remove deprecated jwks endpoint (#459)

stackitcloud · Aug 26, 2024 · 6281701 · 6281701
1 parent a10c4a5
commit 6281701
Show file tree

Hide file tree

Showing 8 changed files with 5 additions and 57 deletions.
diff --git a/docs/stackit_config_set.md b/docs/stackit_config_set.md
@@ -36,7 +36,6 @@ stackit config set [flags]
       --iaas-custom-endpoint string                 IaaS API base URL, used in calls to this API
       --identity-provider-custom-client-id string   Identity Provider client ID, used for user authentication
       --identity-provider-custom-endpoint string    Identity Provider base URL, used for user authentication
-      --jwks-custom-endpoint string                 Custom endpoint for the jwks API, which is used to get the json web key sets (jwks) to validate tokens when the service-account authentication is activated
       --load-balancer-custom-endpoint string        Load Balancer API base URL, used in calls to this API
       --logme-custom-endpoint string                LogMe API base URL, used in calls to this API
       --mariadb-custom-endpoint string              MariaDB API base URL, used in calls to this API

diff --git a/docs/stackit_config_unset.md b/docs/stackit_config_unset.md
@@ -34,7 +34,6 @@ stackit config unset [flags]
       --iaas-custom-endpoint                 IaaS API base URL. If unset, uses the default base URL
       --identity-provider-custom-client-id   Identity Provider client ID, used for user authentication
       --identity-provider-custom-endpoint    Identity Provider base URL. If unset, uses the default base URL
-      --jwks-custom-endpoint                 Custom endpoint for the jwks API, which is used to get the json web key sets (jwks) to validate tokens when the service-account authentication is activated
       --load-balancer-custom-endpoint        Load Balancer API base URL. If unset, uses the default base URL
       --logme-custom-endpoint                LogMe API base URL. If unset, uses the default base URL
       --mariadb-custom-endpoint              MariaDB API base URL. If unset, uses the default base URL

diff --git a/internal/cmd/auth/activate-service-account/activate_service_account.go b/internal/cmd/auth/activate-service-account/activate_service_account.go
@@ -54,7 +54,7 @@ func NewCmd(p *print.Printer) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			model := parseInput(p, cmd)
 
-			tokenCustomEndpoint, jwksCustomEndpoint, err := storeFlags()
+			tokenCustomEndpoint, err := storeFlags()
 			if err != nil {
 				return err
 			}
@@ -64,7 +64,6 @@ func NewCmd(p *print.Printer) *cobra.Command {
 				ServiceAccountKeyPath: model.ServiceAccountKeyPath,
 				PrivateKeyPath:        model.PrivateKeyPath,
 				TokenCustomUrl:        tokenCustomEndpoint,
-				JWKSCustomUrl:         jwksCustomEndpoint,
 			}
 
 			// Setup authentication based on the provided credentials and the environment
@@ -119,17 +118,12 @@ func parseInput(p *print.Printer, cmd *cobra.Command) *inputModel {
 	return &model
 }
 
-func storeFlags() (tokenCustomEndpoint, jwksCustomEndpoint string, err error) {
+func storeFlags() (tokenCustomEndpoint string, err error) {
 	tokenCustomEndpoint = viper.GetString(config.TokenCustomEndpointKey)
-	jwksCustomEndpoint = viper.GetString(config.JwksCustomEndpointKey)
 
 	err = auth.SetAuthField(auth.TOKEN_CUSTOM_ENDPOINT, tokenCustomEndpoint)
 	if err != nil {
-		return "", "", fmt.Errorf("set %s: %w", auth.TOKEN_CUSTOM_ENDPOINT, err)
+		return "", fmt.Errorf("set %s: %w", auth.TOKEN_CUSTOM_ENDPOINT, err)
 	}
-	err = auth.SetAuthField(auth.JWKS_CUSTOM_ENDPOINT, jwksCustomEndpoint)
-	if err != nil {
-		return "", "", fmt.Errorf("set %s: %w", auth.JWKS_CUSTOM_ENDPOINT, err)
-	}
-	return tokenCustomEndpoint, jwksCustomEndpoint, nil
+	return tokenCustomEndpoint, nil
 }
diff --git a/internal/cmd/auth/activate-service-account/activate_service_account_test.go b/internal/cmd/auth/activate-service-account/activate_service_account_test.go
@@ -14,7 +14,6 @@ import (
 )
 
