diff --git a/examples/accounts/create_azure_oidc.go b/examples/accounts/create_azure_oidc.go index 0efe7be6..507a8a88 100644 --- a/examples/accounts/create_azure_oidc.go +++ b/examples/accounts/create_azure_oidc.go @@ -28,6 +28,12 @@ func CreateAzureOIDCExample() { // Other claims audience string = "" + // Optional custom claims + customClaims = map[string]string{ + "claim1": "value1", + "claim2": "value2", + } + // account values accountName string = "Azure Account" accountDescription string = "My Azure Account" @@ -59,6 +65,7 @@ func CreateAzureOIDCExample() { azureAccount.HealthCheckSubjectKeys = healthCheckSubjectKeys azureAccount.AccountTestSubjectKeys = accountTestSubjectKeys azureAccount.Audience = audience + azureAccount.CustomClaims = customClaims // fill in account details azureAccount.Description = accountDescription diff --git a/pkg/accounts/account_resource.go b/pkg/accounts/account_resource.go index 520aefa2..70dc8efc 100644 --- a/pkg/accounts/account_resource.go +++ b/pkg/accounts/account_resource.go @@ -44,6 +44,7 @@ type AccountResource struct { AccountTestSubjectKeys []string `json:"AccountTestSubjectKeys,omitempty"` RoleArn string `json:"RoleArn,omitempty"` SessionDuration string `json:"SessionDuration,omitempty"` + CustomClaims map[string]string `json:"CustomClaims,omitempty"` resources.Resource } diff --git a/pkg/accounts/account_utilities.go b/pkg/accounts/account_utilities.go index 7a387509..16e5d22b 100644 --- a/pkg/accounts/account_utilities.go +++ b/pkg/accounts/account_utilities.go @@ -35,6 +35,7 @@ func ToAccount(accountResource *AccountResource) (IAccount, error) { awsOIDCAccount.DeploymentSubjectKeys = accountResource.DeploymentSubjectKeys awsOIDCAccount.AccountTestSubjectKeys = accountResource.AccountTestSubjectKeys awsOIDCAccount.HealthCheckSubjectKeys = accountResource.HealthCheckSubjectKeys + awsOIDCAccount.CustomClaims = accountResource.CustomClaims account = awsOIDCAccount case AccountTypeAzureServicePrincipal: azureServicePrincipalAccount, err := NewAzureServicePrincipalAccount(accountResource.GetName(), *accountResource.SubscriptionID, *accountResource.TenantID, *accountResource.ApplicationID, accountResource.ApplicationPassword) @@ -57,6 +58,7 @@ func ToAccount(accountResource *AccountResource) (IAccount, error) { azureOIDCAccount.DeploymentSubjectKeys = accountResource.DeploymentSubjectKeys azureOIDCAccount.AccountTestSubjectKeys = accountResource.AccountTestSubjectKeys azureOIDCAccount.HealthCheckSubjectKeys = accountResource.HealthCheckSubjectKeys + azureOIDCAccount.CustomClaims = accountResource.CustomClaims account = azureOIDCAccount case AccountTypeAzureSubscription: azureSubscriptionAccount, err := NewAzureSubscriptionAccount(accountResource.GetName(), *accountResource.SubscriptionID) @@ -76,6 +78,7 @@ func ToAccount(accountResource *AccountResource) (IAccount, error) { } genericOIDCAccount.Audience = accountResource.Audience genericOIDCAccount.DeploymentSubjectKeys = accountResource.DeploymentSubjectKeys + genericOIDCAccount.CustomClaims = accountResource.CustomClaims account = genericOIDCAccount case AccountTypeGoogleCloudPlatformAccount: googleCloudPlatformAccount, err := NewGoogleCloudPlatformAccount(accountResource.GetName(), accountResource.JsonKey) @@ -154,6 +157,7 @@ func ToAccountResource(account IAccount) (*AccountResource, error) { accountResource.DeploymentSubjectKeys = awsOIDCAccount.DeploymentSubjectKeys accountResource.AccountTestSubjectKeys = awsOIDCAccount.AccountTestSubjectKeys accountResource.HealthCheckSubjectKeys = awsOIDCAccount.HealthCheckSubjectKeys + accountResource.CustomClaims = awsOIDCAccount.CustomClaims case AccountTypeAzureServicePrincipal: azureServicePrincipalAccount := account.(*AzureServicePrincipalAccount) accountResource.ApplicationID = azureServicePrincipalAccount.ApplicationID @@ -175,6 +179,7 @@ func ToAccountResource(account IAccount) (*AccountResource, error) { accountResource.DeploymentSubjectKeys = azureOIDCAccount.DeploymentSubjectKeys accountResource.AccountTestSubjectKeys = azureOIDCAccount.AccountTestSubjectKeys accountResource.HealthCheckSubjectKeys = azureOIDCAccount.HealthCheckSubjectKeys + accountResource.CustomClaims = azureOIDCAccount.CustomClaims case AccountTypeAzureSubscription: azureSubscriptionAccount := account.(*AzureSubscriptionAccount) accountResource.AzureEnvironment = azureSubscriptionAccount.AzureEnvironment @@ -187,6 +192,7 @@ func ToAccountResource(account IAccount) (*AccountResource, error) { genericOidcAccount := account.(*GenericOIDCAccount) accountResource.DeploymentSubjectKeys = genericOidcAccount.DeploymentSubjectKeys accountResource.Audience = genericOidcAccount.Audience + accountResource.CustomClaims = genericOidcAccount.CustomClaims case AccountTypeGoogleCloudPlatformAccount: googleCloudPlatformAccount := account.