From 6703c9b41e4857dc078a266f9fc6cadd29e31391 Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Mon, 25 Nov 2024 16:53:33 +0000 Subject: [PATCH 1/3] Add PingOne options to override service hostnames --- cmd/platform/export.go | 7 +++ docs/tool-configuration/configuration-key.md | 2 + internal/commands/platform/export_internal.go | 23 +++++++++- internal/configuration/options/options.go | 4 ++ internal/configuration/services/pingone.go | 44 +++++++++++++++++++ internal/testing/testutils/utils.go | 10 +++++ .../testing/testutils_viper/viper_utils.go | 2 + 7 files changed, 91 insertions(+), 1 deletion(-) diff --git a/cmd/platform/export.go b/cmd/platform/export.go index 521f32ff..f19c51e4 100644 --- a/cmd/platform/export.go +++ b/cmd/platform/export.go @@ -79,6 +79,8 @@ func initPingOneExportFlags(cmd *cobra.Command) { cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerEnvironmentIDOption.Flag) cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientIDOption.Flag) cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientSecretOption.Flag) + cmd.Flags().AddFlag(options.PingOneAuthenticationServiceHostnameOption.Flag) + cmd.Flags().AddFlag(options.PingOneAPIServiceHostnameOption.Flag) cmd.Flags().AddFlag(options.PingOneRegionCodeOption.Flag) cmd.Flags().AddFlag(options.PingOneAuthenticationTypeOption.Flag) @@ -89,6 +91,11 @@ func initPingOneExportFlags(cmd *cobra.Command) { options.PingOneRegionCodeOption.CobraParamName, ) + cmd.MarkFlagsRequiredTogether( + options.PingOneAuthenticationServiceHostnameOption.CobraParamName, + options.PingOneAPIServiceHostnameOption.CobraParamName, + ) + } func initPingFederateGeneralFlags(cmd *cobra.Command) { diff --git a/docs/tool-configuration/configuration-key.md b/docs/tool-configuration/configuration-key.md index 50011f67..ca7139ca 100644 --- a/docs/tool-configuration/configuration-key.md +++ b/docs/tool-configuration/configuration-key.md @@ -28,6 +28,8 @@ The following parameters can be configured in Ping CLI's static configuration fi | service.pingfederate.httpsHost | ENUM_STRING | --pingfederate-https-host | The PingFederate HTTPS host used to communicate with PingFederate's admin API.

Example: `https://pingfederate-admin.bxretail.org` | | service.pingfederate.insecureTrustAllTLS | ENUM_BOOL | --pingfederate-insecure-trust-all-tls | Trust any certificate when connecting to the PingFederate server admin API.

This is insecure and should not be enabled outside of testing. | | service.pingfederate.xBypassExternalValidationHeader | ENUM_BOOL | --pingfederate-x-bypass-external-validation-header | Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate's admin API). | +| service.pingone.api.hostname | ENUM_STRING | --pingone-api-service-hostname | Override the service hostname for the PingOne management API. | +| service.pingone.authentication.hostname | ENUM_STRING | --pingone-auth-service-hostname | Override the service hostname used to authenticate to the PingOne management API. | | service.pingone.authentication.type | ENUM_PINGONE_AUTH_TYPE | --pingone-authentication-type | The authentication type to use to authenticate to the PingOne management API.

Options are: worker.