 var testTokenCustomEndpoint = "token_url"
-var testJwksCustomEndpoint = "jwks_url"
 
 func fixtureFlagValues(mods ...func(flagValues map[string]string)) map[string]string {
 	flagValues := map[string]string{
@@ -45,23 +44,20 @@ func TestParseInput(t *testing.T) {
 		description         string
 		flagValues          map[string]string
 		tokenCustomEndpoint string
-		jwksCustomEndpoint  string
 		isValid             bool
 		expectedModel       *inputModel
 	}{
 		{
 			description:         "base",
 			flagValues:          fixtureFlagValues(),
 			tokenCustomEndpoint: testTokenCustomEndpoint,
-			jwksCustomEndpoint:  testJwksCustomEndpoint,
 			isValid:             true,
 			expectedModel:       fixtureInputModel(),
 		},
 		{
 			description:         "no values",
 			flagValues:          map[string]string{},
 			tokenCustomEndpoint: "",
-			jwksCustomEndpoint:  "",
 			isValid:             true,
 			expectedModel: &inputModel{
 				ServiceAccountToken:   "",
@@ -77,7 +73,6 @@ func TestParseInput(t *testing.T) {
 				privateKeyPathFlag:        "",
 			},
 			tokenCustomEndpoint: "",
-			jwksCustomEndpoint:  "",
 			isValid:             true,
 			expectedModel: &inputModel{
 				ServiceAccountToken:   "",
@@ -131,14 +126,12 @@ func TestStoreFlags(t *testing.T) {
 		description         string
 		model               *inputModel
 		tokenCustomEndpoint string
-		jwksCustomEndpoint  string
 		isValid             bool
 	}{
 		{
 			description:         "base",
 			model:               fixtureInputModel(),
 			tokenCustomEndpoint: testTokenCustomEndpoint,
-			jwksCustomEndpoint:  testJwksCustomEndpoint,
 			isValid:             true,
 		},
 		{
@@ -149,7 +142,6 @@ func TestStoreFlags(t *testing.T) {
 				PrivateKeyPath:        "",
 			},
 			tokenCustomEndpoint: "",
-			jwksCustomEndpoint:  "",
 			isValid:             true,
 		},
 	}
@@ -161,9 +153,8 @@ func TestStoreFlags(t *testing.T) {
 
 			viper.Reset()
 			viper.Set(config.TokenCustomEndpointKey, tt.tokenCustomEndpoint)
-			viper.Set(config.JwksCustomEndpointKey, tt.jwksCustomEndpoint)
 
-			tokenCustomEndpoint, jwksCustomEndpoint, err := storeFlags()
+			tokenCustomEndpoint, err := storeFlags()
 			if !tt.isValid {
 				if err == nil {
 					t.Fatalf("did not fail on invalid input")
@@ -181,14 +172,6 @@ func TestStoreFlags(t *testing.T) {
 			if value != tokenCustomEndpoint {
 				t.Errorf("Value of \"%s\" does not match: expected \"%s\", got \"%s\"", auth.TOKEN_CUSTOM_ENDPOINT, tokenCustomEndpoint, value)
 			}
-
-			value, err = auth.GetAuthField(auth.JWKS_CUSTOM_ENDPOINT)
-			if err != nil {
-				t.Errorf("Failed to get value of auth field: %v", err)
-			}
-			if value != jwksCustomEndpoint {
-				t.Errorf("Value of \"%s\" does not match: expected \"%s\", got \"%s\"", auth.JWKS_CUSTOM_ENDPOINT, jwksCustomEndpoint, value)
-			}
 		})
 	}
 }
diff --git a/internal/cmd/config/set/set.go b/internal/cmd/config/set/set.go
@@ -44,7 +44,6 @@ const (
 	sqlServerFlexCustomEndpointFlag     = "sqlserverflex-custom-endpoint"
 	iaasCustomEndpointFlag              = "iaas-custom-endpoint"
 	tokenCustomEndpointFlag             = "token-custom-endpoint"
-	jwksCustomEndpointFlag              = "jwks-custom-endpoint"
 )
 