(*GoogleCloudPlatformAccount) accountResource.JsonKey = googleCloudPlatformAccount.JsonKey diff --git a/pkg/accounts/aws_oidc_account.go b/pkg/accounts/aws_oidc_account.go index f9b0c5d7..4d44e72d 100644 --- a/pkg/accounts/aws_oidc_account.go +++ b/pkg/accounts/aws_oidc_account.go @@ -9,12 +9,13 @@ import ( // AwsOIDCAccount represents an AWS OIDC account. type AwsOIDCAccount struct { - RoleArn string `json:"RoleArn"` - SessionDuration string `json:"SessionDuration,omitempty"` - Audience string `json:"Audience,omitempty"` - DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` - HealthCheckSubjectKeys []string `json:"HealthCheckSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account target type'"` - AccountTestSubjectKeys []string `json:"AccountTestSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account type'"` + RoleArn string `json:"RoleArn"` + SessionDuration string `json:"SessionDuration,omitempty"` + Audience string `json:"Audience,omitempty"` + DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` + HealthCheckSubjectKeys []string `json:"HealthCheckSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account target type'"` + AccountTestSubjectKeys []string `json:"AccountTestSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account type'"` + CustomClaims map[string]string `json:"CustomClaims,omitempty"` account } diff --git a/pkg/accounts/aws_oidc_account_test.go b/pkg/accounts/aws_oidc_account_test.go index d22505af..46f70a8d 100644 --- a/pkg/accounts/aws_oidc_account_test.go +++ b/pkg/accounts/aws_oidc_account_test.go @@ -20,6 +20,10 @@ func TestAwsOIDCAccount(t *testing.T) { invalidDeploymentSubjectKeys := []string{"space", "target"} invalidHealthCheckSubjectKeys := []string{"space", "project"} invalidAccountTestSubjectKeys := []string{"space", "project"} + customClaims := map[string]string{ + "claim1": "value1", + "claim2": "value2", + } testCases := []struct { TestName string @@ -32,16 +36,18 @@ func TestAwsOIDCAccount(t *testing.T) { DeploymentSubjectKeys []string HealthCheckSubjectKeys []string AccountTestSubjectKeys []string + CustomClaims map[string]string }{ - {"Valid", false, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"EmptyName", true, "", spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"WhitespaceName", true, " ", spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"EmptySpaceID", false, name, "", tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"WhitespaceSpaceID", false, name, " ", tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"NilSubjectKeys", false, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, nil, nil, nil}, - {"InvalidDeploymentSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, invalidDeploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"InvalidHealthCheckSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, invalidHealthCheckSubjectKeys, invalidAccountTestSubjectKeys}, - {"InvalidAccountTestSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, invalidAccountTestSubjectKeys}, + {"Valid", false, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"ValidWithCustomClaims", false, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, customClaims}, + {"EmptyName", true, "", spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"WhitespaceName", true, " ", spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"EmptySpaceID", false, name, "", tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"WhitespaceSpaceID", false, name, " ", tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"NilSubjectKeys", false, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, nil, nil, nil, nil}, + {"InvalidDeploymentSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, invalidDeploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"InvalidHealthCheckSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, invalidHealthCheckSubjectKeys, invalidAccountTestSubjectKeys, nil}, + {"InvalidAccountTestSubjectKeys", true, name, spaceID, tenantedDeploymentMode, roleArn, sessionDuration, deploymentSubjectKeys, healthCheckSubjectKeys, invalidAccountTestSubjectKeys, nil}, } for _, tc := range testCases { t.Run(tc.TestName, func(t *testing.T) { @@ -51,6 +57,7 @@ func TestAwsOIDCAccount(t *testing.T) { DeploymentSubjectKeys: tc.DeploymentSubjectKeys, HealthCheckSubjectKeys: tc.HealthCheckSubjectKeys, AccountTestSubjectKeys: tc.AccountTestSubjectKeys, + CustomClaims: tc.CustomClaims, } awsOIDCAccount.AccountType = AccountTypeAwsOIDC awsOIDCAccount.Name = tc.Name diff --git a/pkg/accounts/azure_oidc_account.go b/pkg/accounts/azure_oidc_account.go index 26088cb4..95dea57b 100644 --- a/pkg/accounts/azure_oidc_account.go +++ b/pkg/accounts/azure_oidc_account.go @@ -10,16 +10,17 @@ import ( // AzureOIDCAccount represents an Azure OIDC account. type AzureOIDCAccount struct { - ApplicationID *uuid.UUID `json:"ClientId" validate:"required"` - AuthenticationEndpoint string `json:"ActiveDirectoryEndpointBaseUri,omitempty" validate:"required_with=AzureEnvironment,omitempty,uri"` - AzureEnvironment string `json:"AzureEnvironment,omitempty" validate:"omitempty,oneof=AzureCloud AzureChinaCloud AzureGermanCloud AzureUSGovernment"` - ResourceManagerEndpoint string `json:"ResourceManagementEndpointBaseUri" validate:"required_with=AzureEnvironment,omitempty,uri"` - SubscriptionID *uuid.UUID `json:"SubscriptionNumber" validate:"required"` - TenantID *uuid.UUID `json:"TenantId" validate:"required"` - Audience string `json:"Audience,omitempty"` - DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` - HealthCheckSubjectKeys []string `json:"HealthCheckSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account target type'"` - AccountTestSubjectKeys []string `json:"AccountTestSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account type'"` + ApplicationID *uuid.UUID `json:"ClientId" validate:"required"` + AuthenticationEndpoint string `json:"ActiveDirectoryEndpointBaseUri,omitempty" validate:"required_with=AzureEnvironment,omitempty,uri"` + AzureEnvironment string `json:"AzureEnvironment,omitempty" validate:"omitempty,oneof=AzureCloud AzureChinaCloud AzureGermanCloud AzureUSGovernment"` + ResourceManagerEndpoint string `json:"ResourceManagementEndpointBaseUri" validate:"required_with=AzureEnvironment,omitempty,uri"` + SubscriptionID *uuid.UUID `json:"SubscriptionNumber" validate:"required"` + TenantID *uuid.UUID `json:"TenantId" validate:"required"` + Audience string `json:"Audience,omitempty"` + DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` + HealthCheckSubjectKeys []string `json:"HealthCheckSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account target type'"` + AccountTestSubjectKeys []string `json:"AccountTestSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space account type'"` + CustomClaims map[string]string `json:"CustomClaims,omitempty"` account } diff --git a/pkg/accounts/azure_oidc_account_test.go b/pkg/accounts/azure_oidc_account_test.go index 04632d99..e5bc0c4a 100644 --- a/pkg/accounts/azure_oidc_account_test.go +++ b/pkg/accounts/azure_oidc_account_test.go @@ -27,6 +27,10 @@ func TestAzureOIDCAccount(t *testing.T) { invalidDeploymentSubjectKeys := []string{"space", "target"} invalidHealthCheckSubjectKeys := []string{"space", "project"} invalidAccountTestSubjectKeys := []string{"space", "project"} + customClaims := map[string]string{ + "claim1": "value1", + "claim2": "value2", + } testCases := []struct { TestName string @@ -44,21 +48,23 @@ func TestAzureOIDCAccount(t *testing.T) { DeploymentSubjectKeys []string HealthCheckSubjectKeys []string AccountTestSubjectKeys []string + CustomClaims map[string]string }{ - {"Valid", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"EmptyName", true, &applicationID, authenticationEndpoint, azureEnvironment, "", resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"WhitespaceName", true, &applicationID, authenticationEndpoint, azureEnvironment, " ", resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"EmptySpaceID", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, "", &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"WhitespaceSpaceID", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, " ", &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"NilApplicationID", true, nil, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"NilSubscriptionID", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, nil, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"NilTenantID", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, nil, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"InvalidAuthenticationEndpoint", true, &applicationID, invalidURI, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"InvalidResourceManagerEndpoint", true, &applicationID, authenticationEndpoint, azureEnvironment, name, invalidURI, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"NilSubjectKeys", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", nil, nil, nil}, - {"InvalidDeploymentSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", invalidDeploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys}, - {"InvalidHealthCheckSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", deploymentSubjectKeys, invalidHealthCheckSubjectKeys, invalidAccountTestSubjectKeys}, - {"InvalidAccountTestSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", deploymentSubjectKeys, healthCheckSubjectKeys, invalidAccountTestSubjectKeys}, + {"Valid", