feat: add --oidc-issuer-url-override flag

Signed-off-by: kahirokunn <[email protected]>
int128 · Apr 4, 2024 · b28db26 · b28db26
1 parent c088abb
commit b28db26
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 10 deletions.
diff --git a/pkg/cmd/get_token.go b/pkg/cmd/get_token.go
@@ -14,6 +14,7 @@ import (
 // getTokenOptions represents the options for get-token command.
 type getTokenOptions struct {
 	IssuerURL             string
+	IssuerURLOverride     string
 	ClientID              string
 	ClientSecret          string
 	ExtraScopes           []string
@@ -26,6 +27,7 @@ type getTokenOptions struct {
 
 func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.IssuerURL, "oidc-issuer-url", "", "Issuer URL of the provider (mandatory)")
+	f.StringVar(&o.IssuerURLOverride, "oidc-issuer-url-override", "", "Override Issuer URL")
 	f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider (mandatory)")
 	f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
 	f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
@@ -75,11 +77,12 @@ func (cmd *GetToken) New() *cobra.Command {
 			}
 			in := credentialplugin.Input{
 				Provider: oidc.Provider{
-					IssuerURL:    o.IssuerURL,
-					ClientID:     o.ClientID,
-					ClientSecret: o.ClientSecret,
-					UsePKCE:      o.UsePKCE,
-					ExtraScopes:  o.ExtraScopes,
+					IssuerURL:         o.IssuerURL,
+					IssuerURLOverride: o.IssuerURLOverride,
+					ClientID:          o.ClientID,
+					ClientSecret:      o.ClientSecret,
+					UsePKCE:           o.UsePKCE,
+					ExtraScopes:       o.ExtraScopes,
 				},
 				TokenCacheDir:   o.TokenCacheDir,
 				GrantOptionSet:  grantOptionSet,

diff --git a/pkg/oidc/client/factory.go b/pkg/oidc/client/factory.go
@@ -52,6 +52,11 @@ func (f *Factory) New(ctx context.Context, p oidc.Provider, tlsClientConfig tlsc
 	}
 
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
+
+	if p.IssuerURLOverride != "" {
+		ctx = gooidc.InsecureIssuerURLContext(ctx, p.IssuerURLOverride)
+	}
+
 	provider, err := gooidc.NewProvider(ctx, p.IssuerURL)
 	if err != nil {
 		return nil, fmt.Errorf("oidc discovery error: %w", err)

diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go
@@ -11,11 +11,12 @@ import (
 
 // Provider represents an OIDC provider.
 type Provider struct {
-	IssuerURL    string
-	ClientID     string
-	ClientSecret string   // optional
-	ExtraScopes  []string // optional
-	UsePKCE      bool     // optional
+	IssuerURL         string
+	IssuerURLOverride string   // optional
+	ClientID          string
+	ClientSecret      string   // optional
+	ExtraScopes       []string // optional
+	UsePKCE           bool     // optional
 }
 
 // TokenSet represents a set of ID token and refresh token.