Last active
August 12, 2020 09:32
-
-
Save sks/2928ef8cc9488ebe7858e45139d0a0df to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The base path of dex and the external name of the OpenID Connect service. | |
| # This is the canonical URL that all clients MUST use to refer to dex. If a | |
| # path is provided, dex's HTTP service will listen at a non-root URL. | |
| issuer: http://127.0.0.1:5556/dex | |
| # The storage configuration determines where dex stores its state. Supported | |
| # options include SQL flavors and Kubernetes third party resources. | |
| # | |
| # See the storage document at Documentation/storage.md for further information. | |
| storage: | |
| type: sqlite3 | |
| config: | |
| file: examples/dex.db | |
| # type: mysql | |
| # config: | |
| # host: localhost | |
| # port: 3306 | |
| # database: dex | |
| # user: mysql | |
| # password: mysql | |
| # ssl: | |
| # mode: "false" | |
| # type: postgres | |
| # config: | |
| # host: localhost | |
| # port: 5432 | |
| # database: dex | |
| # user: postgres | |
| # password: postgres | |
| # ssl: | |
| # mode: disable | |
| # type: etcd | |
| # config: | |
| # endpoints: | |
| # - http://localhost:2379 | |
| # namespace: dex/ | |
| # type: kubernetes | |
| # config: | |
| # kubeConfigFile: $HOME/.kube/config | |
| # Configuration for the HTTP endpoints. | |
| web: | |
| http: 0.0.0.0:5556 | |
| # Uncomment for HTTPS options. | |
| # https: 127.0.0.1:5554 | |
| # tlsCert: /etc/dex/tls.crt | |
| # tlsKey: /etc/dex/tls.key | |
| # Configuration for telemetry | |
| telemetry: | |
| http: 0.0.0.0:5558 | |
| # Uncomment this block to enable the gRPC API. This values MUST be different | |
| # from the HTTP endpoints. | |
| grpc: | |
| addr: 127.0.0.1:5557 | |
| # tlsCert: examples/grpc-client/server.crt | |
| # tlsKey: examples/grpc-client/server.key | |
| # tlsClientCA: /etc/dex/client.crt | |
| # Uncomment this block to enable configuration for the expiration time durations. | |
| # expiry: | |
| # signingKeys: "6h" | |
| # idTokens: "24h" | |
| # Options for controlling the logger. | |
| logger: | |
| level: "debug" | |
| format: "json" | |
| # Default values shown below | |
| # oauth2: | |
| # use ["code", "token", "id_token"] to enable implicit flow for web-only clients | |
| # responseTypes: [ "code" ] # also allowed are "token" and "id_token" | |
| # By default, Dex will ask for approval to share data with application | |
| # (approval for sharing data from connected IdP to Dex is separate process on IdP) | |
| # skipApprovalScreen: false | |
| # If only one authentication method is enabled, the default behavior is to | |
| # go directly to it. For connected IdPs, this redirects the browser away | |
| # from application to upstream provider such as the Google login page | |
| # alwaysShowLoginScreen: false | |
| # Uncommend the passwordConnector to use a specific connector for password grants | |
| # passwordConnector: local | |
| # Instead of reading from an external storage, use this list of clients. | |
| # | |
| # If this option isn't chosen clients may be added through the gRPC API. | |
| staticClients: | |
| - id: example-app | |
| redirectURIs: | |
| - 'http://127.0.0.1:5555/callback' | |
| name: 'Example App' | |
| secret: ZXhhbXBsZS1hcHAtc2VjcmV0 | |
| connectors: | |
| - type: mockCallback | |
| id: mock | |
| name: Example | |
| # - type: google | |
| # id: google | |
| # name: Google | |
| # config: | |
| # issuer: https://accounts.google.com | |
| # # Connector config values starting with a "$" will read from the environment. | |
| # clientID: $GOOGLE_CLIENT_ID | |
| # clientSecret: $GOOGLE_CLIENT_SECRET | |
| # redirectURI: http://127.0.0.1:5556/dex/callback | |
| # hostedDomains: | |
| # - $GOOGLE_HOSTED_DOMAIN | |
| # Let dex keep a list of passwords which can be used to login to dex. | |
| enablePasswordDB: true | |
| # A static list of passwords to login the end user. By identifying here, dex | |
| # won't look in its underlying storage for passwords. | |
| # | |
| # If this option isn't chosen users may be added through the gRPC API. | |
| staticPasswords: | |
| - email: "admin@example.com" | |
| # bcrypt hash of the string "password" | |
| hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" | |
| username: "admin" | |
| userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "errors" | |
| "flag" | |
| "fmt" | |
| "log" | |
| "os" | |
| "reflect" | |
| "time" | |
| "google.golang.org/grpc" | |
| "github.com/dexidp/dex/api/v2" | |
| ) | |
| var logger = log.New(os.Stdout, "", log.LstdFlags) | |
| var connectorID = fmt.Sprintf("connector_%d", time.Now().Unix()) | |
| var existingConnectors = 2 | |
| func newDexClient(hostAndPort string) (api.DexClient, error) { | |