Example: `worker` | | service.pingone.authentication.worker.clientID | ENUM_UUID | --pingone-worker-client-id | The worker client ID used to authenticate to the PingOne management API. | | service.pingone.authentication.worker.clientSecret | ENUM_STRING | --pingone-worker-client-secret | The worker client secret used to authenticate to the PingOne management API. | diff --git a/internal/commands/platform/export_internal.go b/internal/commands/platform/export_internal.go index 67ddae83..36c07506 100644 --- a/internal/commands/platform/export_internal.go +++ b/internal/commands/platform/export_internal.go @@ -306,6 +306,14 @@ func initPingOneApiClient(ctx context.Context, pingcliVersion string) (err error if err != nil { return err } + authServiceHostname, err := profiles.GetOptionValue(options.PingOneAuthenticationServiceHostnameOption) + if err != nil { + return err + } + apiServiceHostname, err := profiles.GetOptionValue(options.PingOneAPIServiceHostnameOption) + if err != nil { + return err + } regionCode, err := profiles.GetOptionValue(options.PingOneRegionCodeOption) if err != nil { return err @@ -333,6 +341,14 @@ func initPingOneApiClient(ctx context.Context, pingcliVersion string) (err error UserAgentSuffix: &userAgent, } + if authServiceHostname != "" { + apiConfig.AuthHostnameOverride = &authServiceHostname + } + + if apiServiceHostname != "" { + apiConfig.APIHostnameOverride = &apiServiceHostname + } + pingoneApiClient, err = apiConfig.APIClient(ctx) if err != nil { return fmt.Errorf(`failed to initialize pingone API client. @@ -342,12 +358,17 @@ configuration values used for client initialization: worker client ID - %s worker client secret - %s worker environment ID - %s +auth service hostname override - %s +api service hostname override - %s pingone region - %s`, err, pingoneApiClientId, strings.Repeat("*", len(clientSecret)), environmentID, - regionCode) + authServiceHostname, + apiServiceHostname, + regionCode, + ) } return nil diff --git a/internal/configuration/options/options.go b/internal/configuration/options/options.go index 6bef857e..edb5affb 100644 --- a/internal/configuration/options/options.go +++ b/internal/configuration/options/options.go @@ -37,6 +37,8 @@ func Options() []Option { PingOneAuthenticationWorkerClientIDOption, PingOneAuthenticationWorkerClientSecretOption, PingOneAuthenticationWorkerEnvironmentIDOption, + PingOneAuthenticationServiceHostnameOption, + PingOneAPIServiceHostnameOption, PingOneRegionCodeOption, PlatformExportExportFormatOption, @@ -86,6 +88,8 @@ var ( PingOneAuthenticationTypeOption Option PingOneAuthenticationWorkerClientIDOption Option PingOneAuthenticationWorkerClientSecretOption Option + PingOneAuthenticationServiceHostnameOption Option + PingOneAPIServiceHostnameOption Option PingOneAuthenticationWorkerEnvironmentIDOption Option PingOneRegionCodeOption Option ) diff --git a/internal/configuration/services/pingone.go b/internal/configuration/services/pingone.go index 917d4ae9..8e0de1c4 100644 --- a/internal/configuration/services/pingone.go +++ b/internal/configuration/services/pingone.go @@ -14,6 +14,8 @@ func InitPingOneServiceOptions() { initAuthenticationWorkerClientIDOption() initAuthenticationWorkerClientSecretOption() initAuthenticationWorkerEnvironmentIDOption() + initAuthenticationServiceHostnameOption() + initAPIServiceHostnameOption() initRegionCodeOption() } @@ -82,6 +84,48 @@ func initAuthenticationWorkerEnvironmentIDOption() { } } +func initAuthenticationServiceHostnameOption() { + cobraParamName := "pingone-auth-service-hostname" + cobraValue := new(customtypes.String) + defaultValue := customtypes.String("") + envVar := "PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME" + + options.PingOneAuthenticationServiceHostnameOption = options.Option{ + CobraParamName: cobraParamName, + CobraParamValue: cobraValue, + DefaultValue: &defaultValue, + EnvVar: envVar, + Flag: &pflag.Flag{ + Name: cobraParamName, + Usage: "Override the service hostname used to authenticate to the PingOne management API.", + Value: cobraValue, + }, + Type: options.ENUM_STRING, + ViperKey: "service.pingone.authentication.hostname", + } +} + +func initAPIServiceHostnameOption() { + cobraParamName := "pingone-api-service-hostname" + cobraValue := new(customtypes.String) + defaultValue := customtypes.String("") + envVar := "PINGCLI_PINGONE_API_SERVICE_HOSTNAME" + + options.PingOneAPIServiceHostnameOption = options.Option{ + CobraParamName: cobraParamName, + CobraParamValue: cobraValue, + DefaultValue: &defaultValue, + EnvVar: envVar, + Flag: &pflag.Flag{ + Name: cobraParamName, + Usage: "Override the service hostname for the PingOne management API.", + Value: cobraValue, + }, + Type: options.ENUM_STRING, + ViperKey: "service.pingone.api.hostname", + } +} + func