forked from hashicorp/vault-plugin-auth-jwt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
provider_ibmisam.go
47 lines (38 loc) · 1.53 KB
/
provider_ibmisam.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package jwtauth
import (
"context"
"fmt"
"strings"
"golang.org/x/oauth2"
)
// IBMISAMProvider is used for IBMISAM-specific configuration
type IBMISAMProvider struct{}
// Initialize anything in the IBMISAMProvider struct - satisfying the CustomProvider interface
func (a *IBMISAMProvider) Initialize(_ context.Context, _ *jwtConfig) error {
return nil
}
// SensitiveKeys - satisfying the CustomProvider interface
func (a *IBMISAMProvider) SensitiveKeys() []string {
return []string{}
}
// FetchGroups - custom groups fetching for ibmisam - satisfying GroupsFetcher interface
// IBMISAM by default will return groups not as a json list but as a list of space seperated strings
// We need to convert this to a json list
func (a *IBMISAMProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, _ oauth2.TokenSource) (interface{}, error) {
groupsClaimRaw := getClaim(b.Logger(), allClaims, role.GroupsClaim)
if groupsClaimRaw != nil {
// Try to convert the comma seperated list of strings into a list
if groupsstr, ok := groupsClaimRaw.(string); ok {
rawibmisamGroups := strings.Split(groupsstr, " ")
ibmisamGroups := make([]interface{}, 0, len(rawibmisamGroups))
for group := range rawibmisamGroups {
ibmisamGroups = append(ibmisamGroups, rawibmisamGroups[group])
}
groupsClaimRaw = ibmisamGroups
}
}
b.Logger().Debug(fmt.Sprintf("post: groups claim raw is %v", groupsClaimRaw))
return groupsClaimRaw, nil
}