| conn, err := grpc.Dial(hostAndPort, grpc.WithInsecure()) | |
| if err != nil { | |
| return nil, fmt.Errorf("dial: %v", err) | |
| } | |
| return api.NewDexClient(conn), nil | |
| } | |
| func testConnectorAPI(client api.DexClient) error { | |
| ctx := context.Background() | |
| // Creating an invalid connector | |
| logger.Println("Creating a invalid connector with no parameters") | |
| _, err := client.CreateConnector(ctx, &api.Connector{}) | |
| if err == nil { | |
| return err | |
| } | |
| if err.Error() != `rpc error: code = Unknown desc = Connector ID, Type, and Name are mandatory fields` { | |
| return err | |
| } | |
| // Create a invalid connector with invalid type | |
| logger.Println("Creating a invalid connector with invalid type") | |
| _, err = client.CreateConnector(ctx, &api.Connector{ | |
| Type: "invalid_type", | |
| Name: "one_awesome_connector", | |
| Id: "some_id", | |
| }) | |
| if err == nil { | |
| return err | |
| } | |
| if err.Error() != `rpc error: code = Unknown desc = unknown connector type "invalid_type"` { | |
| return err | |
| } | |
| // Create a valid connector with github | |
| logger.Println("Creating a connector of type github") | |
| c, err := client.CreateConnector(ctx, &api.Connector{ | |
| Type: "github", | |
| Name: "one_awesome_connector", | |
| Id: connectorID, | |
| Config: []byte(`{}`), | |
| }) | |
| if err != nil { | |
| return err | |
| } | |
| ok := reflect.DeepEqual(*c, api.Connector{ | |
| Type: "github", | |
| Name: "one_awesome_connector", | |
| Id: connectorID, | |
| Config: []byte(`{}`), | |
| }) | |
| if !ok { | |
| return errors.New("the value was not persisted properly") | |
| } | |
| // Listing the connector means we get 1 connector back | |
| logger.Println("Listing the connectors") | |
| connectors, err := client.ListConnector(ctx, &api.ListConnectorReq{}) | |
| if err != nil { | |
| return err | |
| } | |
| logger.Printf("Got %d connectors", len(connectors.Connectors)) | |
| if len(connectors.Connectors) != existingConnectors+1 { | |
| return fmt.Errorf("Expected 1 connector, got %d", len(connectors.Connectors)) | |
| } | |
| ok = reflect.DeepEqual(*connectors.Connectors[0], api.Connector{ | |
| Type: "github", | |
| Name: "one_awesome_connector", | |
| Id: connectorID, | |
| Config: []byte(`{}`), | |
| }) | |
| logger.Println("Validated the values of the connector") | |
| if !ok { | |
| return fmt.Errorf("Value of the connector was not persisted 1 connector, got %d", len(connectors.Connectors)) | |
| } | |
| logger.Println("Updating the connector") | |
| _, err = client.UpdateConnector(ctx, &api.Connector{ | |
| Id: "invalid_id", | |
| }) | |
| if err == nil { | |
| return err | |
| } | |
| if err.Error() != `rpc error: code = Unknown desc = not found` { | |
| return err | |
| } | |
| _, err = client.UpdateConnector(ctx, &api.Connector{ | |
| Id: connectorID, | |
| Config: []byte(`updated_config`), | |
| Name: "updated_name", | |
| Type: "invalid_type", | |
| }) | |
| if err == nil { | |
| return err | |
| } | |
| if err.Error() != `rpc error: code = Unknown desc = unknown connector type "invalid_type"` { | |
| return err | |
| } | |
| _, err = client.UpdateConnector(ctx, &api.Connector{ | |
| Id: connectorID, | |
| Config: []byte(`{}`), | |
| Name: "updated_name", | |
| Type: "github", | |
| }) | |
| if err != nil { | |
| return err | |
| } | |
| logger.Println("Deleting the connector") | |
| _, err = client.DeleteConnector(ctx, &api.DeleteConnectorReq{ | |
| Id: "invalid_id", | |
| }) | |
| if err == nil || err.Error() != `rpc error: code = Unknown desc = not found` { | |
| return err | |
| } | |
| // delete the original | |
| _, err = client.DeleteConnector(ctx, &api.DeleteConnectorReq{ | |
| Id: connectorID, | |
| }) | |
| connectors, err = client.ListConnector(ctx, &api.ListConnectorReq{}) | |
| if err != nil { | |
| return err | |
| } | |
| if len(connectors.Connectors) != existingConnectors { | |
| return fmt.Errorf("There should be %d connectors , got %d", existingConnectors, len(connectors.Connectors)) | |
| } | |
| return nil | |
| } | |
| func main() { | |
| flag.Parse() | |
| // if *clientCrt == "" || *caCrt == "" || *clientKey == "" { | |
| // log.Fatal("Please provide CA & client certificates and client key. Usage: ./client --ca-crt=<path ca.crt> --client-crt=<path client.crt> --client-key=<path client key>") | |
| // } | |
| client, err := newDexClient("127.0.0.1:5557") | |
| if err != nil { | |
| log.Fatalf("failed creating dex client: %v ", err) | |
| } | |
| err = testConnectorAPI(client) | |
| if err != nil { | |
| log.Fatalf("failed testing the connector: %v ", err) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is for dexidp/dex#1489