feat: oauth2 support

api/v1/checks.go

@@ -55,6 +55,11 @@ func (c Check) GetLabels() map[string]string {
 	return c.Labels
 }
 
+type Oauth2Config struct {
+	Scopes   []string
+	TokenURL string
+}
+
 type HTTPCheck struct {
 	Description `yaml:",inline" json:",inline"`
 	Templatable `yaml:",inline" json:",inline"`
@@ -87,6 +92,8 @@ type HTTPCheck struct {
 	TemplateBody bool `yaml:"templateBody,omitempty" json:"templateBody,omitempty"`
 	// EnvVars are the environment variables that are accesible to templated body
 	EnvVars []types.EnvVar `yaml:"env,omitempty" json:"env,omitempty"`
+	// Oauth2 Configuration. The client ID & Client secret should go to username & password respectively.
+	Oauth2 *Oauth2Config `yaml:"oauth2,omitempty" json:"oauth2,omitempty"`
 }
 
 func (c HTTPCheck) GetType() string {

checks/http.go

@@ -10,7 +10,6 @@ import (
 	"github.com/PaesslerAG/jsonpath"
 	"github.com/flanksource/canary-checker/api/context"
 	"github.com/flanksource/commons/http"
-	"github.com/flanksource/commons/http/middlewares"
 	"github.com/flanksource/duty/models"
 	gomplate "github.com/flanksource/gomplate/v3"
 
@@ -79,6 +78,10 @@ func (c *HTTPChecker) generateHTTPRequest(ctx *context.Context, check v1.HTTPChe
 		client.Auth(connection.Username, connection.Password)
 	}
 
+	if check.Oauth2 != nil {
+		client.OAuth(connection.Username, connection.Password, check.Oauth2.TokenURL, check.Oauth2.Scopes...)
+	}
+
 	client.NTLM(check.NTLM)
 	client.NTLMV2(check.NTLMv2)
 
@@ -88,8 +91,7 @@ func (c *HTTPChecker) generateHTTPRequest(ctx *context.Context, check v1.HTTPChe
 
 	// TODO: Add finer controls over tracing to the canary
 	if ctx.IsTrace() {
-		tracedTransport := middlewares.NewTracedTransport().TraceAll(true).MaxBodyLength(512)
-		client.Use(tracedTransport.RoundTripper)
+		client.Trace(http.TraceConfig{MaxBodyLength: 512, Body: true, Headers: true, ResponseHeaders: true})
 	}
 
 	return client.R(ctx), nil

config/deploy/crd.yaml

@@ -3161,6 +3161,9 @@ spec:
                       ntlmv2:
                         description: NTLM when set to true will do authentication using NTLM v2 protocol
                         type: boolean
+                      oauth2:
+                        description: Oauth2 Configuration. The client ID & Client secret should go to username & password respectively.
+                        type: object
                       password:
                         properties:
                           name:

config/deploy/manifests.yaml

@@ -3161,6 +3161,9 @@ spec:
                       ntlmv2:
                         description: NTLM when set to true will do authentication using NTLM v2 protocol
                         type: boolean
+                      oauth2:
+                        description: Oauth2 Configuration. The client ID & Client secret should go to username & password respectively.
+                        type: object
                       password:
                         properties:
                           name:

config/schemas/canary.schema.json

@@ -1703,6 +1703,9 @@
             "$ref": "#/$defs/EnvVar"
           },
           "type": "array"
+        },
+        "oauth2": {
+          "$ref": "#/$defs/Oauth2Config"
         }
       },
       "additionalProperties": false,
@@ -2364,6 +2367,25 @@
         "podSpec"
       ]
     },
+    "Oauth2Config": {
+      "properties": {
+        "Scopes": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "TokenURL": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "Scopes",
+        "TokenURL"
+      ]
+    },
     "ObjectFieldSelector": {
       "properties": {
         "apiVersion": {

config/schemas/component.schema.json

@@ -1915,6 +1915,9 @@
             "$ref": "#/$defs/EnvVar"
           },
           "type": "array"
+        },
+        "oauth2": {
+          "$ref": "#/$defs/Oauth2Config"
         }
       },
       "additionalProperties": false,
@@ -2626,6 +2629,25 @@
         "podSpec"
       ]
     },
+    "Oauth2Config": {
+      "properties": {
+        "Scopes": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "TokenURL": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "Scopes",
+        "TokenURL"
+      ]
+    },
     "ObjectFieldSelector": {
       "properties": {
         "apiVersion": {

config/schemas/health_http.schema.json

@@ -139,6 +139,9 @@
             "$ref": "#/$defs/EnvVar"
           },
           "type": "array"
+        },
+        "oauth2": {
+          "$ref": "#/$defs/Oauth2Config"
         }
       },
       "additionalProperties": false,
@@ -213,6 +216,25 @@
       "additionalProperties": false,
       "type": "object"
     },
+    "Oauth2Config": {
+      "properties": {
+        "Scopes": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "TokenURL": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "Scopes",
+        "TokenURL"
+      ]
+    },
     "SecretKeySelector": {
       "properties": {
         "name": {

config/schemas/topology.schema.json

@@ -1885,6 +1885,9 @@
             "$ref": "#/$defs/EnvVar"
           },
           "type": "array"
+        },
+        "oauth2": {
+          "$ref": "#/$defs/Oauth2Config"
         }
       },
       "additionalProperties": false,
@@ -2596,6 +2599,25 @@
         "podSpec"
       ]
     },
+    "Oauth2Config": {
+      "properties": {
+        "Scopes": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "TokenURL": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "Scopes",
+        "TokenURL"
+      ]
+    },
     "ObjectFieldSelector": {
       "properties": {
         "apiVersion": {

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/eko/gocache/store/bigcache/v4 v4.2.1
 	github.com/elastic/go-elasticsearch/v8 v8.10.0
 	github.com/fergusstrange/embedded-postgres v1.24.0
-	github.com/flanksource/commons v1.14.1
+	github.com/flanksource/commons v1.15.0
 	github.com/flanksource/duty v1.0.191
 	github.com/flanksource/gomplate/v3 v3.20.18
 	github.com/flanksource/is-healthy v0.0.0-20231003215854-76c51e3a3ff7
@@ -62,14 +62,12 @@ require (
 	github.com/sevennt/echo-pprof v0.1.1-0.20220616082843-66a461746b5f
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
-	github.com/vadimi/go-http-ntlm v1.0.3
-	github.com/vadimi/go-http-ntlm/v2 v2.4.1
 	go.mongodb.org/mongo-driver v1.12.1
 	golang.org/x/crypto v0.14.0
 	golang.org/x/net v0.17.0
 	golang.org/x/sync v0.4.0
 	google.golang.org/api v0.147.0
-	google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b
 	gopkg.in/flanksource/yaml.v3 v3.2.3
 	gorm.io/gorm v1.25.4
 	gorm.io/plugin/prometheus v0.0.0-20230504115745-1aec2356381b
@@ -97,7 +95,7 @@ require (
 	github.com/antonmedv/expr v1.15.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.45.25 // indirect
+	github.com/aws/aws-sdk-go v1.45.26 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
@@ -183,7 +181,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
+	github.com/klauspost/compress v1.17.1 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
@@ -218,6 +216,8 @@ require (
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/vadimi/go-http-ntlm v1.0.3 // indirect
+	github.com/vadimi/go-http-ntlm/v2 v2.4.1 // indirect
 	github.com/vadimi/go-ntlm v1.2.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
@@ -249,8 +249,8 @@ require (
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	google.golang.org/grpc v1.58.3 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect