Parse the OIDC login URL

This commit is contained in:
Juan Font Alonso 2022-09-08 19:32:11 +02:00
parent 5f384c6323
commit f33e3e3b81

View file

@ -7,9 +7,11 @@ import (
"context" "context"
"crypto/tls" "crypto/tls"
"fmt" "fmt"
"io"
"log" "log"
"net" "net"
"net/http" "net/http"
"net/url"
"os" "os"
"path" "path"
"strings" "strings"
@ -237,7 +239,7 @@ oidc:
) )
for hostname, tailscale := range s.tailscales { for hostname, tailscale := range s.tailscales {
s.joinWaitGroup.Add(1) s.joinWaitGroup.Add(1)
go s.Join(headscaleEndpoint, hostname, tailscale) go s.AuthenticateOIDC(headscaleEndpoint, hostname, tailscale)
} }
s.joinWaitGroup.Wait() s.joinWaitGroup.Wait()
@ -247,12 +249,40 @@ oidc:
time.Sleep(60 * time.Second) time.Sleep(60 * time.Second)
} }
func (s *IntegrationOIDCTestSuite) Join( func (s *IntegrationOIDCTestSuite) AuthenticateOIDC(
endpoint, hostname string, endpoint, hostname string,
tailscale dockertest.Resource, tailscale dockertest.Resource,
) { ) {
defer s.joinWaitGroup.Done() defer s.joinWaitGroup.Done()
loginURL, err := s.joinOIDC(endpoint, hostname, tailscale)
if err != nil {
s.FailNow(fmt.Sprintf("Could not join OIDC node: %s", err), "")
}
insecureTransport := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: insecureTransport}
resp, err := client.Get(loginURL.String())
if err != nil {
s.FailNow(fmt.Sprintf("Could not get login page: %s", err), "")
}
// read the body
body, err := io.ReadAll(resp.Body)
if err != nil {
s.FailNow(fmt.Sprintf("Could not read login page: %s", err), "")
}
panic(string(body))
}
func (s *IntegrationOIDCTestSuite) joinOIDC(
endpoint, hostname string,
tailscale dockertest.Resource,
) (*url.URL, error) {
command := []string{ command := []string{
"tailscale", "tailscale",
"up", "up",
@ -264,19 +294,26 @@ func (s *IntegrationOIDCTestSuite) Join(
log.Println("Join command:", command) log.Println("Join command:", command)
log.Printf("Running join command for %s\n", hostname) log.Printf("Running join command for %s\n", hostname)
result, err := ExecuteCommand( result, _ := ExecuteCommand(
&tailscale, &tailscale,
command, command,
[]string{}, []string{},
) )
// https://github.com/tailscale/tailscale/blob/main/cmd/tailscale/cli/up.go#L584 // This piece of code just gets the login URL out of the output of the tailscale client.
url := strings.ReplaceAll(result, "\nTo authenticate, visit:\n\n\t", "") // See https://github.com/tailscale/tailscale/blob/main/cmd/tailscale/cli/up.go#L584.
url = strings.TrimSpace(url) urlStr := strings.ReplaceAll(result, "\nTo authenticate, visit:\n\n\t", "")
urlStr = strings.TrimSpace(urlStr)
log.Println(url) // parse URL
assert.Nil(s.T(), err) loginUrl, err := url.Parse(urlStr)
log.Printf("%s joined\n", hostname) if err != nil {
log.Printf("Could not parse login URL: %s", err)
log.Printf("Original join command result: %s", result)
return nil, err
}
return loginUrl, nil
} }
func (s *IntegrationOIDCTestSuite) tailscaleContainer( func (s *IntegrationOIDCTestSuite) tailscaleContainer(