initPingOneAuthenticationTypeOption() { cobraParamName := "pingone-authentication-type" cobraValue := new(customtypes.PingOneAuthenticationType) diff --git a/internal/testing/testutils/utils.go b/internal/testing/testutils/utils.go index 2b6f3bac..5780aa4f 100644 --- a/internal/testing/testutils/utils.go +++ b/internal/testing/testutils/utils.go @@ -43,6 +43,8 @@ func GetPingOneClientInfo(t *testing.T) *connector.PingOneClientInfo { clientID := os.Getenv(options.PingOneAuthenticationWorkerClientIDOption.EnvVar) clientSecret := os.Getenv(options.PingOneAuthenticationWorkerClientSecretOption.EnvVar) environmentId := GetEnvironmentID() + authServiceHostname := os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar) + apiServiceHostname := os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar) regionCode := os.Getenv(options.PingOneRegionCodeOption.EnvVar) sdkRegionCode := management.EnumRegionCode(regionCode) @@ -57,6 +59,14 @@ func GetPingOneClientInfo(t *testing.T) *connector.PingOneClientInfo { RegionCode: &sdkRegionCode, } + if authServiceHostname != "" { + apiConfig.AuthHostnameOverride = &authServiceHostname + } + + if apiServiceHostname != "" { + apiConfig.APIHostnameOverride = &apiServiceHostname + } + // Make empty context for testing ctx := context.Background() diff --git a/internal/testing/testutils_viper/viper_utils.go b/internal/testing/testutils_viper/viper_utils.go index 7d28fcd8..79e54288 100644 --- a/internal/testing/testutils_viper/viper_utils.go +++ b/internal/testing/testutils_viper/viper_utils.go @@ -113,6 +113,8 @@ func getDefaultConfigFileContents() string { os.Getenv(options.PingOneAuthenticationWorkerClientIDOption.EnvVar), os.Getenv(options.PingOneAuthenticationWorkerClientSecretOption.EnvVar), os.Getenv(options.PingOneAuthenticationWorkerEnvironmentIDOption.EnvVar), + os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar), + os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar), os.Getenv(options.PingFederateAdminAPIPathOption.EnvVar), os.Getenv(options.PingFederateClientCredentialsAuthClientIDOption.EnvVar), os.Getenv(options.PingFederateClientCredentialsAuthClientSecretOption.EnvVar), From 281a17b25692169579100a585d998397fffd877b Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Fri, 28 Feb 2025 14:13:59 +0000 Subject: [PATCH 2/3] update config file testing --- internal/testing/testutils_viper/viper_utils.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/internal/testing/testutils_viper/viper_utils.go b/internal/testing/testutils_viper/viper_utils.go index 79e54288..e7de6ecb 100644 --- a/internal/testing/testutils_viper/viper_utils.go +++ b/internal/testing/testutils_viper/viper_utils.go @@ -27,8 +27,11 @@ default: service: pingone: regionCode: %s - authentication: - type: worker + api: + hostname: %s + authentication: + hostname: %s + type: worker worker: clientid: %s clientsecret: %s @@ -110,11 +113,11 @@ func getDefaultConfigFileContents() string { return fmt.Sprintf(defaultConfigFileContentsPattern, outputDirectoryReplacement, os.Getenv(options.PingOneRegionCodeOption.EnvVar), + os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar), + os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar), os.Getenv(options.PingOneAuthenticationWorkerClientIDOption.EnvVar), os.Getenv(options.PingOneAuthenticationWorkerClientSecretOption.EnvVar), os.Getenv(options.PingOneAuthenticationWorkerEnvironmentIDOption.EnvVar), - os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar), - os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar), os.Getenv(options.PingFederateAdminAPIPathOption.EnvVar), os.Getenv(options.PingFederateClientCredentialsAuthClientIDOption.EnvVar), os.Getenv(options.PingFederateClientCredentialsAuthClientSecretOption.EnvVar), From 24122d43649f1672a02f019699185edb1c54ef1b Mon Sep 17 00:00:00 2001 From: Patrick Cowland Date: Fri, 28 Feb 2025 14:19:52 +0000 Subject: [PATCH 3/3] update action --- .github/workflows/code-analysis-lint-test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/code-analysis-lint-test.yaml b/.github/workflows/code-analysis-lint-test.yaml index d21d3af6..85e4649e 100644 --- a/.github/workflows/code-analysis-lint-test.yaml +++ b/.github/workflows/code-analysis-lint-test.yaml @@ -124,6 +124,8 @@ jobs: runs-on: ubuntu-latest env: PING_IDENTITY_CONFIG: ${{ secrets.PING_IDENTITY_CONFIG }} + PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME: ${{ vars.PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME }} + PINGCLI_PINGONE_API_SERVICE_HOSTNAME: ${{ vars.PINGCLI_PINGONE_API_SERVICE_HOSTNAME }} PINGCLI_PINGONE_WORKER_CLIENT_ID: ${{ secrets.PINGCLI_PINGONE_WORKER_CLIENT_ID }} PINGCLI_PINGONE_WORKER_CLIENT_SECRET: ${{ secrets.PINGCLI_PINGONE_WORKER_CLIENT_SECRET }} PINGCLI_PINGONE_REGION_CODE: ${{ secrets.PINGCLI_PINGONE_REGION_CODE }}