Skip to content

feat: create oauth2 auth trigger, integrate it with rabbitmq scaler #7454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
KyriosGN0 wants to merge 12 commits into
base: main
Choose a base branch
from
+490 −6
Open

feat: create oauth2 auth trigger, integrate it with rabbitmq scaler #7454

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
3fa0f14
feat: create oauth2 auth trigger, integrate it with rabbitmq scaler
KyriosGN0 Feb 14, 2026
0c78649
updated scaler-schema
KyriosGN0 Feb 14, 2026
4becebf
update changelog
KyriosGN0 Feb 14, 2026
25a5824
fix changelog and manifests
KyriosGN0 Feb 14, 2026
b86e6df
fix changelog
KyriosGN0 Feb 14, 2026
5b5e87b
fix changelog
KyriosGN0 Feb 14, 2026
762a4ef
fix changelog
KyriosGN0 Feb 14, 2026
f6aae97
fix changelog
KyriosGN0 Feb 14, 2026
14e506f
Update CHANGELOG.md
KyriosGN0 Feb 16, 2026
97459bb
remove unrelated changes
KyriosGN0 Feb 25, 2026
1dbc20b
remove unrelated changes
KyriosGN0 Feb 25, 2026
58982c4
remove unrelated changes
KyriosGN0 Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ run:
concurrency: 4
# add the build tags to include e2e tests files
build-tags:
- e2e
- e2e
modules-download-mode: vendor
linters:
default: none
Expand Down Expand Up @@ -57,28 +57,32 @@ linters:
# Exclude for utils packages with meaningful package names
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: pkg/metricsservice/utils/tls.go
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: pkg/scalers/openstack/utils/serviceTypes.go
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: controllers/keda/util/string_lists.go
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: controllers/keda/util/finalizer.go
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: controllers/keda/util/predicate.go
- linters:
- revive
text: 'var-naming: avoid meaningless package names'
text: "var-naming: avoid meaningless package names"
path: pkg/util/
- linters:
- revive
text: "var-naming: avoid package names that conflict with Go standard library package names"
path: version/version.go
- linters:
- gocyclo
path: scalers_builder.go
Expand All @@ -99,10 +103,10 @@ linters:
# https://github.com/go-critic/go-critic/issues/926
- linters:
- gocritic
text: 'unnecessaryDefer:'
text: "unnecessaryDefer:"
- linters:
- staticcheck
text: 'ST1000:'
text: "ST1000:"
# The call to autorest.Send() in scalers/azure_app_insights.go is marked as not closing the response body. However, autorest.DoCloseIfError()
# and autorest.ByClosing() should ensure that the response body is closed.
- linters:
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio

### Improvements

- **RabbitMQ Scaler**: Add support for authentication to HTTP Rabbitmq with OAuth2 ([#7379](https://github.com/kedacore/keda/issues/7379))
- TODO ([#XXX](https://github.com/kedacore/keda/issues/XXX))

### Fixes
Expand Down
30 changes: 30 additions & 0 deletions apis/keda/v1alpha1/triggerauthentication_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,9 @@ type TriggerAuthenticationSpec struct {

// +optional
BoundServiceAccountToken []BoundServiceAccountToken `json:"boundServiceAccountToken,omitempty"`

// +optional
OAuth2 *OAuth2 `json:"oauth2,omitempty"`
}

// TriggerAuthenticationStatus defines the observed state of TriggerAuthentication
Expand Down Expand Up @@ -397,6 +400,33 @@ type BoundServiceAccountToken struct {
ServiceAccountName string `json:"serviceAccountName"`
}

type OAuth2 struct {
// +kubebuilder:validation:Enum=clientCredentials
Type OAuth2GrantType `json:"type"`

ClientID string `json:"clientId"`

ClientSecret OAuth2ClientSecret `json:"clientSecret"`

TokenURL string `json:"tokenUrl"`

// +optional
Scopes []string `json:"scopes,omitempty"`

// +optional
TokenURLParams map[string]string `json:"tokenUrlParams,omitempty"`
}

type OAuth2GrantType string

const (
OAuth2GrantTypeClientCredentials OAuth2GrantType = "clientCredentials"
)

type OAuth2ClientSecret struct {
ValueFrom ValueFromSecret `json:"valueFrom"`
}

func init() {
SchemeBuilder.Register(&ClusterTriggerAuthentication{}, &ClusterTriggerAuthenticationList{})
SchemeBuilder.Register(&TriggerAuthentication{}, &TriggerAuthenticationList{})
Expand Down
30 changes: 30 additions & 0 deletions apis/keda/v1alpha1/triggerauthentication_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"encoding/json"
"fmt"
"net/url"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
Expand Down Expand Up @@ -199,5 +200,34 @@ func validateSpec(spec *TriggerAuthenticationSpec) (admission.Warnings, error) {
return nil, nil
}
}

if spec.OAuth2 != nil {
oauth2 := spec.OAuth2

if oauth2.Type != OAuth2GrantTypeClientCredentials {
return nil, fmt.Errorf("oauth2.type must be 'clientCredentials', got '%s'", oauth2.Type)
}

if oauth2.ClientID == "" {
return nil, fmt.Errorf("oauth2.clientId is required when oauth2 is configured")
}

if oauth2.TokenURL == "" {
return nil, fmt.Errorf("oauth2.tokenUrl is required when oauth2 is configured")
}

if oauth2.ClientSecret.ValueFrom.SecretKeyRef.Name == "" {
return nil, fmt.Errorf("oauth2.clientSecret.valueFrom.secretKeyRef.name is required")
}

if oauth2.ClientSecret.ValueFrom.SecretKeyRef.Key == "" {
return nil, fmt.Errorf("oauth2.clientSecret.valueFrom.secretKeyRef.key is required")
}

if _, err := url.Parse(oauth2.TokenURL); err != nil {
return nil, fmt.Errorf("oauth2.tokenUrl must be a valid URL: %w", err)
}
}

return nil, nil
}
49 changes: 49 additions & 0 deletions apis/keda/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

44 changes: 44 additions & 0 deletions config/crd/bases/keda.sh_clustertriggerauthentications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -512,6 +512,50 @@ spec:
- authentication
- secrets
type: object
oauth2:
properties:
clientId:
type: string
clientSecret:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
scopes:
items:
type: string
type: array
tokenUrl:
type: string
tokenUrlParams:
additionalProperties:
type: string
type: object
type:
enum:
- clientCredentials
type: string
required:
- clientId
- clientSecret
- tokenUrl
- type
type: object
podIdentity:
description: |-
AuthPodIdentity allows users to select the platform native identity
Expand Down
44 changes: 44 additions & 0 deletions config/crd/bases/keda.sh_triggerauthentications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,50 @@ spec:
- authentication
- secrets
type: object
oauth2:
properties:
clientId:
type: string
clientSecret:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
scopes:
items:
type: string
type: array
tokenUrl:
type: string
tokenUrlParams:
additionalProperties:
type: string
type: object
type:
enum:
- clientCredentials
type: string
required:
- clientId
- clientSecret
- tokenUrl
- type
type: object
podIdentity:
description: |-
AuthPodIdentity allows users to select the platform native identity
Expand Down
2 changes: 1 addition & 1 deletion pkg/metricsservice/api/metrics.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/metricsservice/api/metrics_grpc.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/scalers/externalscaler/externalscaler.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/scalers/externalscaler/externalscaler_grpc.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/scalers/liiklus/LiiklusService.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/scalers/liiklus/LiiklusService_grpc.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading