Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Declarative scaler config #5676

Merged
merged 5 commits into from
May 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
### New

- TODO ([#XXX](https://github.com/kedacore/keda/issues/XXX))
- **General**: Declarative parsing of scaler config ([#5037](https://github.com/kedacore/keda/issues/5037))

#### Experimental

Expand Down
128 changes: 128 additions & 0 deletions pkg/scalers/authentication/authentication_types.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package authentication

import (
"fmt"
"net/url"
"time"
)
Expand Down Expand Up @@ -31,6 +32,8 @@ const (
FastHTTP // FastHTTP Fast http client.
)

// AuthMeta is the metadata for the authentication types
// Deprecated: use Config instead
type AuthMeta struct {
// bearer auth
EnableBearerAuth bool
Expand Down Expand Up @@ -61,6 +64,131 @@ type AuthMeta struct {
CustomAuthValue string
}

// BasicAuth is a basic authentication type
type BasicAuth struct {
Username string `keda:"name=username, order=authParams"`
Password string `keda:"name=password, order=authParams"`
}

// CertAuth is a client certificate authentication type
type CertAuth struct {
Cert string `keda:"name=cert, order=authParams"`
Key string `keda:"name=key, order=authParams"`
CA string `keda:"name=ca, order=authParams"`
}

// OAuth is an oAuth2 authentication type
type OAuth struct {
OauthTokenURI string `keda:"name=oauthTokenURI, order=authParams"`
Scopes []string `keda:"name=scopes, order=authParams"`
ClientID string `keda:"name=clientID, order=authParams"`
ClientSecret string `keda:"name=clientSecret, order=authParams"`
EndpointParams url.Values `keda:"name=endpointParams, order=authParams"`
}

// CustomAuth is a custom header authentication type
type CustomAuth struct {
CustomAuthHeader string `keda:"name=customAuthHeader, order=authParams"`
CustomAuthValue string `keda:"name=customAuthValue, order=authParams"`
}

// Config is the configuration for the authentication types
type Config struct {
Modes []Type `keda:"name=authModes, order=triggerMetadata, enum=apiKey;basic;tls;bearer;custom;oauth, exclusiveSet=bearer;basic;oauth, optional"`

BearerToken string `keda:"name=bearerToken, order=authParams, optional"`
BasicAuth `keda:"optional"`
CertAuth `keda:"optional"`
OAuth `keda:"optional"`
CustomAuth `keda:"optional"`
}

// Disabled returns true if no auth modes are enabled
func (c *Config) Disabled() bool {
return c == nil || len(c.Modes) == 0
}

// Enabled returns true if given auth mode is enabled
func (c *Config) Enabled(mode Type) bool {
for _, m := range c.Modes {
if m == mode {
return true
}
}
return false
}

// helpers for checking enabled auth modes
func (c *Config) EnabledTLS() bool { return c.Enabled(TLSAuthType) }
func (c *Config) EnabledBasicAuth() bool { return c.Enabled(BasicAuthType) }
func (c *Config) EnabledBearerAuth() bool { return c.Enabled(BearerAuthType) }
func (c *Config) EnabledOAuth() bool { return c.Enabled(OAuthType) }
func (c *Config) EnabledCustomAuth() bool { return c.Enabled(CustomAuthType) }

// GetBearerToken returns the bearer token with the Bearer prefix
func (c *Config) GetBearerToken() string {
return fmt.Sprintf("Bearer %s", c.BearerToken)
}

// Validate validates the Config and returns an error if it is invalid
func (c *Config) Validate() error {
if c.Disabled() {
return nil
}
if c.EnabledBearerAuth() && c.BearerToken == "" {
return fmt.Errorf("bearer token is required when bearer auth is enabled")
}
if c.EnabledBasicAuth() && c.Username == "" {
return fmt.Errorf("username is required when basic auth is enabled")
}
if c.EnabledTLS() && (c.Cert == "" || c.Key == "") {
return fmt.Errorf("cert and key are required when tls auth is enabled")
}
if c.EnabledOAuth() && (c.OauthTokenURI == "" || c.ClientID == "" || c.ClientSecret == "") {
return fmt.Errorf("oauthTokenURI, clientID and clientSecret are required when oauth is enabled")
}
if c.EnabledCustomAuth() && (c.CustomAuthHeader == "" || c.CustomAuthValue == "") {
return fmt.Errorf("customAuthHeader and customAuthValue are required when custom auth is enabled")
}
return nil
}

// ToAuthMeta converts the Config to deprecated AuthMeta
func (c *Config) ToAuthMeta() *AuthMeta {
if c.Disabled() {
return nil
}
return &AuthMeta{
// bearer auth
EnableBearerAuth: c.EnabledBearerAuth(),
BearerToken: c.BearerToken,

// basic auth
EnableBasicAuth: c.EnabledBasicAuth(),
Username: c.Username,
Password: c.Password,

// client certification
EnableTLS: c.EnabledTLS(),
Cert: c.Cert,
Key: c.Key,
CA: c.CA,

// oAuth2
EnableOAuth: c.EnabledOAuth(),
OauthTokenURI: c.OauthTokenURI,
Scopes: c.Scopes,
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
EndpointParams: c.EndpointParams,

// custom auth header
EnableCustomAuth: c.EnabledCustomAuth(),
CustomAuthHeader: c.CustomAuthHeader,
CustomAuthValue: c.CustomAuthValue,
}
}

type HTTPTransport struct {
MaxIdleConnDuration time.Duration
ReadTimeout time.Duration
Expand Down
Loading
Loading