(),
 		audience:  cmd.Flag("audience", "Client id set in dex config.").Required().String(),
 		email:     cmd.Flag("email", "Email will be set in token.").Required().String(),
 		// FIXME: This should be removed in the future
@@ -63,7 +61,6 @@ func (c *command) Run(ctx context.Context, metrics metrics.Metrics, logger *zap.
 	}
 	accessToken := &token.AccessToken{
 		Issuer:        *c.issuer,
-		Subject:       *c.sub,
 		Audience:      *c.audience,
 		Expiry:        time.Now().AddDate(100, 0, 0),
 		IssuedAt:      time.Now(),

manifests/bucketeer/charts/backend/templates/deployment.yaml

@@ -146,14 +146,6 @@ spec:
               value: "{{ .Values.env.metricsPort }}"
             - name: BUCKETEER_BACKEND_LOG_LEVEL
               value: "{{ .Values.env.logLevel }}"
-            - name: BUCKETEER_BACKEND_OAUTH_CLIENT_ID
-              value: "{{ .Values.oauth.clientId }}"
-            - name: BUCKETEER_BACKEND_OAUTH_CONFIG_PATH
-              value: /usr/local/oauth-config/oauth-config.json
-            - name: BUCKETEER_BACKEND_OAUTH_CLIENT_SECRET
-              value: "{{ .Values.oauth.clientSecret }}"
-            - name: BUCKETEER_BACKEND_OAUTH_ISSUER
-              value: "{{ .Values.oauth.issuer }}"
             - name: BUCKETEER_BACKEND_OAUTH_PUBLIC_KEY
               value: /usr/local/oauth-key/public.pem
             - name: BUCKETEER_BACKEND_OAUTH_PRIVATE_KEY
@@ -162,22 +154,17 @@ spec:
               value: /usr/local/certs/service/tls.crt
             - name: BUCKETEER_BACKEND_KEY
               value: /usr/local/certs/service/tls.key
-            - name: BUCKETEER_BACKEND_OAUTH_ISSUER_CERT
-              value: /usr/local/certs/issuer/tls.crt
+            - name: BUCKETEER_BACKEND_OAUTH_CONFIG_PATH
+              value: /usr/local/oauth-config/oauth-config.json
             - name: BUCKETEER_BACKEND_SERVICE_TOKEN
               value: /usr/local/service-token/token
             - name: BUCKETEER_BACKEND_EMAIL_FILTER
               value: "{{ .Values.env.emailFilter }}"
-            - name: BUCKETEER_BACKEND_OAUTH_REDIRECT_URLS
-              value: {{- toYaml .Values.oauth.redirectUrls | nindent 16 }}
             - name: BUCKETEER_BACKEND_WEBHOOK_BASE_URL
               value: "{{ .Values.webhook.baseURL }}"
             - name: BUCKETEER_BACKEND_WEBHOOK_KMS_RESOURCE_NAME
               value: "{{ .Values.webhook.kmsResourceName }}"
           volumeMounts:
-            - name: issuer-cert-secret
-              mountPath: /usr/local/certs/issuer
-              readOnly: true
             - name: service-cert-secret
               mountPath: /usr/local/certs/service
               readOnly: true

manifests/bucketeer/charts/backend/values.dev.yaml

@@ -43,17 +43,11 @@ tls:
 serviceToken:
   secret: bucketeer-service-token
 oauth:
-  key:
-    secret: bucketeer-oauth-key
-    public:
-  clientId: bucketeer
-  clientSecret: oauth-client-secret
-  redirectUrls: https://google.com
-  issuer: https://accounts.google.com
-  # oauth: google authentication
+  issuer:
+  audience: bucketeer
   google:
-    issuer: https://accounts.google.com
-    clientId: bucketeer
+    issuer:
+    clientId:
     clientSecret:
     redirectUrls:
 

manifests/bucketeer/charts/backend/values.yaml

@@ -85,14 +85,8 @@ serviceToken:
   secret:
 
 oauth:
-  key:
-    secret:
-    public:
-  clientId:
-  clientSecret:
-  redirectUrls:
   issuer:
-  # oauth: google authentication
+  audience: bucketeer
   google:
     issuer:
     clientId: