diff --git a/go.mod b/go.mod index b5a734efe7591..1236591de1e3e 100644 --- a/go.mod +++ b/go.mod @@ -167,6 +167,7 @@ require ( github.com/okta/okta-sdk-golang/v2 v2.20.0 github.com/opencontainers/go-digest v1.0.0 github.com/opensearch-project/opensearch-go/v2 v2.3.0 + github.com/oracle/oci-go-sdk/v65 v65.81.0 github.com/parquet-go/parquet-go v0.24.0 github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 @@ -246,8 +247,6 @@ require ( software.sslmate.com/src/go-pkcs12 v0.5.0 ) -require github.com/oracle/oci-go-sdk/v65 v65.81.0 - require ( cel.dev/expr v0.19.1 // indirect cloud.google.com/go v0.117.0 // indirect diff --git a/lib/auth/join/join.go b/lib/auth/join/join.go index 22e8d629260a2..2287f42cac6da 100644 --- a/lib/auth/join/join.go +++ b/lib/auth/join/join.go @@ -26,7 +26,6 @@ import ( "github.com/gravitational/trace" "github.com/jonboulle/clockwork" - "github.com/oracle/oci-go-sdk/v65/common/auth" "go.opentelemetry.io/otel" "golang.org/x/crypto/ssh" @@ -817,11 +816,7 @@ func registerUsingOracleMethod( ctx context.Context, client joinServiceClient, token string, hostKeys *newHostKeys, params RegisterParams, ) (*proto.Certs, error) { certs, err := client.RegisterUsingOracleMethod(ctx, func(challenge string) (*proto.RegisterUsingOracleMethodRequest, error) { - provider, err := auth.InstancePrincipalConfigurationProvider() - if err != nil { - return nil, trace.Wrap(err) - } - innerHeaders, outerHeaders, err := oracle.CreateSignedRequest(provider, challenge) + innerHeaders, outerHeaders, err := oracle.CreateSignedRequest(challenge) if err != nil { return nil, trace.Wrap(err) } diff --git a/lib/auth/join/oracle/oracle.go b/lib/auth/join/oracle/oracle.go index ce73904204e5f..aa1f91c738d28 100644 --- a/lib/auth/join/oracle/oracle.go +++ b/lib/auth/join/oracle/oracle.go @@ -1,5 +1,5 @@ // Teleport -// Copyright (C) 2024 Gravitational, Inc. +// Copyright (C) 2025 Gravitational, Inc. // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by @@ -26,6 +26,7 @@ import ( "github.com/gravitational/trace" "github.com/oracle/oci-go-sdk/v65/common" + "github.com/oracle/oci-go-sdk/v65/common/auth" "github.com/gravitational/teleport/api" "github.com/gravitational/teleport/lib/defaults" @@ -87,7 +88,7 @@ type principal struct { } func (p principal) getClaims() Claims { - claims := Claims{} + var claims Claims for _, claim := range p.Claims { switch claim.Key { case tenancyClaim: @@ -119,6 +120,7 @@ func newAuthenticateClientRequest(time time.Time, challenge string, headers http RequestHeaders: headers, }, } + // Avoid a null request body. if len(headers) == 0 { req.Details.RequestHeaders = http.Header{} } @@ -155,7 +157,16 @@ func createAuthHTTPRequest(region string, auth authenticateClientRequest) (*http // https://auth..oraclecloud.com/v1/authentication/authenticateClient. // The returned headers should be sent to an auth server as part of // RegisterUsingOracleMethod. -func CreateSignedRequest(provider common.ConfigurationProvider, challenge string) (innerHeaders, outerHeaders http.Header, err error) { +func CreateSignedRequest(challenge string) (innerHeaders, outerHeaders http.Header, err error) { + provider, err := auth.InstancePrincipalConfigurationProvider() + if err != nil { + return nil, nil, trace.Wrap(err) + } + inner, outer, err := createSignedRequest(provider, challenge) + return inner, outer, trace.Wrap(err) +} + +func createSignedRequest(provider common.ConfigurationProvider, challenge string) (innerHeaders, outerHeaders http.Header, err error) { signedHeaders := append(common.DefaultGenericHeaders(), DateHeader, ChallengeHeader) signer := common.RequestSigner(provider, signedHeaders, common.DefaultBodyHeaders()) region, err := provider.Region() diff --git a/lib/auth/join/oracle/oracle_test.go b/lib/auth/join/oracle/oracle_test.go index 5436bc6ef175c..f2d3c94512f68 100644 --- a/lib/auth/join/oracle/oracle_test.go +++ b/lib/auth/join/oracle/oracle_test.go @@ -1,5 +1,5 @@ // Teleport -// Copyright (C) 2024 Gravitational, Inc. +// Copyright (C) 2025 Gravitational, Inc. // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by @@ -45,7 +45,7 @@ func TestCreateSignedRequest(t *testing.T) { nil, ) - innerHeader, outerHeader, err := CreateSignedRequest(provider, "challenge") + innerHeader, outerHeader, err := createSignedRequest(provider, "challenge") require.NoError(t, err) expectedHeaders := map[string]string{