make authenticators optional

this allows to specify which authenticator is in use. It could be either LDAP, OIDC or both.
manu-ns · Jan 6, 2022 · 33287e7 · 33287e7
1 parent 1d0a6ce
commit 33287e7
Showing 1 changed file with 33 additions and 28 deletions.
diff --git a/cmd/haproxy-spoe-auth/main.go b/cmd/haproxy-spoe-auth/main.go
@@ -41,34 +41,39 @@ func main() {
 
 	logrus.SetLevel(LogLevelFromLogString(viper.GetString("server.log_level")))
 
-	ldapAuthentifier := auth.NewLDAPAuthenticator(auth.LDAPConnectionDetails{
-		Hostname:   viper.GetString("ldap.hostname"),
-		Port:       viper.GetInt("ldap.port"),
-		UserDN:     viper.GetString("ldap.user_dn"),
-		Password:   viper.GetString("ldap.password"),
-		BaseDN:     viper.GetString("ldap.base_dn"),
-		UserFilter: viper.GetString("ldap.user_filter"),
-	})
+	authenticators := map[string]auth.Authenticator{}
 
-	oidcAuthenticator := auth.NewOIDCAuthenticator(auth.OIDCAuthenticatorOptions{
-		OAuth2AuthenticatorOptions: auth.OAuth2AuthenticatorOptions{
-			ClientID:        viper.GetString("oidc.client_id"),
-			ClientSecret:    viper.GetString("oidc.client_secret"),
-			RedirectURL:     viper.GetString("oidc.redirect_url"),
-			CallbackAddr:    viper.GetString("oidc.callback_addr"),
-			CookieName:      viper.GetString("oidc.cookie_name"),
-			CookieDomain:    viper.GetString("oidc.cookie_domain"),
-			CookieSecure:    viper.GetBool("oidc.cookie_secure"),
-			CookieTTL:       viper.GetDuration("oidc.cookie_ttl_seconds") * time.Second,
-			SignatureSecret: viper.GetString("oidc.signature_secret"),
-			Scopes:          viper.GetStringSlice("oidc.scopes"),
-		},
-		ProviderURL:      viper.GetString("oidc.provider_url"),
-		EncryptionSecret: viper.GetString("oidc.encryption_secret"),
-	})
+	if viper.IsSet("ldap") {
+		ldapAuthentifier := auth.NewLDAPAuthenticator(auth.LDAPConnectionDetails{
+			Hostname:   viper.GetString("ldap.hostname"),
+			Port:       viper.GetInt("ldap.port"),
+			UserDN:     viper.GetString("ldap.user_dn"),
+			Password:   viper.GetString("ldap.password"),
+			BaseDN:     viper.GetString("ldap.base_dn"),
+			UserFilter: viper.GetString("ldap.user_filter"),
+		})
+		authenticators["try-auth-ldap"] = ldapAuthentifier
+	}
+
+	if viper.IsSet("oidc") {
+		oidcAuthenticator := auth.NewOIDCAuthenticator(auth.OIDCAuthenticatorOptions{
+			OAuth2AuthenticatorOptions: auth.OAuth2AuthenticatorOptions{
+				ClientID:        viper.GetString("oidc.client_id"),
+				ClientSecret:    viper.GetString("oidc.client_secret"),
+				RedirectURL:     viper.GetString("oidc.redirect_url"),
+				CallbackAddr:    viper.GetString("oidc.callback_addr"),
+				CookieName:      viper.GetString("oidc.cookie_name"),
+				CookieDomain:    viper.GetString("oidc.cookie_domain"),
+				CookieSecure:    viper.GetBool("oidc.cookie_secure"),
+				CookieTTL:       viper.GetDuration("oidc.cookie_ttl_seconds") * time.Second,
+				SignatureSecret: viper.GetString("oidc.signature_secret"),
+				Scopes:          viper.GetStringSlice("oidc.scopes"),
+			},
+			ProviderURL:      viper.GetString("oidc.provider_url"),
+			EncryptionSecret: viper.GetString("oidc.encryption_secret"),
+		})
+		authenticators["try-auth-oidc"] = oidcAuthenticator
+	}
 
-	agent.StartAgent(viper.GetString("server.addr"), map[string]auth.Authenticator{
-		"try-auth-ldap": ldapAuthentifier,
-		"try-auth-oidc": oidcAuthenticator,
-	})
+	agent.StartAgent(viper.GetString("server.addr"), authenticators)
 }