Move skip_cert field from one of for backwards compatibility

Author: sergicastro

config/gen/go/v1/oidc/config.pb.go

@@ -200,13 +200,6 @@ message OIDCConfig {
     // The file path to the PEM-encoded certificate authority to trust when performing HTTPS calls to the OIDC Identity Provider.
     // Optional.
     string trusted_certificate_authority_file = 20;
-
-    // If set to true, the verification of the destination certificate will be skipped when
-    // making a request to the Token Endpoint. This option is useful when you want to use a
-    // self-signed certificate for testing purposes, but basically should not be set to true
-    // in any other cases.
-    // Optional.
-    google.protobuf.Value skip_verify_peer_cert = 18;
   }
 
   // The Authservice makes two kinds of direct network connections directly to the OIDC Provider.
@@ -228,5 +221,12 @@ message OIDCConfig {
   // When specified, the Authservice will use the configured Redis server to store session data.
   // Optional.
   RedisConfig redis_session_store_config = 16;
+
+  // If set to true, the verification of the destination certificate will be skipped when
+  // making a request to the Token Endpoint. This option is useful when you want to use a
+  // self-signed certificate for testing purposes, but basically should not be set to true
+  // in any other cases.
+  // Optional.
+  google.protobuf.Value skip_verify_peer_cert = 18; // keep this field out from the trusted_ca_config one of for backward compatibility.
 }
 

config/gen/go/v1/oidc/config.pb.validate.go

@@ -222,7 +222,8 @@ func TestLoadOIDC(t *testing.T) {
 								RedisSessionStoreConfig: &oidcv1.RedisConfig{ServerUri: "redis://localhost:6379/0"},
 								Scopes:                  []string{scopeOIDC},
 								Logout:                  &oidcv1.LogoutConfig{Path: "/logout", RedirectUri: "http://fake"},
-								TrustedCaConfig:         &oidcv1.OIDCConfig_SkipVerifyPeerCert{SkipVerifyPeerCert: structpb.NewBoolValue(true)},
+								TrustedCaConfig:         &oidcv1.OIDCConfig_TrustedCertificateAuthority{TrustedCertificateAuthority: "fake-ca-pem"},
+								SkipVerifyPeerCert:      structpb.NewBoolValue(true),
 							},
 						},
 					},

config/v1/oidc/config.proto

@@ -188,9 +188,7 @@ func TestDynamicJWKSProvider(t *testing.T) {
 					PeriodicFetchIntervalSec: 1,
 				},
 			},
-			TrustedCaConfig: &oidcv1.OIDCConfig_SkipVerifyPeerCert{
-				SkipVerifyPeerCert: structpb.NewBoolValue(true),
-			},
+			SkipVerifyPeerCert: structpb.NewBoolValue(true),
 		}
 
 		keys, err := cache.Get(context.Background(), config)

internal/config_test.go

@@ -33,7 +33,8 @@
             "jwks_fetcher": {
               "jwks_uri": "http://fake/jwks",
               "skip_verify_peer_cert": "true"
-            }
+            },
+            "trusted_certificate_authority": "fake-ca-pem"
           }
         }
       ]

internal/oidc/jwks_test.go

@@ -29,7 +29,8 @@
             "jwks_fetcher": {
               "jwks_uri": "http://fake/jwks",
               "skip_verify_peer_cert": "true"
-            }
+            },
+            "trusted_certificate_authority": "fake-ca-pem"
           }
         }
       ]

internal/testdata/oidc-override.json

@@ -66,7 +66,7 @@ func TestLoadTLSConfig(t *testing.T) {
 		},
 		{
 			name:     "skip verify config",
-			config:   &oidc.OIDCConfig{TrustedCaConfig: &oidc.OIDCConfig_SkipVerifyPeerCert{SkipVerifyPeerCert: structpb.NewBoolValue(true)}},
+			config:   &oidc.OIDCConfig{SkipVerifyPeerCert: structpb.NewBoolValue(true)},
 			wantTLS:  true,
 			wantSkip: true,
 		},