-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfig.go
91 lines (72 loc) · 2.47 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package saramakeycloak
import (
"net/url"
"time"
"github.com/pkg/errors"
"go.uber.org/zap"
)
const (
defaultRefreshThreshold = 10 * time.Second
defaultKeycloakTimeout = 2 * time.Second
defaultKeycloakRetryInterval = 100 * time.Millisecond
)
var (
errorInvalidHostPort = errors.New("keycloak hostport is invalid")
errorInvalidCredentials = errors.New("clientID & clientSecret must be specified")
errorInvalidRealm = errors.New("realm must be specified")
errInvalidRefreshThreshold = errors.New("refresh threshold must be positive")
errInvalidKeycloakTimeout = errors.New("keycloak timeout must be positive")
errInvalidKeycloakRetryInterval = errors.New("keycloak timeout must be positive")
)
// Config defines configuration for Provider.
type Config struct {
// KeycloakHostPort is address where keyacloak is running.
KeycloakHostPort string
// KeycloakTimeout defines timeouts for keycloak requests.
KeycloakTimeout time.Duration
// KeycloakRetryInterval defines retry interval between login / refresh attempts.
KeycloakRetryInterval time.Duration
ClientID string // ClientID is an OpenID client identifier.
ClientSecret string // ClientSecret is an OpenID client secret.
Realm string // Realm used to authenticate in.
// RefreshThreshold specifies period before expiration when it will be refreshed.
// If token TTL is 300s and RefreshThreshold is 5s then it will be refreshed after 295s.
// It used to avoid situations when valid token is passed to Kafka, but when Kafka performs authorization it can expire because of TTL.
RefreshThreshold time.Duration
Logger *zap.Logger
}
func (c *Config) applyDefaults() {
if c.RefreshThreshold == 0 {
c.RefreshThreshold = defaultRefreshThreshold
}
if c.KeycloakTimeout == 0 {
c.KeycloakTimeout = defaultKeycloakTimeout
}
if c.KeycloakRetryInterval == 0 {
c.KeycloakRetryInterval = defaultKeycloakRetryInterval
}
if c.Logger == nil {
c.Logger = zap.NewNop()
}
}
func (c Config) validate() error {
if c.ClientID == "" || c.ClientSecret == "" {
return errorInvalidCredentials
}
if c.Realm == "" {
return errorInvalidRealm
}
if u, err := url.Parse(c.KeycloakHostPort); err != nil || u.Host == "" {
return errorInvalidHostPort
}
if c.RefreshThreshold < 0 {
return errInvalidRefreshThreshold
}
if c.KeycloakTimeout < 0 {
return errInvalidKeycloakTimeout
}
if c.KeycloakRetryInterval < 0 {
return errInvalidKeycloakRetryInterval
}
return nil
}