 type inputModel struct {
@@ -157,7 +156,6 @@ func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().String(sqlServerFlexCustomEndpointFlag, "", "SQLServer Flex API base URL, used in calls to this API")
 	cmd.Flags().String(iaasCustomEndpointFlag, "", "IaaS API base URL, used in calls to this API")
 	cmd.Flags().String(tokenCustomEndpointFlag, "", "Custom endpoint for the token API, which is used to request access tokens when the service-account authentication is activated")
-	cmd.Flags().String(jwksCustomEndpointFlag, "", "Custom endpoint for the jwks API, which is used to get the json web key sets (jwks) to validate tokens when the service-account authentication is activated")
 
 	err := viper.BindPFlag(config.SessionTimeLimitKey, cmd.Flags().Lookup(sessionTimeLimitFlag))
 	cobra.CheckErr(err)
@@ -212,8 +210,6 @@ func configureFlags(cmd *cobra.Command) {
 	cobra.CheckErr(err)
 	err = viper.BindPFlag(config.TokenCustomEndpointKey, cmd.Flags().Lookup(tokenCustomEndpointFlag))
 	cobra.CheckErr(err)
-	err = viper.BindPFlag(config.JwksCustomEndpointKey, cmd.Flags().Lookup(jwksCustomEndpointFlag))
-	cobra.CheckErr(err)
 }
 
 func parseInput(p *print.Printer, cmd *cobra.Command) (*inputModel, error) {

diff --git a/internal/cmd/config/unset/unset.go b/internal/cmd/config/unset/unset.go
@@ -47,7 +47,6 @@ const (
 	sqlServerFlexCustomEndpointFlag     = "sqlserverflex-custom-endpoint"
 	iaasCustomEndpointFlag              = "iaas-custom-endpoint"
 	tokenCustomEndpointFlag             = "token-custom-endpoint"
-	jwksCustomEndpointFlag              = "jwks-custom-endpoint"
 )
 
 type inputModel struct {
@@ -83,7 +82,6 @@ type inputModel struct {
 	SQLServerFlexCustomEndpoint     bool
 	IaaSCustomEndpoint              bool
 	TokenCustomEndpoint             bool
-	JwksCustomEndpoint              bool
 }
 
 func NewCmd(p *print.Printer) *cobra.Command {
@@ -198,9 +196,6 @@ func NewCmd(p *print.Printer) *cobra.Command {
 			if model.TokenCustomEndpoint {
 				viper.Set(config.TokenCustomEndpointKey, "")
 			}
-			if model.JwksCustomEndpoint {
-				viper.Set(config.JwksCustomEndpointKey, "")
-			}
 
 			err := config.Write()
 			if err != nil {
@@ -246,7 +241,6 @@ func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().Bool(sqlServerFlexCustomEndpointFlag, false, "SQLServer Flex API base URL. If unset, uses the default base URL")
 	cmd.Flags().Bool(iaasCustomEndpointFlag, false, "IaaS API base URL. If unset, uses the default base URL")
 	cmd.Flags().Bool(tokenCustomEndpointFlag, false, "Custom endpoint for the token API, which is used to request access tokens when the service-account authentication is activated")
-	cmd.Flags().Bool(jwksCustomEndpointFlag, false, "Custom endpoint for the jwks API, which is used to get the json web key sets (jwks) to validate tokens when the service-account authentication is activated")
 }
 
