rebase to latest main

Author: nacx

config/gen/go/v1/config.pb.go

@@ -21,7 +21,7 @@ import (
 )
 
 // BoolStrValue returns the bool value of a structpb.Value.
-// It expects the input to be a structpb.Value of type string ot bool that
+// It expects the input to be a structpb.Value of type string or bool that
 // represents a boolean value.
 // This method is a convenience method for backwards-compatibility with the
 // previous versions of the authservice.

config/gen/go/v1/mock/config.pb.go

@@ -1,3 +1,17 @@
+// Copyright 2024 Tetrate
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package internal
 
 import (

config/gen/go/v1/oidc/config.pb.go

@@ -222,7 +222,7 @@ func TestLoadOIDC(t *testing.T) {
 								RedisSessionStoreConfig: &oidcv1.RedisConfig{ServerUri: "redis://localhost:6379/0"},
 								Scopes:                  []string{scopeOIDC},
 								Logout:                  &oidcv1.LogoutConfig{Path: "/logout", RedirectUri: "http://fake"},
-								SkipVerifyPeerCert:      structpb.NewBoolValue(true),
+								TrustedCaConfig:         &oidcv1.OIDCConfig_SkipVerifyPeerCert{SkipVerifyPeerCert: structpb.NewBoolValue(true)},
 							},
 						},
 					},

internal/boolstr.go

@@ -30,6 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/tetratelabs/run"
 	"github.com/tetratelabs/telemetry"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	oidcv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/oidc"
 )
@@ -188,7 +189,7 @@ func TestDynamicJWKSProvider(t *testing.T) {
 				},
 			},
 			TrustedCaConfig: &oidcv1.OIDCConfig_SkipVerifyPeerCert{
-				SkipVerifyPeerCert: true,
+				SkipVerifyPeerCert: structpb.NewBoolValue(true),
 			},
 		}
 

internal/boolstr_test.go

@@ -20,6 +20,8 @@ import (
 	"errors"
 	"fmt"
 	"os"
+
+	"google.golang.org/protobuf/types/known/structpb"
 )
 
 // TLSConfig is an interface for the TLS configuration of the AuthService.
@@ -29,7 +31,7 @@ type TLSConfig interface {
 	// GetTrustedCertificateAuthorityFile returns the path to the trusted certificate authority file.
 	GetTrustedCertificateAuthorityFile() string
 	// GetSkipVerifyPeerCert returns whether to skip verification of the peer certificate.
-	GetSkipVerifyPeerCert() bool
+	GetSkipVerifyPeerCert() *structpb.Value
 }
 
 // LoadTLSConfig loads a TLS configuration from the given TLSConfig.
@@ -39,20 +41,16 @@ func LoadTLSConfig(config TLSConfig) (*tls.Config, error) {
 	// Load the trusted CA PEM from the config
 	var ca []byte
 	switch {
-
 	case config.GetTrustedCertificateAuthority() != "":
 		ca = []byte(config.GetTrustedCertificateAuthority())
-
 	case config.GetTrustedCertificateAuthorityFile() != "":
 		var err error
 		ca, err = os.ReadFile(config.GetTrustedCertificateAuthorityFile())
 		if err != nil {
 			return nil, fmt.Errorf("error reading trusted CA file: %w", err)
 		}
-
-	case config.GetSkipVerifyPeerCert():
-		tlsConfig.InsecureSkipVerify = true
-
+	case config.GetSkipVerifyPeerCert() != nil:
+		tlsConfig.InsecureSkipVerify = BoolStrValue(config.GetSkipVerifyPeerCert())
 	default:
 		// No CA or skip verification, return nil TLS config
 		return nil, nil

internal/config_test.go

@@ -19,6 +19,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/tetrateio/authservice-go/config/gen/go/v1/oidc"
 )
@@ -65,7 +66,7 @@ func TestLoadTLSConfig(t *testing.T) {
 		},
 		{
 			name:     "skip verify config",
-			config:   &oidc.OIDCConfig{TrustedCaConfig: &oidc.OIDCConfig_SkipVerifyPeerCert{SkipVerifyPeerCert: true}},
+			config:   &oidc.OIDCConfig{TrustedCaConfig: &oidc.OIDCConfig_SkipVerifyPeerCert{SkipVerifyPeerCert: structpb.NewBoolValue(true)}},
 			wantTLS:  true,
 			wantSkip: true,
 		},