-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathflags.go
More file actions
115 lines (102 loc) · 3.56 KB
/
flags.go
File metadata and controls
115 lines (102 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package main
import (
"encoding/base64"
"flag"
"fmt"
"net/url"
"os"
"strings"
"time"
)
var (
listenAddr string
oidcIssuer string
oidcClientID string
oidcAuthEndpoint string
oidcJWKSURL string
oidcRedirectURL string
allowedEmailDomain string
serviceID string
serviceOrigin string
serviceConsumePath string
serviceKeyID int
serviceKeyRaw string
serviceDisplayName string
serviceTTL time.Duration
service ServiceConfig
)
func parseFlags() {
flag.StringVar(&listenAddr, "listen", "", "TCP listen address")
flag.StringVar(&oidcIssuer, "oidc-issuer", "", "OIDC issuer URL")
flag.StringVar(&oidcClientID, "oidc-client-id", "", "OIDC client ID")
flag.StringVar(&oidcAuthEndpoint, "oidc-auth-endpoint", "", "OIDC authorization endpoint URL")
flag.StringVar(&oidcJWKSURL, "oidc-jwks-url", "", "OIDC JWKS URL")
flag.StringVar(&oidcRedirectURL, "oidc-redirect-url", "", "OIDC redirect URL for this portal")
flag.StringVar(&allowedEmailDomain, "allowed-email-domain", "", "allowed email domain")
flag.StringVar(&serviceID, "service-id", "", "service identifier")
flag.StringVar(&serviceOrigin, "service-origin", "", "service origin URL")
flag.StringVar(&serviceConsumePath, "service-consume-path", "", "service consume path")
flag.IntVar(&serviceKeyID, "service-key-id", -1, "service key identifier")
flag.StringVar(&serviceKeyRaw, "service-key-b64", "", "service ticket key in base64") // TODO: could be seen in process list
flag.StringVar(&serviceDisplayName, "service-display-name", "", "service display name")
flag.DurationVar(&serviceTTL, "service-ttl", 0, "service ticket lifetime, e.g. 60s")
flag.Parse()
mustFlag("listen", listenAddr)
mustFlag("oidc-issuer", oidcIssuer)
mustFlag("oidc-client-id", oidcClientID)
mustFlag("oidc-auth-endpoint", oidcAuthEndpoint)
mustFlag("oidc-jwks-url", oidcJWKSURL)
mustFlag("oidc-redirect-url", oidcRedirectURL)
mustFlag("allowed-email-domain", allowedEmailDomain)
mustFlag("service-id", serviceID)
mustFlag("service-origin", serviceOrigin)
mustFlag("service-consume-path", serviceConsumePath)
mustFlag("service-key-b64", serviceKeyRaw)
mustFlag("service-display-name", serviceDisplayName)
if serviceKeyID < 0 || serviceKeyID > 255 {
exitUsage("service-key-id must be between 0 and 255")
}
if serviceTTL <= 0 {
exitUsage("service-ttl must be positive")
}
mustURL("oidc-issuer", oidcIssuer)
mustURL("oidc-auth-endpoint", oidcAuthEndpoint)
mustURL("oidc-jwks-url", oidcJWKSURL)
mustURL("oidc-redirect-url", oidcRedirectURL)
mustURL("service-origin", serviceOrigin)
if !strings.HasPrefix(serviceConsumePath, "/") {
exitUsage("service-consume-path must start with '/'")
}
key, err := base64.StdEncoding.DecodeString(serviceKeyRaw)
if err != nil {
exitUsage(fmt.Sprintf("service-key-b64 must be valid base64: %v", err))
}
if len(key) != 32 {
exitUsage("service-key-b64 must decode to exactly 32 bytes")
}
service = ServiceConfig{
ID: serviceID,
Origin: strings.TrimRight(serviceOrigin, "/"),
ConsumePath: serviceConsumePath,
KeyID: byte(serviceKeyID),
Key: key,
DisplayName: serviceDisplayName,
TTL: serviceTTL,
}
}
func mustFlag(name, value string) {
if strings.TrimSpace(value) == "" {
exitUsage("missing required flag -" + name)
}
}
func mustURL(name, raw string) {
u, err := url.Parse(raw)
if err != nil || u.Scheme == "" || u.Host == "" {
exitUsage(fmt.Sprintf("%s must be an absolute URL", name))
}
}
func exitUsage(msg string) {
fmt.Fprintln(os.Stderr, msg)
flag.Usage()
os.Exit(2)
}