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"ValidWithCustomClaims", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, customClaims}, + {"EmptyName", true, &applicationID, authenticationEndpoint, azureEnvironment, "", resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"WhitespaceName", true, &applicationID, authenticationEndpoint, azureEnvironment, " ", resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"EmptySpaceID", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, "", &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"WhitespaceSpaceID", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, " ", &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"NilApplicationID", true, nil, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"NilSubscriptionID", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, nil, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"NilTenantID", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, nil, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"InvalidAuthenticationEndpoint", true, &applicationID, invalidURI, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"InvalidResourceManagerEndpoint", true, &applicationID, authenticationEndpoint, azureEnvironment, name, invalidURI, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, audience, deploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"NilSubjectKeys", false, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", nil, nil, nil, nil}, + {"InvalidDeploymentSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", invalidDeploymentSubjectKeys, healthCheckSubjectKeys, accountTestSubjectKeys, nil}, + {"InvalidHealthCheckSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", deploymentSubjectKeys, invalidHealthCheckSubjectKeys, invalidAccountTestSubjectKeys, nil}, + {"InvalidAccountTestSubjectKeys", true, &applicationID, authenticationEndpoint, azureEnvironment, name, resourceManagerEndpoint, spaceID, &subscriptionID, tenantedDeploymentMode, &tenantID, "", deploymentSubjectKeys, healthCheckSubjectKeys, invalidAccountTestSubjectKeys, nil}, } for _, tc := range testCases { t.Run(tc.TestName, func(t *testing.T) { @@ -73,6 +79,7 @@ func TestAzureOIDCAccount(t *testing.T) { DeploymentSubjectKeys: tc.DeploymentSubjectKeys, HealthCheckSubjectKeys: tc.HealthCheckSubjectKeys, AccountTestSubjectKeys: tc.AccountTestSubjectKeys, + CustomClaims: tc.CustomClaims, } azureOIDCAccount.AccountType = AccountTypeAzureOIDC azureOIDCAccount.Name = tc.Name diff --git a/pkg/accounts/generic_oidc_account.go b/pkg/accounts/generic_oidc_account.go index 8f95b8a3..74bb1835 100644 --- a/pkg/accounts/generic_oidc_account.go +++ b/pkg/accounts/generic_oidc_account.go @@ -9,8 +9,9 @@ import ( // GenericOIDCAccount represents a Generic OIDC account. type GenericOIDCAccount struct { - Audience string `json:"Audience,omitempty"` - DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` + Audience string `json:"Audience,omitempty"` + DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"` + CustomClaims map[string]string `json:"CustomClaims,omitempty"` account } diff --git a/pkg/accounts/generic_oidc_account_test.go b/pkg/accounts/generic_oidc_account_test.go index d73bc617..e7c4ef9b 100644 --- a/pkg/accounts/generic_oidc_account_test.go +++ b/pkg/accounts/generic_oidc_account_test.go @@ -11,6 +11,10 @@ func TestGenericOIDCAccount(t *testing.T) { audience := "api://default" deploymentSubjectKeys := []string{"space", "project", "tenant", "environment"} invalidDeploymentSubjectKeys := []string{"space", "target"} + customClaims := map[string]string{ + "claim1": "value1", + "claim2": "value2", + } testCases := []struct { TestName string @@ -18,11 +22,13 @@ func TestGenericOIDCAccount(t *testing.T) { Name string Audience string DeploymentSubjectKeys []string + CustomClaims map[string]string }{ - {"Valid", false, name, audience, deploymentSubjectKeys}, - {"EmptyName", true, "", audience, deploymentSubjectKeys}, - {"NilSubjectKeys", false, name, "", nil}, - {"InvalidDeploymentSubjectKeys", true, name, "", invalidDeploymentSubjectKeys}, + {"Valid", false, name, audience, deploymentSubjectKeys, nil}, + {"ValidWithCustomClaims", false, name, audience, deploymentSubjectKeys, customClaims}, + {"EmptyName", true, "", audience, deploymentSubjectKeys, nil}, + {"NilSubjectKeys", false, name, "", nil, nil}, + {"InvalidDeploymentSubjectKeys", true, name, "", invalidDeploymentSubjectKeys, nil}, } for _, tc := range testCases { @@ -30,6 +36,7 @@ func TestGenericOIDCAccount(t *testing.T) { genericOIDCAccount := &GenericOIDCAccount{ Audience: tc.Audience, DeploymentSubjectKeys: tc.DeploymentSubjectKeys, + CustomClaims: tc.CustomClaims, } genericOIDCAccount.AccountType = AccountTypeGenericOIDCAccount genericOIDCAccount.Name = tc.Name