streamnative · jiangpengcheng · Jun 19, 2024 · Jun 19, 2024 · Jun 19, 2024
@@ -33,4 +33,5 @@ jobs:
           image-ref: 'pulsarctl:latest'
           format: 'table'
           exit-code: '1'
-          severity: "MEDIUM,HIGH,CRITICAL"
+          severity: "MEDIUM,HIGH,CRITICAL"
+          vuln-type: "library"
@@ -18,12 +18,15 @@
 package context
 
 import (
+	"encoding/json"
+
 	"github.com/apache/pulsar-client-go/pulsaradmin/pkg/admin"
 	"github.com/spf13/pflag"
 
 	"github.com/streamnative/pulsarctl/pkg/bookkeeper"
 	"github.com/streamnative/pulsarctl/pkg/cmdutils"
 	"github.com/streamnative/pulsarctl/pkg/ctl/context/internal"
+	"github.com/streamnative/pulsarctl/pkg/oauth2"
 )
 
 func setContextCmd(vc *cmdutils.VerbCmd) {
@@ -158,6 +161,20 @@ func (o *createContextOptions) modifyContextConf(existingContext cmdutils.Contex
 	if f.Changed("tls-allow-insecure") {
 		modifiedAuth.TLSAllowInsecureConnection = o.flags.TLSAllowInsecureConnection
 	}
+	// try to parse the OAuth2 params and ignore the error
+	if f.Changed("auth-params") {
+		var paramsJSON oauth2.ClientCredentials
+		err := json.Unmarshal([]byte(o.flags.AuthParams), &paramsJSON)
+		// ignore the parse error
+		if err != nil {
+			return modifiedContext, modifiedAuth
+		}
+		modifiedAuth.IssuerEndpoint = paramsJSON.IssuerURL
+		modifiedAuth.Audience = paramsJSON.Audience
+		modifiedAuth.Scope = paramsJSON.Scope
+		modifiedAuth.KeyFile = paramsJSON.PrivateKey
+		modifiedAuth.ClientID = paramsJSON.ClientID
+	}
 	if f.Changed("issuer-endpoint") {
 		modifiedAuth.IssuerEndpoint = o.flags.IssuerEndpoint
 	}

@@ -75,3 +75,49 @@ func TestOauthConfiguration(t *testing.T) {
 	assert.Equal(t, "audience", config.Audience)
 	assert.Equal(t, "profile api://test-endpoint", config.Scope)
 }
+
+func TestParseOauthConfiguration(t *testing.T) {
+	home := utils.HomeDir()
+	path := fmt.Sprintf("%s/.config/pulsar/config", home)
+	defer os.Remove(path)
+
+	setOauthConfigArgs := []string{"set", "oauth",
+		"--auth-params",
+		"{\"audience\":\"audience\",\"issuerUrl\":\"https://test-endpoint\",\"privateKey\":\"/tmp/auth.json\"," +
+			"\"scope\":\"profile api://test-endpoint\",\"clientId\":\"clientid\"}",
+	}
+	_, execErr, err := TestConfigCommands(setContextCmd, setOauthConfigArgs)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+	assert.Nil(t, execErr)
+
+	config := cmdutils.LoadFromEnv()
+	assert.Equal(t, "https://test-endpoint", config.IssuerEndpoint)
+	assert.Equal(t, "clientid", config.ClientID)
+	assert.Equal(t, "audience", config.Audience)
+	assert.Equal(t, "profile api://test-endpoint", config.Scope)
+	assert.Equal(t, "/tmp/auth.json", config.KeyFile)
+}
+
+func TestParseWrongFormatOauthConfiguration(t *testing.T) {
+	home := utils.HomeDir()
+	path := fmt.Sprintf("%s/.config/pulsar/config", home)
+	defer os.Remove(path)
+
+	setOauthConfigArgs := []string{"set", "oauth",
+		"--auth-params", "wrong_format",
+	}
+	_, execErr, err := TestConfigCommands(setContextCmd, setOauthConfigArgs)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+	assert.Nil(t, execErr)
+
+	config := cmdutils.LoadFromEnv()
+	assert.Equal(t, "", config.IssuerEndpoint)
+	assert.Equal(t, "", config.ClientID)
+	assert.Equal(t, "", config.Audience)
+	assert.Equal(t, "", config.Scope)
+	assert.Equal(t, "", config.KeyFile)
+}