gRPC Connectors API (#3245)

Signed-off-by: Giovanni Campeol <[email protected]> Signed-off-by: Maksim Nabokikh <[email protected]> Co-authored-by: Maksim Nabokikh <[email protected]>
dexidp · Jul 16, 2024 · b07e1bc · b07e1bc
1 parent 2669b61
commit b07e1bc
Show file tree

Hide file tree

Showing 10 changed files with 1,511 additions and 205 deletions.
diff --git a/api/v2/api.pb.go b/api/v2/api.pb.go
diff --git a/api/v2/api.proto b/api/v2/api.proto
@@ -116,6 +116,56 @@ message ListPasswordResp {
   repeated Password passwords = 1;
 }
 
+// Connector is a strategy used by Dex for authenticating a user against another identity provider
+message Connector {
+  string id = 1;
+  string type = 2;
+  string name = 3;
+  bytes config = 4;
+}
+
+// CreateConnectorReq is a request to make a connector.
+message CreateConnectorReq {
+  Connector connector = 1;
+}
+
+// CreateConnectorResp returns the response from creating a connector.
+message CreateConnectorResp {
+  bool already_exists = 1;
+}
+
+// UpdateConnectorReq is a request to modify an existing connector.
+message UpdateConnectorReq {
+  // The id used to lookup the connector. This field cannot be modified
+  string id = 1;
+  string new_type = 2;
+  string new_name = 3;
+  bytes new_config = 4;
+}
+
+// UpdateConnectorResp returns the response from modifying an existing connector.
+message UpdateConnectorResp {
+  bool not_found = 1;
+}
+
+// DeleteConnectorReq is a request to delete a connector.
+message DeleteConnectorReq {
+  string id = 1;
+}
+
+// DeleteConnectorResp returns the response from deleting a connector.
+message DeleteConnectorResp {
+  bool not_found = 1;
+}
+
+// ListConnectorReq is a request to enumerate connectors.
+message ListConnectorReq {}
+
+// ListConnectorResp returns a list of connectors.
+message ListConnectorResp {
+  repeated Connector connectors = 1;
+}
+
 // VersionReq is a request to fetch version info.
 message VersionReq {}
 
@@ -189,6 +239,14 @@ service Dex {
   rpc DeletePassword(DeletePasswordReq) returns (DeletePasswordResp) {};
   // ListPassword lists all password entries.
   rpc ListPasswords(ListPasswordReq) returns (ListPasswordResp) {};
+  // CreateConnector creates a connector.
+  rpc CreateConnector(CreateConnectorReq) returns (CreateConnectorResp) {};
+  // UpdateConnector modifies existing connector.
+  rpc UpdateConnector(UpdateConnectorReq) returns (UpdateConnectorResp) {};
+  // DeleteConnector deletes the connector.
+  rpc DeleteConnector(DeleteConnectorReq) returns (DeleteConnectorResp) {};
+  // ListConnectors lists all connector entries.
+  rpc ListConnectors(ListConnectorReq) returns (ListConnectorResp) {};
   // GetVersion returns version information of the server.
   rpc GetVersion(VersionReq) returns (VersionResp) {};
   // ListRefresh lists all the refresh token entries for a particular user.

diff --git a/api/v2/api_grpc.pb.go b/api/v2/api_grpc.pb.go
diff --git a/cmd/dex/config.go b/cmd/dex/config.go
@@ -7,6 +7,7 @@ import (
 	"log/slog"
 	"net/http"
 	"os"
+	"slices"
 	"strings"
 
 	"golang.org/x/crypto/bcrypt"
@@ -50,10 +51,22 @@ type Config struct {
 	// querying the storage. Cannot be specified without enabling a passwords
 	// database.
 	StaticPasswords []password `json:"staticPasswords"`
+
+	// AdditionalFeature allow the extension of Dex functionalities
+	AdditionalFeatures []server.AdditionalFeature `json:"additionalFeatures"`
+}
+
+// Parse the configuration
+func (c *Config) Parse() {
+	if c.AdditionalFeatures == nil {
+		c.AdditionalFeatures = []server.AdditionalFeature{}
+	}
 }
 
 // Validate the configuration
 func (c Config) Validate() error {
+	invalidFeatures := c.findInvalidAdditionalFeatures()
+
 	// Fast checks. Perform these first for a more responsive CLI.
 	checks := []struct {
 		bad    bool
@@ -72,6 +85,7 @@ func (c Config) Validate() error {
 		{c.GRPC.TLSKey != "" && c.GRPC.Addr == "", "no address specified for gRPC"},
 		{(c.GRPC.TLSCert == "") != (c.GRPC.TLSKey == ""), "must specific both a gRPC TLS cert and key"},
 		{c.GRPC.TLSCert == "" && c.GRPC.TLSClientCA != "", "cannot specify gRPC TLS client CA without a gRPC TLS cert"},
+		{len(invalidFeatures) > 0, fmt.Sprintf("invalid additionalFeatures supplied: %v. Valid entries: %s", invalidFeatures, server.ValidAdditionalFeatures)},
 		{c.GRPC.TLSMinVersion != "" && c.GRPC.TLSMinVersion != "1.2" && c.GRPC.TLSMinVersion != "1.3", "supported TLS versions are: 1.2, 1.3"},
 		{c.GRPC.TLSMaxVersion != "" && c.GRPC.TLSMaxVersion != "1.2" && c.GRPC.TLSMaxVersion != "1.3", "supported TLS versions are: 1.2, 1.3"},
 		{c.GRPC.TLSMaxVersion != "" && c.GRPC.TLSMinVersion != "" && c.GRPC.TLSMinVersion > c.GRPC.TLSMaxVersion, "TLSMinVersion greater than TLSMaxVersion"},
@@ -90,6 +104,22 @@ func (c Config) Validate() error {
 	return nil
 }
 
+// findInvalidAdditionalFeatures returns additional features that are not considered valid
+func (c Config) findInvalidAdditionalFeatures() []server.AdditionalFeature {
+	if c.AdditionalFeatures == nil {
+		return []server.AdditionalFeature{}
+	}
+
+	badFeatures := []server.AdditionalFeature{}
+	for _, feature := range c.AdditionalFeatures {
+		if !slices.Contains(server.ValidAdditionalFeatures, feature) {
+			badFeatures = append(badFeatures, feature)
+		}
+	}
+
+	return badFeatures
+}
+
 type password storage.Password
 
 func (p *password) UnmarshalJSON(b []byte) error {