 func parseInput(p *print.Printer, cmd *cobra.Command) *inputModel {
@@ -283,7 +277,6 @@ func parseInput(p *print.Printer, cmd *cobra.Command) *inputModel {
 		SQLServerFlexCustomEndpoint:     flags.FlagToBoolValue(p, cmd, sqlServerFlexCustomEndpointFlag),
 		IaaSCustomEndpoint:              flags.FlagToBoolValue(p, cmd, iaasCustomEndpointFlag),
 		TokenCustomEndpoint:             flags.FlagToBoolValue(p, cmd, tokenCustomEndpointFlag),
-		JwksCustomEndpoint:              flags.FlagToBoolValue(p, cmd, jwksCustomEndpointFlag),
 	}
 
 	if p.IsVerbosityDebug() {

diff --git a/internal/cmd/config/unset/unset_test.go b/internal/cmd/config/unset/unset_test.go
@@ -40,7 +40,6 @@ func fixtureFlagValues(mods ...func(flagValues map[string]bool)) map[string]bool
 		sqlServerFlexCustomEndpointFlag:   true,
 		iaasCustomEndpointFlag:            true,
 		tokenCustomEndpointFlag:           true,
-		jwksCustomEndpointFlag:            true,
 	}
 	for _, mod := range mods {
 		mod(flagValues)
@@ -79,7 +78,6 @@ func fixtureInputModel(mods ...func(model *inputModel)) *inputModel {
 		SQLServerFlexCustomEndpoint:   true,
 		IaaSCustomEndpoint:            true,
 		TokenCustomEndpoint:           true,
-		JwksCustomEndpoint:            true,
 	}
 	for _, mod := range mods {
 		mod(model)
@@ -134,7 +132,6 @@ func TestParseInput(t *testing.T) {
 				model.SQLServerFlexCustomEndpoint = false
 				model.IaaSCustomEndpoint = false
 				model.TokenCustomEndpoint = false
-				model.JwksCustomEndpoint = false
 			}),
 		},
 		{
@@ -277,16 +274,6 @@ func TestParseInput(t *testing.T) {
 				model.TokenCustomEndpoint = false
 			}),
 		},
-		{
-			description: "jwks custom endpoint empty",
-			flagValues: fixtureFlagValues(func(flagValues map[string]bool) {
-				flagValues[jwksCustomEndpointFlag] = false
-			}),
-			isValid: true,
-			expectedModel: fixtureInputModel(func(model *inputModel) {
-				model.JwksCustomEndpoint = false
-			}),
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {

diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go
@@ -43,7 +43,6 @@ const (
 	SQLServerFlexCustomEndpointKey     = "sqlserverflex_custom_endpoint"
 	IaaSCustomEndpointKey              = "iaas_custom_endpoint"
 	TokenCustomEndpointKey             = "token_custom_endpoint"
-	JwksCustomEndpointKey              = "jwks_custom_endpoint"
 
 	ProjectNameKey     = "project_name"
 	DefaultProfileName = "default"
@@ -99,7 +98,6 @@ var ConfigKeys = []string{
 	SQLServerFlexCustomEndpointKey,
 	IaaSCustomEndpointKey,
 	TokenCustomEndpointKey,
-	JwksCustomEndpointKey,
 }
 
 var defaultConfigFolderPath string
@@ -177,7 +175,6 @@ func setConfigDefaults() {
 	viper.SetDefault(SQLServerFlexCustomEndpointKey, "")
 	viper.SetDefault(IaaSCustomEndpointKey, "")
 	viper.SetDefault(TokenCustomEndpointKey, "")
-	viper.SetDefault(JwksCustomEndpointKey, "")
 }
 
 func getConfigFilePath(configFolder string) string {