Address comments

gravitational · Jan 29, 2025 · 3b32351 · 3b32351
1 parent 00ac989
commit 3b32351
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 13 deletions.
diff --git a/go.mod b/go.mod
@@ -167,6 +167,7 @@ require (
 	github.com/okta/okta-sdk-golang/v2 v2.20.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opensearch-project/opensearch-go/v2 v2.3.0
+	github.com/oracle/oci-go-sdk/v65 v65.81.0
 	github.com/parquet-go/parquet-go v0.24.0
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
 	github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0
@@ -246,8 +247,6 @@ require (
 	software.sslmate.com/src/go-pkcs12 v0.5.0
 )
 
-require github.com/oracle/oci-go-sdk/v65 v65.81.0
-
 require (
 	cel.dev/expr v0.19.1 // indirect
 	cloud.google.com/go v0.117.0 // indirect

diff --git a/lib/auth/join/join.go b/lib/auth/join/join.go
@@ -26,7 +26,6 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
-	"github.com/oracle/oci-go-sdk/v65/common/auth"
 	"go.opentelemetry.io/otel"
 	"golang.org/x/crypto/ssh"
 
@@ -817,11 +816,7 @@ func registerUsingOracleMethod(
 	ctx context.Context, client joinServiceClient, token string, hostKeys *newHostKeys, params RegisterParams,
 ) (*proto.Certs, error) {
 	certs, err := client.RegisterUsingOracleMethod(ctx, func(challenge string) (*proto.RegisterUsingOracleMethodRequest, error) {
-		provider, err := auth.InstancePrincipalConfigurationProvider()
-		if err != nil {
-			return nil, trace.Wrap(err)
-		}
-		innerHeaders, outerHeaders, err := oracle.CreateSignedRequest(provider, challenge)
+		innerHeaders, outerHeaders, err := oracle.CreateSignedRequest(challenge)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}

diff --git a/lib/auth/join/oracle/oracle.go b/lib/auth/join/oracle/oracle.go
@@ -1,5 +1,5 @@
 // Teleport
-// Copyright (C) 2024 Gravitational, Inc.
+// Copyright (C) 2025 Gravitational, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -26,6 +26,7 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/oracle/oci-go-sdk/v65/common"
+	"github.com/oracle/oci-go-sdk/v65/common/auth"
 
 	"github.com/gravitational/teleport/api"
 	"github.com/gravitational/teleport/lib/defaults"
@@ -87,7 +88,7 @@ type principal struct {
 }
 
 func (p principal) getClaims() Claims {
-	claims := Claims{}
+	var claims Claims
 	for _, claim := range p.Claims {
 		switch claim.Key {
 		case tenancyClaim:
@@ -119,6 +120,7 @@ func newAuthenticateClientRequest(time time.Time, challenge string, headers http
 			RequestHeaders: headers,
 		},
 	}
+	// Avoid a null request body.
 	if len(headers) == 0 {
 		req.Details.RequestHeaders = http.Header{}
 	}
@@ -155,7 +157,16 @@ func createAuthHTTPRequest(region string, auth authenticateClientRequest) (*http
 // https://auth.<region>.oraclecloud.com/v1/authentication/authenticateClient.
 // The returned headers should be sent to an auth server as part of
 // RegisterUsingOracleMethod.
-func CreateSignedRequest(provider common.ConfigurationProvider, challenge string) (innerHeaders, outerHeaders http.Header, err error) {
+func CreateSignedRequest(challenge string) (innerHeaders, outerHeaders http.Header, err error) {
+	provider, err := auth.InstancePrincipalConfigurationProvider()
+	if err != nil {
+		return nil, nil, trace.Wrap(err)
+	}
+	inner, outer, err := createSignedRequest(provider, challenge)
+	return inner, outer, trace.Wrap(err)
+}
+
+func createSignedRequest(provider common.ConfigurationProvider, challenge string) (innerHeaders, outerHeaders http.Header, err error) {
 	signedHeaders := append(common.DefaultGenericHeaders(), DateHeader, ChallengeHeader)
 	signer := common.RequestSigner(provider, signedHeaders, common.DefaultBodyHeaders())
 	region, err := provider.Region()

diff --git a/lib/auth/join/oracle/oracle_test.go b/lib/auth/join/oracle/oracle_test.go
@@ -1,5 +1,5 @@
 // Teleport
-// Copyright (C) 2024 Gravitational, Inc.
+// Copyright (C) 2025 Gravitational, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -45,7 +45,7 @@ func TestCreateSignedRequest(t *testing.T) {
 		nil,
 	)
 
-	innerHeader, outerHeader, err := CreateSignedRequest(provider, "challenge")
+	innerHeader, outerHeader, err := createSignedRequest(provider, "challenge")
 	require.NoError(t, err)
 
 	expectedHeaders := map[string]string{