rollback isserToChallengeC

Signed-off-by: Javan lacerda <javanlacerda@google.com>
javanlacerda · Jun 11, 2024 · 64c8219 · 64c8219
1 parent fab4d44
commit 64c8219
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 29 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -204,7 +204,7 @@ func (fc *FulcioConfig) ToIssuers() []*fulciogrpc.OIDCIssuer {
 			Issuer:            &fulciogrpc.OIDCIssuer_IssuerUrl{IssuerUrl: cfgIss.IssuerURL},
 			Audience:          cfgIss.ClientID,
 			SpiffeTrustDomain: cfgIss.SPIFFETrustDomain,
-			ChallengeClaim:    issuerToChallengeClaim(cfgIss, cfgIss.ChallengeClaim),
+			ChallengeClaim:    issuerToChallengeClaim(cfgIss.Type, cfgIss.ChallengeClaim),
 		}
 		issuers = append(issuers, issuer)
 	}
@@ -214,7 +214,7 @@ func (fc *FulcioConfig) ToIssuers() []*fulciogrpc.OIDCIssuer {
 			Issuer:            &fulciogrpc.OIDCIssuer_WildcardIssuerUrl{WildcardIssuerUrl: metaIss},
 			Audience:          cfgIss.ClientID,
 			SpiffeTrustDomain: cfgIss.SPIFFETrustDomain,
-			ChallengeClaim:    issuerToChallengeClaim(cfgIss, cfgIss.ChallengeClaim),
+			ChallengeClaim:    issuerToChallengeClaim(cfgIss.Type, cfgIss.ChallengeClaim),
 		}
 		issuers = append(issuers, issuer)
 	}
@@ -371,7 +371,7 @@ func validateConfig(conf *FulcioConfig) error {
 			}
 		}
 
-		if issuerToChallengeClaim(issuer, issuer.ChallengeClaim) == "" {
+		if issuerToChallengeClaim(issuer.Type, issuer.ChallengeClaim) == "" {
 			return errors.New("issuer missing challenge claim")
 		}
 	}
@@ -383,7 +383,7 @@ func validateConfig(conf *FulcioConfig) error {
 			return errors.New("SPIFFE meta issuers not supported")
 		}
 
-		if issuerToChallengeClaim(metaIssuer, metaIssuer.ChallengeClaim) == "" {
+		if issuerToChallengeClaim(metaIssuer.Type, metaIssuer.ChallengeClaim) == "" {
 			return errors.New("issuer missing challenge claim")
 		}
 	}
@@ -500,12 +500,12 @@ func validateAllowedDomain(subjectHostname, issuerHostname string) error {
 	return fmt.Errorf("hostname top-level and second-level domains do not match: %s, %s", subjectHostname, issuerHostname)
 }
 
-func issuerToChallengeClaim(iss OIDCIssuer, challengeClaim string) string {
+func issuerToChallengeClaim(issType IssuerType, challengeClaim string) string {
 	if challengeClaim != "" {
 		return challengeClaim
 	}
 
-	switch iss.Type {
+	switch issType {
 	case IssuerTypeBuildkiteJob:
 		return "sub"
 	case IssuerTypeGitLabPipeline:

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -474,51 +474,39 @@ func Test_validateAllowedDomain(t *testing.T) {
 }
 
 func Test_issuerToChallengeClaim(t *testing.T) {
-	issuer := OIDCIssuer{}
-	issuer.Type = IssuerTypeEmail
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "email" {
+	if claim := issuerToChallengeClaim(IssuerTypeEmail, ""); claim != "email" {
 		t.Fatalf("expected email subject claim for email issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeSpiffe
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeSpiffe, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for SPIFFE issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeUsername
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeUsername, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for username issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeURI
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeURI, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for URI issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeBuildkiteJob
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeBuildkiteJob, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for Buildkite issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeGithubWorkflow
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeGithubWorkflow, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for GitHub issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeGitLabPipeline
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeGitLabPipeline, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for GitLab issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeCodefreshWorkflow
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeCodefreshWorkflow, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for Codefresh issuer, got %s", claim)
 	}
-	issuer.Type = IssuerTypeKubernetes
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "sub" {
+	if claim := issuerToChallengeClaim(IssuerTypeKubernetes, ""); claim != "sub" {
 		t.Fatalf("expected sub subject claim for K8S issuer, got %s", claim)
 	}
-	issuer.Type = "invalid"
 	// unexpected issuer has empty claim and no claim was provided
-	if claim := issuerToChallengeClaim(issuer, ""); claim != "" {
+	if claim := issuerToChallengeClaim("invalid", ""); claim != "" {
 		t.Fatalf("expected no claim for invalid issuer, got %s", claim)
 	}
 	// custom issuer provides a claim
-	issuer.Type = "custom"
-	if claim := issuerToChallengeClaim(issuer, "email"); claim != "email" {
+	if claim := issuerToChallengeClaim("custom", "email"); claim != "email" {
 		t.Fatalf("expected email subject claim for custom issuer, got %s", claim)
 	}
 }